Recurring Trojan.Agent.DL and WindowsLiveUpdate.exe

[AndyP888]

Hi,

AVG resident shield has been picking up a recurrent trojan in the following location:

C:\Users\Andrea\AppData\Roaming\MCommon\WindowLiveUpdate.exe

At the same time there is an insertion into the registry at:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\WindowsLiveUpdate.exe

After removal by AVG it appears again virtually on a daily basis - has been going on for 3 weeks now.

AVG detects it as Trojan horse Agent4.BZG.

After upgrading my MBAM to Pro, it detects the same virus as Trojan.Agent.DL in the same 2 locations, upon performing a full scan. AVG RS no longer seems to pick it up automatically when it reappears since I installed MBAM Pro.

I have followed 2 recent MBAM forum posts by people who seem to have had almost identical problems and can see they appear to have both been resolved after several days of expert advice and effort by a couple of the advisors on this site, and I would much appreciate similar help.

Thank you in advance.

Attached are the dds reports:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2

Run by Andrea at 5:54:26 on 2013-02-27

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12279.8408 [GMT 11:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe

C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe

C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com.au/

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q={searchTerms}

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"

uRun: [FMCore.exe] "C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" -standalone

uRun: [90A4488B45C50C9049F387EB11B9ACF449011272._service_run] "C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe

uRun: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] "C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe

mRun: [GBMPro8Agent] C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Andrea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

TCP: NameServer = 211.31.138.11 211.29.132.12 198.142.0.51

TCP: Interfaces\{A1FBE589-2F81-419A-A041-8586B735EF2B} : DHCPNameServer = 211.31.138.11 211.29.132.12 198.142.0.51

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\sl89vjk1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\sl89vjk1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2012-11-14 10:54; hotfix@mozilla.org; C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 10

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-7-1 293416]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-6-29 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-4 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-25 682344]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-27 115216]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-18 74256]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-18 13328]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-19 24176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-27 344680]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-21 102368]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-21 1038088]

S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-13 44480]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-21 203104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-6 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== File Associations ===============

.

FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-02-25 19:39:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 13:44:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 12:40:11 -------- d-----w- C:\ProgramData\ALM

2013-02-21 12:30:05 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2013-02-21 12:04:26 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2013-02-21 11:57:59 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2013-02-19 09:01:28 -------- d-sh--w- C:\$RECYCLE.BIN

2013-02-19 08:50:46 98816 ----a-w- C:\Windows\sed.exe

2013-02-19 08:50:46 256000 ----a-w- C:\Windows\PEV.exe

2013-02-19 08:50:46 208896 ----a-w- C:\Windows\MBR.exe

2013-02-17 11:14:03 -------- d-----w- C:\_OTL

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-14 16:03:19 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 16:03:19 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 16:00:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-02-13 22:52:05 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 22:52:04 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 22:52:04 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 22:52:01 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 22:52:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 22:52:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 22:52:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 22:52:00 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 22:52:00 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 22:52:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 22:51:59 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 22:51:59 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-02-25 19:39:27 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-25 19:39:27 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-15 05:34:22 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-15 05:34:22 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 05:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-13 02:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-12-13 02:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 5:54:44.04 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 27/06/2011 9:05:46 AM

System Uptime: 26/02/2013 9:46:23 PM (8 hours ago)

.

Motherboard: MSI | | X58A-GD45 (MS-7522)

Processor: Intel® Core™ i7 CPU 960 @ 3.20GHz | CPU 1 | 2400/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 328.949 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 362.492 GiB free.

E: is CDROM ()

G: is Removable

K: is FIXED (NTFS) - 932 GiB total, 216.995 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP222: 22/12/2012 3:00:10 AM - Windows Update

RP223: 29/12/2012 1:49:33 PM - Scheduled Checkpoint

RP224: 6/01/2013 12:21:46 AM - Scheduled Checkpoint

RP225: 10/01/2013 3:01:34 AM - Windows Update

RP226: 18/01/2013 8:23:12 AM - Scheduled Checkpoint

RP227: 21/01/2013 10:24:18 PM - Installed Samsung Kies

RP228: 29/01/2013 6:58:33 PM - Scheduled Checkpoint

RP229: 6/02/2013 7:06:09 AM - Scheduled Checkpoint

RP230: 14/02/2013 12:12:56 AM - Scheduled Checkpoint

RP231: 15/02/2013 3:00:20 AM - Windows Update

RP232: 17/02/2013 9:04:42 PM - Pre virus removal

RP233: 19/02/2013 7:51:07 PM - ComboFix created restore point

RP234: 26/02/2013 6:38:43 AM - Installed Java 7 Update 15

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Master Collection

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe Dynamiclink Support

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe InDesign CS4 Icon Handler x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Photoshop Lightroom 3 64-bit

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader 64-bit fixes

Adobe Reader X (10.1.6)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe Shockwave Player 11.6

Adobe SING CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AMD Drag and Drop Transcoding

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

AVG 2013

Belarc Advisor 8.2

Bonjour

Bulk Rename Utility 2.7.1.2

calibre

Canon CanoScan Toolbox 5.0

CanoScan LiDE 600F

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDDRV_Installer

Connect

Crystal Reports for .NET Framework 2.0 (x86)

D3DX10

Data Converter

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DVD Shrink 3.2

erLT

Extensis Suitcase Fusion 3

ExtractNow

Free Launch Bar 64-bit Edition

Garmin ANT Agent

Garmin Communicator Plugin

Garmin USB Drivers

Genie Backup Manager Pro 8.0

Google Chrome

Google Drive

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Color LaserJet CP1210 Series

HP Color LaserJet CP1210 Series Toolbox

HP LaserJet Toolbox

HP Update

HPSSupply

HydraVision

iCloud

ImagXpress

ImgBurn

iTunes

Java 7 Update 15

Java Auto Updater

JavaFX 2.1.1

K-Lite Codec Pack 4.0.0 (Full)

KhalInstallWrapper

kuler

Logitech SetPoint

LogMeIn

Malwarebytes Anti-Malware version 1.70.0.1100

marvell 91xx driver

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Report Viewer Redistributable 2008 (KB971118)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Sync Framework 2.1 Core Components (x86) ENU

Microsoft Sync Framework 2.1 Database Providers (x86) ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Movie Maker

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Netscape Navigator (9.0.0.6)

Noise Ninja 2.0.2

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

ObjectDock Plus 2

Ovi Desktop Sync Engine

OviMPlatform

PC Connectivity Solution

PDF Settings CS4

Photo Common

Photo Gallery

Photocopier 3.03

Photoshop Camera Raw

Photoshop Camera Raw_x64

Pixel Bender Toolkit

PowerISO

Quicken 2012

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Safari

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SnagIt 8

Stardock Software

Suite Shared Configuration CS4

swMSM

UltraMon

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Windows 7 USB/DVD Download Tool

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinZip 15.0

WMV9/VC-1 Video Playback

.

==== Event Viewer Messages From Past Week ========

.

26/02/2013 9:46:57 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

24/02/2013 8:36:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

24/02/2013 8:36:22 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

24/02/2013 8:36:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

24/02/2013 12:44:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

24/02/2013 12:43:09 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

24/02/2013 12:42:42 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

20/02/2013 9:56:17 AM, Error: volsnap [36] - The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

[Maurice Naggar]

Hello Andy and welcome to MalwareBytes forums.

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Do NOT press any Fix button.
  
• Exit/Close RogueKiller

[AndyP888]

Hello Maurice, thank you so much for your valuable help.

Rogue Killer report follows:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Andrea [Admin rights]

Mode : Scan -- Date : 02/27/2013 06:53:44

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-001CA0 SCSI Disk Device +++++

--- User ---

[MBR] 437d257980b79f4a3d644bc3aa1ed804

[bSP] 593e24f78f99d27763e9596add4d6218 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: ST310005 24AS SCSI Disk Device +++++

--- User ---

[MBR] 1e3b7774ee0c563d7bc57cf492012242

[bSP] d9aefbc3d137f5ed88268f1e18992500 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_02272013_02d0653.txt >>

RKreport[1]_S_02272013_02d0653.txt

[Maurice Naggar]

These steps are for member AndyP888 only. If you are a casual viewer, do NOT try this on your system!

If you are not AndyP888 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: ( we want to delete only these lines that follow)
  [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
  [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
  [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
  [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
  
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Step 3

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

[AndyP888]

Rogue Killer Reports:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Andrea [Admin rights]

Mode : Scan -- Date : 02/27/2013 07:45:30

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-001CA0 SCSI Disk Device +++++

--- User ---

[MBR] 437d257980b79f4a3d644bc3aa1ed804

[bSP] 593e24f78f99d27763e9596add4d6218 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: ST310005 24AS SCSI Disk Device +++++

--- User ---

[MBR] 1e3b7774ee0c563d7bc57cf492012242

[bSP] d9aefbc3d137f5ed88268f1e18992500 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2]_S_02272013_02d0745.txt >>

RKreport[1]_S_02272013_02d0653.txt ; RKreport[2]_S_02272013_02d0745.txt

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Andrea [Admin rights]

Mode : Remove -- Date : 02/27/2013 07:48:23

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00AAKX-001CA0 SCSI Disk Device +++++

--- User ---

[MBR] 437d257980b79f4a3d644bc3aa1ed804

[bSP] 593e24f78f99d27763e9596add4d6218 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive1: ST310005 24AS SCSI Disk Device +++++

--- User ---

[MBR] 1e3b7774ee0c563d7bc57cf492012242

[bSP] d9aefbc3d137f5ed88268f1e18992500 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_D_02272013_02d0748.txt >>

RKreport[1]_S_02272013_02d0653.txt ; RKreport[2]_S_02272013_02d0745.txt ; RKreport[3]_D_02272013_02d0748.txt

[AndyP888]

RKill report:

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/27/2013 08:06:27 AM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 3336) [WD-HEUR]

* C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 3420) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.

* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 02/27/2013 08:06:43 AM

Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

[AndyP888]

Latest MBAM log:

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.26.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Andrea :: PAGEGRAFIX-PC [administrator]

Protection: Enabled

27/02/2013 8:09:34 AM

mbam-log-2013-02-27 (08-09-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP |

PUM

Scan options disabled: P2P

Objects scanned: 224454

Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[AndyP888]

At the moment, all seems quiet with the system, thank you Maurice. Should I just wait and monitor things to see if the problem reoccurs, or are there more steps I should take?

[Maurice Naggar]

Andy,

Be advised that you in "likely" risk of identity theft !

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Do NOT do any websurfing or anything online, other than going to this forum or to websites I guide you to.

Treat this computer as if it is in quarantine / isolation.

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member AndyP888 only. If you are a casual viewer, do NOT try this on your system!

If you are not AndyP888 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Step 1

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 2

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 3

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[AndyP888]

Thank you again for your help Maurice, this is obviously a very serious threat and I would love to know how it got through my anti-virus protection. I was very concerned about your warnings that I may be subject to identity theft, and I have changed all my critical passwords.

I am curious that 2 other members who were recently helped with seemingly this same trojan were not given the same warnings... is my infection different or have there been recent upgrades to the seriousness of it?

After running TDSSKiller and Combofix, which didn't appear to detect anything at this stage, I am having difficulty connecting to the internet so I am posting via my son's laptop.

I am also getting constant permission requests to run certain things now, which I wasn't before.

TDSSKiller log:

19:34:39.0809 0832 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:34:41.0519 0832 ============================================================

19:34:41.0519 0832 Current date / time: 2013/02/27 19:34:41.0519

19:34:41.0519 0832 SystemInfo:

19:34:41.0519 0832

19:34:41.0519 0832 OS Version: 6.1.7601 ServicePack: 1.0

19:34:41.0519 0832 Product type: Workstation

19:34:41.0519 0832 ComputerName: PAGEGRAFIX-PC

19:34:41.0519 0832 UserName: Andrea

19:34:41.0519 0832 Windows directory: C:\Windows

19:34:41.0519 0832 System windows directory: C:\Windows

19:34:41.0519 0832 Running under WOW64

19:34:41.0519 0832 Processor architecture: Intel x64

19:34:41.0519 0832 Number of processors: 8

19:34:41.0519 0832 Page size: 0x1000

19:34:41.0519 0832 Boot type: Normal boot

19:34:41.0519 0832 ============================================================

19:34:48.0908 0832 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048

19:34:48.0916 0832 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048

19:34:49.0453 0832 Drive \Device\Harddisk2\DR2 - Size: 0x1D63C0000 (7.35 Gb), SectorSize: 0x1000, Cylinders: 0x77, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

19:34:49.0457 0832 ============================================================

19:34:49.0457 0832 \Device\Harddisk0\DR0:

19:34:49.0458 0832 MBR partitions:

19:34:49.0458 0832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

19:34:49.0458 0832 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

19:34:49.0458 0832 \Device\Harddisk1\DR1:

19:34:49.0482 0832 MBR partitions:

19:34:49.0482 0832 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

19:34:49.0482 0832 \Device\Harddisk2\DR2:

19:34:49.0482 0832 MBR partitions:

19:34:49.0482 0832 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1D637F

19:34:49.0482 0832 ============================================================

19:34:49.0513 0832 C: <-> \Device\Harddisk0\DR0\Partition2

19:34:49.0534 0832 D: <-> \Device\Harddisk1\DR1\Partition1

19:34:49.0534 0832 ============================================================

19:34:49.0534 0832 Initialize success

19:34:49.0534 0832 ============================================================

19:35:02.0152 7740 ============================================================

19:35:02.0152 7740 Scan started

19:35:02.0152 7740 Mode: Manual;

19:35:02.0152 7740 ============================================================

19:35:02.0745 7740 ================ Scan system memory ========================

19:35:02.0745 7740 System memory - ok

19:35:02.0745 7740 ================ Scan services =============================

19:35:02.0854 7740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys

19:35:02.0854 7740 1394ohci - ok

19:35:02.0870 7740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

19:35:02.0870 7740 ACPI - ok

19:35:02.0901 7740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

19:35:02.0901 7740 AcpiPmi - ok

19:35:02.0932 7740 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys

19:35:02.0948 7740 adfs - ok

19:35:03.0041 7740 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:35:03.0041 7740 AdobeARMservice - ok

19:35:03.0150 7740 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:35:03.0150 7740 AdobeFlashPlayerUpdateSvc - ok

19:35:03.0197 7740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

19:35:03.0197 7740 adp94xx - ok

19:35:03.0228 7740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

19:35:03.0228 7740 adpahci - ok

19:35:03.0260 7740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

19:35:03.0260 7740 adpu320 - ok

19:35:03.0291 7740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

19:35:03.0291 7740 AeLookupSvc - ok

19:35:03.0338 7740 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

19:35:03.0338 7740 AFD - ok

19:35:03.0353 7740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

19:35:03.0369 7740 agp440 - ok

19:35:03.0369 7740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

19:35:03.0369 7740 ALG - ok

19:35:03.0384 7740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

19:35:03.0384 7740 aliide - ok

19:35:03.0416 7740 [ A359974EAAC83A435497C52F62A2E590 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

19:35:03.0416 7740 AMD External Events Utility - ok

19:35:03.0431 7740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

19:35:03.0431 7740 amdide - ok

19:35:03.0447 7740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

19:35:03.0447 7740 AmdK8 - ok

19:35:03.0681 7740 [ 60216B0E704584DE6D5A9F59E9C34C47 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

19:35:03.0852 7740 amdkmdag - ok

19:35:03.0884 7740 [ 6B4E9261B613B047A9A145F328889968 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

19:35:03.0884 7740 amdkmdap - ok

19:35:03.0884 7740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

19:35:03.0884 7740 AmdPPM - ok

19:35:03.0930 7740 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

19:35:03.0930 7740 amdsata - ok

19:35:03.0946 7740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

19:35:03.0946 7740 amdsbs - ok

19:35:03.0962 7740 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

19:35:03.0962 7740 amdxata - ok

19:35:03.0977 7740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

19:35:03.0977 7740 AppID - ok

19:35:03.0993 7740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

19:35:04.0008 7740 AppIDSvc - ok

19:35:04.0008 7740 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

19:35:04.0008 7740 Appinfo - ok

19:35:04.0102 7740 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:35:04.0102 7740 Apple Mobile Device - ok

19:35:04.0149 7740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

19:35:04.0149 7740 arc - ok

19:35:04.0164 7740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

19:35:04.0164 7740 arcsas - ok

19:35:04.0258 7740 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

19:35:04.0258 7740 aspnet_state - ok

19:35:04.0274 7740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

19:35:04.0274 7740 AsyncMac - ok

19:35:04.0305 7740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

19:35:04.0320 7740 atapi - ok

19:35:04.0367 7740 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

19:35:04.0367 7740 AtiHDAudioService - ok

19:35:04.0398 7740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:35:04.0414 7740 AudioEndpointBuilder - ok

19:35:04.0430 7740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

19:35:04.0430 7740 AudioSrv - ok

19:35:04.0570 7740 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

19:35:04.0601 7740 AVGIDSAgent - ok

19:35:04.0617 7740 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys

19:35:04.0632 7740 AVGIDSDriver - ok

19:35:04.0664 7740 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys

19:35:04.0664 7740 AVGIDSHA - ok

19:35:04.0679 7740 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys

19:35:04.0679 7740 Avgldx64 - ok

19:35:04.0710 7740 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys

19:35:04.0710 7740 Avgloga - ok

19:35:04.0726 7740 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys

19:35:04.0726 7740 Avgmfx64 - ok

19:35:04.0757 7740 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys

19:35:04.0757 7740 Avgrkx64 - ok

19:35:04.0788 7740 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys

19:35:04.0788 7740 Avgtdia - ok

19:35:04.0820 7740 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

19:35:04.0820 7740 avgwd - ok

19:35:04.0851 7740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

19:35:04.0851 7740 AxInstSV - ok

19:35:04.0882 7740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

19:35:04.0898 7740 b06bdrv - ok

19:35:04.0929 7740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

19:35:04.0929 7740 b57nd60a - ok

19:35:04.0944 7740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

19:35:04.0944 7740 BDESVC - ok

19:35:04.0960 7740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

19:35:04.0960 7740 Beep - ok

19:35:05.0007 7740 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

19:35:05.0022 7740 BFE - ok

19:35:05.0054 7740 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

19:35:05.0054 7740 BITS - ok

19:35:05.0069 7740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

19:35:05.0069 7740 blbdrive - ok

19:35:05.0147 7740 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:35:05.0163 7740 Bonjour Service - ok

19:35:05.0178 7740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

19:35:05.0178 7740 bowser - ok

19:35:05.0210 7740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

19:35:05.0210 7740 BrFiltLo - ok

19:35:05.0210 7740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

19:35:05.0225 7740 BrFiltUp - ok

19:35:05.0241 7740 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

19:35:05.0241 7740 BridgeMP - ok

19:35:05.0288 7740 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

19:35:05.0288 7740 Browser - ok

19:35:05.0288 7740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

19:35:05.0288 7740 Brserid - ok

19:35:05.0288 7740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

19:35:05.0303 7740 BrSerWdm - ok

19:35:05.0303 7740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

19:35:05.0303 7740 BrUsbMdm - ok

19:35:05.0303 7740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

19:35:05.0303 7740 BrUsbSer - ok

19:35:05.0319 7740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

19:35:05.0319 7740 BTHMODEM - ok

19:35:05.0350 7740 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

19:35:05.0366 7740 BTHPORT - ok

19:35:05.0412 7740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

19:35:05.0412 7740 bthserv - ok

19:35:05.0444 7740 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

19:35:05.0444 7740 BTHUSB - ok

19:35:05.0459 7740 catchme - ok

19:35:05.0490 7740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

19:35:05.0490 7740 cdfs - ok

19:35:05.0522 7740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

19:35:05.0522 7740 cdrom - ok

19:35:05.0553 7740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

19:35:05.0553 7740 CertPropSvc - ok

19:35:05.0568 7740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

19:35:05.0568 7740 circlass - ok

19:35:05.0584 7740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

19:35:05.0600 7740 CLFS - ok

19:35:05.0662 7740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:35:05.0662 7740 clr_optimization_v2.0.50727_32 - ok

19:35:05.0709 7740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:35:05.0709 7740 clr_optimization_v2.0.50727_64 - ok

19:35:05.0771 7740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:35:05.0771 7740 clr_optimization_v4.0.30319_32 - ok

19:35:05.0802 7740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:35:05.0802 7740 clr_optimization_v4.0.30319_64 - ok

19:35:05.0834 7740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

19:35:05.0834 7740 CmBatt - ok

19:35:05.0849 7740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

19:35:05.0849 7740 cmdide - ok

19:35:05.0880 7740 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

19:35:05.0880 7740 CNG - ok

19:35:05.0880 7740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

19:35:05.0880 7740 Compbatt - ok

19:35:05.0912 7740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

19:35:05.0912 7740 CompositeBus - ok

19:35:05.0927 7740 COMSysApp - ok

19:35:05.0927 7740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

19:35:05.0927 7740 crcdisk - ok

19:35:05.0974 7740 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

19:35:05.0974 7740 CryptSvc - ok

19:35:06.0005 7740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

19:35:06.0005 7740 DcomLaunch - ok

19:35:06.0036 7740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

19:35:06.0036 7740 defragsvc - ok

19:35:06.0052 7740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

19:35:06.0052 7740 DfsC - ok

19:35:06.0068 7740 dgderdrv - ok

19:35:06.0099 7740 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

19:35:06.0114 7740 dg_ssudbus - ok

19:35:06.0130 7740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

19:35:06.0146 7740 Dhcp - ok

19:35:06.0161 7740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

19:35:06.0161 7740 discache - ok

19:35:06.0208 7740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

19:35:06.0208 7740 Disk - ok

19:35:06.0239 7740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

19:35:06.0239 7740 Dnscache - ok

19:35:06.0255 7740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

19:35:06.0255 7740 dot3svc - ok

19:35:06.0270 7740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

19:35:06.0270 7740 DPS - ok

19:35:06.0317 7740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

19:35:06.0317 7740 drmkaud - ok

19:35:06.0348 7740 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

19:35:06.0348 7740 DXGKrnl - ok

19:35:06.0380 7740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

19:35:06.0380 7740 EapHost - ok

19:35:06.0442 7740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

19:35:06.0489 7740 ebdrv - ok

19:35:06.0536 7740 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

19:35:06.0536 7740 EFS - ok

19:35:06.0583 7740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

19:35:06.0598 7740 ehRecvr - ok

19:35:06.0614 7740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

19:35:06.0614 7740 ehSched - ok

19:35:06.0661 7740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

19:35:06.0676 7740 elxstor - ok

19:35:06.0692 7740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

19:35:06.0692 7740 ErrDev - ok

19:35:06.0723 7740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

19:35:06.0723 7740 EventSystem - ok

19:35:06.0754 7740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

19:35:06.0754 7740 exfat - ok

19:35:06.0770 7740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

19:35:06.0770 7740 fastfat - ok

19:35:06.0785 7740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

19:35:06.0801 7740 Fax - ok

19:35:06.0817 7740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

19:35:06.0817 7740 fdc - ok

19:35:06.0848 7740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

19:35:06.0848 7740 fdPHost - ok

19:35:06.0848 7740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

19:35:06.0848 7740 FDResPub - ok

19:35:06.0895 7740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

19:35:06.0895 7740 FileInfo - ok

19:35:06.0895 7740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

19:35:06.0895 7740 Filetrace - ok

19:35:06.0957 7740 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

19:35:06.0957 7740 FLEXnet Licensing Service - ok

19:35:07.0004 7740 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

19:35:07.0019 7740 FLEXnet Licensing Service 64 - ok

19:35:07.0051 7740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

19:35:07.0051 7740 flpydisk - ok

19:35:07.0066 7740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

19:35:07.0066 7740 FltMgr - ok

19:35:07.0113 7740 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

19:35:07.0144 7740 FontCache - ok

19:35:07.0175 7740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:35:07.0191 7740 FontCache3.0.0.0 - ok

19:35:07.0191 7740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

19:35:07.0191 7740 FsDepends - ok

19:35:07.0222 7740 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

19:35:07.0222 7740 Fs_Rec - ok

19:35:07.0253 7740 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

19:35:07.0253 7740 fvevol - ok

19:35:07.0285 7740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

19:35:07.0285 7740 gagp30kx - ok

19:35:07.0347 7740 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:35:07.0347 7740 GEARAspiWDM - ok

19:35:07.0378 7740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

19:35:07.0378 7740 gpsvc - ok

19:35:07.0487 7740 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:35:07.0487 7740 gupdate - ok

19:35:07.0503 7740 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:35:07.0503 7740 gupdatem - ok

19:35:07.0550 7740 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:35:07.0550 7740 gusvc - ok

19:35:07.0565 7740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

19:35:07.0565 7740 hcw85cir - ok

19:35:07.0597 7740 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:35:07.0612 7740 HdAudAddService - ok

19:35:07.0628 7740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

19:35:07.0628 7740 HDAudBus - ok

19:35:07.0628 7740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

19:35:07.0628 7740 HidBatt - ok

19:35:07.0643 7740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

19:35:07.0643 7740 HidBth - ok

19:35:07.0659 7740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

19:35:07.0659 7740 HidIr - ok

19:35:07.0675 7740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

19:35:07.0675 7740 hidserv - ok

19:35:07.0706 7740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

19:35:07.0706 7740 HidUsb - ok

19:35:07.0737 7740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

19:35:07.0737 7740 hkmsvc - ok

19:35:07.0768 7740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:35:07.0768 7740 HomeGroupListener - ok

19:35:07.0799 7740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:35:07.0799 7740 HomeGroupProvider - ok

19:35:07.0815 7740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

19:35:07.0815 7740 HpSAMD - ok

19:35:07.0846 7740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

19:35:07.0862 7740 HTTP - ok

19:35:07.0877 7740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

19:35:07.0877 7740 hwpolicy - ok

19:35:07.0893 7740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

19:35:07.0893 7740 i8042prt - ok

19:35:07.0924 7740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

19:35:07.0924 7740 iaStorV - ok

19:35:08.0002 7740 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

19:35:08.0002 7740 IDriverT - ok

19:35:08.0033 7740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:35:08.0049 7740 idsvc - ok

19:35:08.0065 7740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

19:35:08.0065 7740 iirsp - ok

19:35:08.0096 7740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

19:35:08.0111 7740 IKEEXT - ok

19:35:08.0174 7740 [ E8017F1662D9142F45CEAB694D013C00 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

19:35:08.0189 7740 IntcAzAudAddService - ok

19:35:08.0205 7740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

19:35:08.0205 7740 intelide - ok

19:35:08.0221 7740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

19:35:08.0221 7740 intelppm - ok

19:35:08.0236 7740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

19:35:08.0236 7740 IPBusEnum - ok

19:35:08.0252 7740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:35:08.0252 7740 IpFilterDriver - ok

19:35:08.0299 7740 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

19:35:08.0299 7740 iphlpsvc - ok

19:35:08.0314 7740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

19:35:08.0314 7740 IPMIDRV - ok

19:35:08.0314 7740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

19:35:08.0314 7740 IPNAT - ok

19:35:08.0408 7740 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:35:08.0408 7740 iPod Service - ok

19:35:08.0423 7740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

19:35:08.0423 7740 IRENUM - ok

19:35:08.0455 7740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

19:35:08.0455 7740 isapnp - ok

19:35:08.0470 7740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

19:35:08.0470 7740 iScsiPrt - ok

19:35:08.0501 7740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

19:35:08.0501 7740 kbdclass - ok

19:35:08.0517 7740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

19:35:08.0517 7740 kbdhid - ok

19:35:08.0517 7740 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

19:35:08.0517 7740 KeyIso - ok

19:35:08.0548 7740 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

19:35:08.0548 7740 KSecDD - ok

19:35:08.0564 7740 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

19:35:08.0564 7740 KSecPkg - ok

19:35:08.0564 7740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

19:35:08.0579 7740 ksthunk - ok

19:35:08.0595 7740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

19:35:08.0595 7740 KtmRm - ok

19:35:08.0642 7740 [ F33C5D79D3273530E1892A0922283A7B ] L8042Kbd C:\Windows\system32\DRIVERS\L8042Kbd.sys

19:35:08.0642 7740 L8042Kbd - ok

19:35:08.0689 7740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

19:35:08.0689 7740 LanmanServer - ok

19:35:08.0720 7740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:35:08.0720 7740 LanmanWorkstation - ok

19:35:08.0751 7740 [ 88E52495B47C67126B510AF53FDB0BC7 ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

19:35:08.0751 7740 LBTServ - ok

19:35:08.0782 7740 [ BECBD7CD46776B8739EE18061F45A581 ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

19:35:08.0782 7740 LEqdUsb - ok

19:35:08.0813 7740 [ 21D6BD7D62C270059EB8E2B1D4095880 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

19:35:08.0813 7740 LHidEqd - ok

19:35:08.0829 7740 [ B6552D382FF070B4ED34CBD6737277C0 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

19:35:08.0829 7740 LHidFilt - ok

19:35:08.0860 7740 [ 02538E602280C07438C94489DCBE77D5 ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys

19:35:08.0876 7740 libusb0 - ok

19:35:08.0891 7740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

19:35:08.0891 7740 lltdio - ok

19:35:08.0923 7740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

19:35:08.0923 7740 lltdsvc - ok

19:35:08.0954 7740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

19:35:08.0954 7740 lmhosts - ok

19:35:09.0001 7740 [ DCC0C4BD277E7EE0CD171D7499A55035 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

19:35:09.0016 7740 LMIGuardianSvc - ok

19:35:09.0032 7740 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys

19:35:09.0032 7740 LMIInfo - ok

19:35:09.0047 7740 [ 31CC13EFA3568BFA60F9302E643E3F94 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

19:35:09.0047 7740 LMIMaint - ok

19:35:09.0063 7740 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

19:35:09.0063 7740 lmimirr - ok

19:35:09.0079 7740 LMIRfsClientNP - ok

19:35:09.0094 7740 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

19:35:09.0094 7740 LMIRfsDriver - ok

19:35:09.0125 7740 [ 73C1F563AB73D459DFFE682D66476558 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

19:35:09.0125 7740 LMouFilt - ok

19:35:09.0157 7740 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

19:35:09.0157 7740 LogMeIn - ok

19:35:09.0188 7740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

19:35:09.0188 7740 LSI_FC - ok

19:35:09.0219 7740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

19:35:09.0219 7740 LSI_SAS - ok

19:35:09.0235 7740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

19:35:09.0235 7740 LSI_SAS2 - ok

19:35:09.0250 7740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

19:35:09.0250 7740 LSI_SCSI - ok

19:35:09.0266 7740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

19:35:09.0266 7740 luafv - ok

19:35:09.0313 7740 [ 9D9714E78EAC9E5368208649489C920E ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys

19:35:09.0313 7740 LUsbFilt - ok

19:35:09.0359 7740 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

19:35:09.0359 7740 MBAMProtector - ok

19:35:09.0437 7740 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

19:35:09.0437 7740 MBAMScheduler - ok

19:35:09.0453 7740 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

19:35:09.0453 7740 MBAMService - ok

19:35:09.0484 7740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

19:35:09.0484 7740 Mcx2Svc - ok

19:35:09.0500 7740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

19:35:09.0500 7740 megasas - ok

19:35:09.0531 7740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

19:35:09.0531 7740 MegaSR - ok

19:35:09.0562 7740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

19:35:09.0562 7740 MMCSS - ok

19:35:09.0578 7740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

19:35:09.0578 7740 Modem - ok

19:35:09.0609 7740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

19:35:09.0609 7740 monitor - ok

19:35:09.0625 7740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

19:35:09.0625 7740 mouclass - ok

19:35:09.0656 7740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

19:35:09.0656 7740 mouhid - ok

19:35:09.0671 7740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

19:35:09.0671 7740 mountmgr - ok

19:35:09.0718 7740 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

19:35:09.0718 7740 MozillaMaintenance - ok

19:35:09.0734 7740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

19:35:09.0734 7740 mpio - ok

19:35:09.0749 7740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

19:35:09.0749 7740 mpsdrv - ok

19:35:09.0781 7740 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

19:35:09.0781 7740 MpsSvc - ok

19:35:09.0796 7740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

19:35:09.0796 7740 MRxDAV - ok

19:35:09.0827 7740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

19:35:09.0827 7740 mrxsmb - ok

19:35:09.0859 7740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:35:09.0859 7740 mrxsmb10 - ok

19:35:09.0874 7740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:35:09.0874 7740 mrxsmb20 - ok

19:35:09.0890 7740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

19:35:09.0890 7740 msahci - ok

19:35:09.0905 7740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

19:35:09.0905 7740 msdsm - ok

19:35:09.0921 7740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

19:35:09.0921 7740 MSDTC - ok

19:35:09.0952 7740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

19:35:09.0952 7740 Msfs - ok

19:35:09.0968 7740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

19:35:09.0968 7740 mshidkmdf - ok

19:35:09.0983 7740 MSICDSetup - ok

19:35:10.0015 7740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

19:35:10.0015 7740 msisadrv - ok

19:35:10.0046 7740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

19:35:10.0046 7740 MSiSCSI - ok

19:35:10.0046 7740 msiserver - ok

19:35:10.0061 7740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

19:35:10.0061 7740 MSKSSRV - ok

19:35:10.0077 7740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

19:35:10.0077 7740 MSPCLOCK - ok

19:35:10.0093 7740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

19:35:10.0093 7740 MSPQM - ok

19:35:10.0108 7740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

19:35:10.0108 7740 MsRPC - ok

19:35:10.0124 7740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

19:35:10.0124 7740 mssmbios - ok

19:35:10.0139 7740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

19:35:10.0139 7740 MSTEE - ok

19:35:10.0155 7740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

19:35:10.0155 7740 MTConfig - ok

19:35:10.0171 7740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

19:35:10.0171 7740 Mup - ok

19:35:10.0202 7740 [ C752AB67A50F921622FE65725D1F6856 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys

19:35:10.0202 7740 mv91xx - ok

19:35:10.0233 7740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

19:35:10.0233 7740 napagent - ok

19:35:10.0264 7740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

19:35:10.0280 7740 NativeWifiP - ok

19:35:10.0311 7740 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

19:35:10.0311 7740 NDIS - ok

19:35:10.0342 7740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

19:35:10.0342 7740 NdisCap - ok

19:35:10.0358 7740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

19:35:10.0358 7740 NdisTapi - ok

19:35:10.0373 7740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

19:35:10.0373 7740 Ndisuio - ok

19:35:10.0389 7740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

19:35:10.0389 7740 NdisWan - ok

19:35:10.0389 7740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

19:35:10.0405 7740 NDProxy - ok

19:35:10.0405 7740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

19:35:10.0405 7740 NetBIOS - ok

19:35:10.0420 7740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

19:35:10.0420 7740 NetBT - ok

19:35:10.0436 7740 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

19:35:10.0436 7740 Netlogon - ok

19:35:10.0483 7740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

19:35:10.0483 7740 Netman - ok

19:35:10.0514 7740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:35:10.0514 7740 NetMsmqActivator - ok

19:35:10.0529 7740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:35:10.0529 7740 NetPipeActivator - ok

19:35:10.0545 7740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

19:35:10.0545 7740 netprofm - ok

19:35:10.0561 7740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:35:10.0561 7740 NetTcpActivator - ok

19:35:10.0561 7740 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

19:35:10.0561 7740 NetTcpPortSharing - ok

19:35:10.0592 7740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

19:35:10.0592 7740 nfrd960 - ok

19:35:10.0623 7740 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

19:35:10.0623 7740 NlaSvc - ok

19:35:10.0670 7740 [ 88F2F2CB9FAEE2E14BCCF384F4C88061 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys

19:35:10.0670 7740 nmwcd - ok

19:35:10.0701 7740 [ 31C1FAC4AE14FB2F8771C59BA3F90BAD ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys

19:35:10.0701 7740 nmwcdc - ok

19:35:10.0717 7740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

19:35:10.0717 7740 Npfs - ok

19:35:10.0732 7740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

19:35:10.0732 7740 nsi - ok

19:35:10.0748 7740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

19:35:10.0748 7740 nsiproxy - ok

19:35:10.0810 7740 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

19:35:10.0826 7740 Ntfs - ok

19:35:10.0826 7740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

19:35:10.0826 7740 Null - ok

19:35:10.0857 7740 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

19:35:10.0857 7740 nusb3hub - ok

19:35:10.0888 7740 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

19:35:10.0888 7740 nusb3xhc - ok

19:35:10.0919 7740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

19:35:10.0935 7740 nvraid - ok

19:35:10.0966 7740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

19:35:10.0966 7740 nvstor - ok

19:35:10.0982 7740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

19:35:10.0982 7740 nv_agp - ok

19:35:10.0982 7740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

19:35:10.0982 7740 ohci1394 - ok

19:35:11.0044 7740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:35:11.0044 7740 ose - ok

19:35:11.0169 7740 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:35:11.0185 7740 osppsvc - ok

19:35:11.0200 7740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

19:35:11.0200 7740 p2pimsvc - ok

19:35:11.0216 7740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

19:35:11.0231 7740 p2psvc - ok

19:35:11.0247 7740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

19:35:11.0247 7740 Parport - ok

19:35:11.0263 7740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

19:35:11.0278 7740 partmgr - ok

19:35:11.0278 7740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

19:35:11.0294 7740 PcaSvc - ok

19:35:11.0325 7740 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys

19:35:11.0325 7740 pccsmcfd - ok

19:35:11.0356 7740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

19:35:11.0356 7740 pci - ok

19:35:11.0372 7740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

19:35:11.0372 7740 pciide - ok

19:35:11.0387 7740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

19:35:11.0387 7740 pcmcia - ok

19:35:11.0387 7740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

19:35:11.0387 7740 pcw - ok

19:35:11.0403 7740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

19:35:11.0403 7740 PEAUTH - ok

19:35:11.0450 7740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

19:35:11.0450 7740 PerfHost - ok

19:35:11.0497 7740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

19:35:11.0528 7740 pla - ok

19:35:11.0590 7740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

19:35:11.0590 7740 PlugPlay - ok

19:35:11.0606 7740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

19:35:11.0606 7740 PNRPAutoReg - ok

19:35:11.0621 7740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

19:35:11.0621 7740 PNRPsvc - ok

19:35:11.0653 7740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

19:35:11.0653 7740 PolicyAgent - ok

19:35:11.0668 7740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

19:35:11.0684 7740 Power - ok

19:35:11.0715 7740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

19:35:11.0715 7740 PptpMiniport - ok

19:35:11.0731 7740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

19:35:11.0731 7740 Processor - ok

19:35:11.0762 7740 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

19:35:11.0762 7740 ProfSvc - ok

19:35:11.0777 7740 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:35:11.0777 7740 ProtectedStorage - ok

19:35:11.0793 7740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

19:35:11.0793 7740 Psched - ok

19:35:11.0840 7740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

19:35:11.0855 7740 ql2300 - ok

19:35:11.0902 7740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

19:35:11.0902 7740 ql40xx - ok

19:35:11.0933 7740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

19:35:11.0933 7740 QWAVE - ok

19:35:11.0933 7740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

19:35:11.0949 7740 QWAVEdrv - ok

19:35:11.0965 7740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

19:35:11.0965 7740 RasAcd - ok

19:35:11.0980 7740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

19:35:11.0996 7740 RasAgileVpn - ok

19:35:11.0996 7740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

19:35:11.0996 7740 RasAuto - ok

19:35:12.0011 7740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

19:35:12.0011 7740 Rasl2tp - ok

19:35:12.0043 7740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

19:35:12.0043 7740 RasMan - ok

19:35:12.0058 7740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

19:35:12.0058 7740 RasPppoe - ok

19:35:12.0089 7740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

19:35:12.0089 7740 RasSstp - ok

19:35:12.0105 7740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

19:35:12.0105 7740 rdbss - ok

19:35:12.0136 7740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

19:35:12.0136 7740 rdpbus - ok

19:35:12.0152 7740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

19:35:12.0152 7740 RDPCDD - ok

19:35:12.0167 7740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

19:35:12.0167 7740 RDPENCDD - ok

19:35:12.0183 7740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

19:35:12.0183 7740 RDPREFMP - ok

19:35:12.0214 7740 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

19:35:12.0214 7740 RDPWD - ok

19:35:12.0245 7740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

19:35:12.0245 7740 rdyboost - ok

19:35:12.0261 7740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

19:35:12.0277 7740 RemoteAccess - ok

19:35:12.0292 7740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

19:35:12.0292 7740 RemoteRegistry - ok

19:35:12.0308 7740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

19:35:12.0308 7740 RpcEptMapper - ok

19:35:12.0339 7740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

19:35:12.0339 7740 RpcLocator - ok

19:35:12.0355 7740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

19:35:12.0355 7740 RpcSs - ok

19:35:12.0401 7740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

19:35:12.0401 7740 rspndr - ok

19:35:12.0433 7740 [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

19:35:12.0448 7740 RTL8167 - ok

19:35:12.0464 7740 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

19:35:12.0464 7740 SamSs - ok

19:35:12.0464 7740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

19:35:12.0464 7740 sbp2port - ok

19:35:12.0495 7740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

19:35:12.0495 7740 SCardSvr - ok

19:35:12.0542 7740 [ 9C9DF6D9A604178DDCDD703846F6CCEC ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

19:35:12.0542 7740 SCDEmu - ok

19:35:12.0557 7740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

19:35:12.0557 7740 scfilter - ok

19:35:12.0589 7740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

19:35:12.0604 7740 Schedule - ok

19:35:12.0635 7740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

19:35:12.0635 7740 SCPolicySvc - ok

19:35:12.0651 7740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

19:35:12.0651 7740 SDRSVC - ok

19:35:12.0682 7740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

19:35:12.0682 7740 secdrv - ok

19:35:12.0698 7740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

19:35:12.0698 7740 seclogon - ok

19:35:12.0729 7740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

19:35:12.0729 7740 SENS - ok

19:35:12.0729 7740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

19:35:12.0729 7740 SensrSvc - ok

19:35:12.0760 7740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

19:35:12.0760 7740 Serenum - ok

19:35:12.0791 7740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

19:35:12.0791 7740 Serial - ok

19:35:12.0823 7740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

19:35:12.0823 7740 sermouse - ok

19:35:12.0901 7740 [ 8C1F87F5FDD92229D1754B98F073913F ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

19:35:12.0901 7740 ServiceLayer - ok

19:35:12.0947 7740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

19:35:12.0947 7740 SessionEnv - ok

19:35:12.0963 7740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

19:35:12.0963 7740 sffdisk - ok

19:35:12.0963 7740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

19:35:12.0963 7740 sffp_mmc - ok

19:35:12.0963 7740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

19:35:12.0963 7740 sffp_sd - ok

19:35:12.0963 7740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

19:35:12.0963 7740 sfloppy - ok

19:35:12.0994 7740 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

19:35:12.0994 7740 SharedAccess - ok

19:35:13.0010 7740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:35:13.0025 7740 ShellHWDetection - ok

19:35:13.0025 7740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

19:35:13.0025 7740 SiSRaid2 - ok

19:35:13.0057 7740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

19:35:13.0057 7740 SiSRaid4 - ok

19:35:13.0072 7740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

19:35:13.0072 7740 Smb - ok

19:35:13.0103 7740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

19:35:13.0103 7740 SNMPTRAP - ok

19:35:13.0119 7740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

19:35:13.0119 7740 spldr - ok

19:35:13.0150 7740 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

19:35:13.0150 7740 Spooler - ok

19:35:13.0213 7740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

19:35:13.0275 7740 sppsvc - ok

19:35:13.0306 7740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

19:35:13.0306 7740 sppuinotify - ok

19:35:13.0337 7740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

19:35:13.0337 7740 srv - ok

19:35:13.0353 7740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

19:35:13.0369 7740 srv2 - ok

19:35:13.0400 7740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

19:35:13.0400 7740 srvnet - ok

19:35:13.0415 7740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

19:35:13.0415 7740 SSDPSRV - ok

19:35:13.0431 7740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

19:35:13.0431 7740 SstpSvc - ok

19:35:13.0478 7740 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

19:35:13.0478 7740 ssudmdm - ok

19:35:13.0493 7740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

19:35:13.0493 7740 stexstor - ok

19:35:13.0525 7740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

19:35:13.0525 7740 stisvc - ok

19:35:13.0540 7740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

19:35:13.0540 7740 swenum - ok

19:35:13.0556 7740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

19:35:13.0556 7740 swprv - ok

19:35:13.0618 7740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

19:35:13.0634 7740 SysMain - ok

19:35:13.0634 7740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:35:13.0634 7740 TabletInputService - ok

19:35:13.0649 7740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

19:35:13.0649 7740 TapiSrv - ok

19:35:13.0665 7740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

19:35:13.0665 7740 TBS - ok

19:35:13.0712 7740 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

19:35:13.0727 7740 Tcpip - ok

19:35:13.0774 7740 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

19:35:13.0790 7740 TCPIP6 - ok

19:35:13.0821 7740 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

19:35:13.0821 7740 tcpipreg - ok

19:35:13.0852 7740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

19:35:13.0852 7740 TDPIPE - ok

19:35:13.0883 7740 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

19:35:13.0883 7740 TDTCP - ok

19:35:13.0915 7740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

19:35:13.0915 7740 tdx - ok

19:35:13.0930 7740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

19:35:13.0930 7740 TermDD - ok

19:35:13.0961 7740 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

19:35:13.0961 7740 TermService - ok

19:35:13.0977 7740 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

19:35:13.0977 7740 Themes - ok

19:35:13.0993 7740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

19:35:13.0993 7740 THREADORDER - ok

19:35:14.0008 7740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

19:35:14.0008 7740 TrkWks - ok

19:35:14.0055 7740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:35:14.0055 7740 TrustedInstaller - ok

19:35:14.0071 7740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

19:35:14.0071 7740 tssecsrv - ok

19:35:14.0086 7740 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

19:35:14.0086 7740 TsUsbFlt - ok

19:35:14.0117 7740 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

19:35:14.0117 7740 TsUsbGD - ok

19:35:14.0133 7740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

19:35:14.0133 7740 tunnel - ok

19:35:14.0133 7740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

19:35:14.0133 7740 uagp35 - ok

19:35:14.0149 7740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

19:35:14.0164 7740 udfs - ok

19:35:14.0180 7740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

19:35:14.0180 7740 UI0Detect - ok

19:35:14.0195 7740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

19:35:14.0195 7740 uliagpkx - ok

19:35:14.0242 7740 [ 694BCF23662F97D987CF4C6739C35F8B ] UltraMonUtility C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys

19:35:14.0242 7740 UltraMonUtility - ok

19:35:14.0258 7740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

19:35:14.0258 7740 umbus - ok

19:35:14.0273 7740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

19:35:14.0289 7740 UmPass - ok

19:35:14.0305 7740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

19:35:14.0305 7740 upnphost - ok

19:35:14.0351 7740 [ FBD861E69E1F583BEC906FCD04E4F84E ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

19:35:14.0351 7740 upperdev - ok

19:35:14.0367 7740 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

19:35:14.0383 7740 USBAAPL64 - ok

19:35:14.0398 7740 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

19:35:14.0398 7740 usbccgp - ok

19:35:14.0414 7740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

19:35:14.0414 7740 usbcir - ok

19:35:14.0445 7740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

19:35:14.0445 7740 usbehci - ok

19:35:14.0461 7740 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

19:35:14.0461 7740 usbhub - ok

19:35:14.0476 7740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

19:35:14.0476 7740 usbohci - ok

19:35:14.0492 7740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

19:35:14.0492 7740 usbprint - ok

19:35:14.0539 7740 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

19:35:14.0539 7740 usbscan - ok

19:35:14.0554 7740 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys

19:35:14.0554 7740 usbser - ok

19:35:14.0585 7740 [ 0FBB0080B287BBCBF5C7076E3D74A35C ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys

19:35:14.0585 7740 UsbserFilt - ok

19:35:14.0617 7740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:35:14.0617 7740 USBSTOR - ok

19:35:14.0632 7740 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

19:35:14.0632 7740 usbuhci - ok

19:35:14.0648 7740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

19:35:14.0663 7740 UxSms - ok

19:35:14.0679 7740 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

19:35:14.0679 7740 VaultSvc - ok

19:35:14.0710 7740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

19:35:14.0710 7740 vdrvroot - ok

19:35:14.0726 7740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

19:35:14.0726 7740 vds - ok

19:35:14.0741 7740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

19:35:14.0757 7740 vga - ok

19:35:14.0757 7740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

19:35:14.0757 7740 VgaSave - ok

19:35:14.0788 7740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

19:35:14.0788 7740 vhdmp - ok

19:35:14.0788 7740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

19:35:14.0804 7740 viaide - ok

19:35:14.0819 7740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

19:35:14.0819 7740 volmgr - ok

19:35:14.0835 7740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

19:35:14.0835 7740 volmgrx - ok

19:35:14.0851 7740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

19:35:14.0851 7740 volsnap - ok

19:35:14.0882 7740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

19:35:14.0882 7740 vsmraid - ok

19:35:14.0929 7740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

19:35:14.0960 7740 VSS - ok

19:35:14.0975 7740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

19:35:14.0975 7740 vwifibus - ok

19:35:15.0007 7740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

19:35:15.0007 7740 W32Time - ok

19:35:15.0022 7740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

19:35:15.0022 7740 WacomPen - ok

19:35:15.0038 7740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

19:35:15.0038 7740 WANARP - ok

19:35:15.0053 7740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

19:35:15.0053 7740 Wanarpv6 - ok

19:35:15.0116 7740 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

19:35:15.0131 7740 WatAdminSvc - ok

19:35:15.0178 7740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

19:35:15.0194 7740 wbengine - ok

19:35:15.0225 7740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

19:35:15.0241 7740 WbioSrvc - ok

19:35:15.0241 7740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

19:35:15.0256 7740 wcncsvc - ok

19:35:15.0287 7740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:35:15.0287 7740 WcsPlugInService - ok

19:35:15.0303 7740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

19:35:15.0319 7740 Wd - ok

19:35:15.0350 7740 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

19:35:15.0365 7740 WDC_SAM - ok

19:35:15.0397 7740 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

19:35:15.0397 7740 Wdf01000 - ok

19:35:15.0412 7740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

19:35:15.0412 7740 WdiServiceHost - ok

19:35:15.0412 7740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

19:35:15.0428 7740 WdiSystemHost - ok

19:35:15.0428 7740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

19:35:15.0443 7740 WebClient - ok

19:35:15.0459 7740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

19:35:15.0459 7740 Wecsvc - ok

19:35:15.0475 7740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

19:35:15.0475 7740 wercplsupport - ok

19:35:15.0490 7740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

19:35:15.0506 7740 WerSvc - ok

19:35:15.0537 7740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

19:35:15.0537 7740 WfpLwf - ok

19:35:15.0568 7740 WimFltr - ok

19:35:15.0584 7740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

19:35:15.0584 7740 WIMMount - ok

19:35:15.0599 7740 WinDefend - ok

19:35:15.0615 7740 WinHttpAutoProxySvc - ok

19:35:15.0677 7740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

19:35:15.0677 7740 Winmgmt - ok

19:35:15.0724 7740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

19:35:15.0771 7740 WinRM - ok

19:35:15.0833 7740 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

19:35:15.0833 7740 WinUsb - ok

19:35:15.0865 7740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

19:35:15.0880 7740 Wlansvc - ok

19:35:15.0958 7740 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

19:35:15.0974 7740 wlidsvc - ok

19:35:16.0005 7740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

19:35:16.0005 7740 WmiAcpi - ok

19:35:16.0036 7740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

19:35:16.0036 7740 wmiApSrv - ok

19:35:16.0052 7740 WMPNetworkSvc - ok

19:35:16.0067 7740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

19:35:16.0067 7740 WPCSvc - ok

19:35:16.0083 7740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

19:35:16.0083 7740 WPDBusEnum - ok

19:35:16.0083 7740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

19:35:16.0099 7740 ws2ifsl - ok

19:35:16.0099 7740 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

19:35:16.0099 7740 wscsvc - ok

19:35:16.0114 7740 WSearch - ok

19:35:16.0177 7740 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

19:35:16.0208 7740 wuauserv - ok

19:35:16.0239 7740 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

19:35:16.0239 7740 WudfPf - ok

19:35:16.0270 7740 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

19:35:16.0270 7740 WUDFRd - ok

19:35:16.0301 7740 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

19:35:16.0301 7740 wudfsvc - ok

19:35:16.0333 7740 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

19:35:16.0333 7740 WwanSvc - ok

19:35:16.0348 7740 ================ Scan global ===============================

19:35:16.0364 7740 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:35:16.0395 7740 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:35:16.0395 7740 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:35:16.0426 7740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:35:16.0457 7740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:35:16.0457 7740 [Global] - ok

19:35:16.0457 7740 ================ Scan MBR ==================================

19:35:16.0473 7740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

19:35:16.0582 7740 \Device\Harddisk0\DR0 - ok

19:35:16.0582 7740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

19:35:16.0582 7740 \Device\Harddisk1\DR1 - ok

19:35:16.0582 7740 [ 25A853D87F74184AE65B48F3C5D1C82B ] \Device\Harddisk2\DR2

19:35:25.0802 7740 \Device\Harddisk2\DR2 - ok

19:35:25.0802 7740 ================ Scan VBR ==================================

19:35:25.0802 7740 [ 66CBF94B47CF35CF2AEE23C18D258088 ] \Device\Harddisk0\DR0\Partition1

19:35:25.0802 7740 \Device\Harddisk0\DR0\Partition1 - ok

19:35:25.0817 7740 [ C151F86EF34CF0108D6C5695AE98F5A3 ] \Device\Harddisk0\DR0\Partition2

19:35:25.0817 7740 \Device\Harddisk0\DR0\Partition2 - ok

19:35:25.0849 7740 [ F032BEC1F4D4E23C12958C5870CC6A45 ] \Device\Harddisk1\DR1\Partition1

19:35:25.0849 7740 \Device\Harddisk1\DR1\Partition1 - ok

19:35:25.0849 7740 [ 845C168D9A6083D5B1601A915474395F ] \Device\Harddisk2\DR2\Partition1

19:35:25.0849 7740 \Device\Harddisk2\DR2\Partition1 - ok

19:35:25.0849 7740 ============================================================

19:35:25.0849 7740 Scan finished

19:35:25.0849 7740 ============================================================

19:35:25.0864 7052 Detected object count: 0

19:35:25.0864 7052 Actual detected object count: 0

19:37:55.0173 3608 Deinitialize success

[AndyP888]

Combofix log:

ComboFix 13-02-26.01 - Andrea 27/02/2013 19:39:50.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12279.9421 [GMT 11:00]

Running from: c:\users\Andrea\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Andrea\AppData\Local\Temp\_MEI33122\_ctypes.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\_elementtree.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\_hashlib.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\_socket.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\_ssl.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\pyexpat.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\pysqlite2._sqlite.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\python26.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\pythoncom26.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\PyWinTypes26.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\select.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\unicodedata.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32api.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32com.shell.shell.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32crypt.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32event.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32file.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32inet.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32pdh.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32process.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32profile.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32security.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\win32ts.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\windows._cacheinvalidation.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._controls_.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._core_.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._gdi_.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._html2.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._misc_.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._windows_.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wx._wizard.pyd

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wxbase293u_net_vc.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wxbase293u_vc.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_adv_vc.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_core_vc.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_html_vc.dll

c:\users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_webview_vc.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))

.

.

2013-02-27 08:44 . 2013-02-27 08:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-26 20:51 . 2013-02-26 20:51 -------- d-----w- c:\users\Andrea\AppData\Local\VirtualStore

2013-02-25 19:39 . 2013-02-25 19:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 13:44 . 2013-02-23 13:44 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 12:40 . 2013-02-21 12:40 -------- d-----w- c:\programdata\ALM

2013-02-21 12:30 . 2008-04-06 18:38 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll

2013-02-21 12:04 . 2013-02-21 12:04 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2013-02-21 11:57 . 2013-02-21 11:57 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2013-02-17 11:14 . 2013-02-17 11:14 -------- d-----w- C:\_OTL

2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-14 16:03 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 16:03 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 16:00 . 2013-01-09 01:53 763424 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-02-13 22:52 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 22:52 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 22:52 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 22:52 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 22:52 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 22:52 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 22:52 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 22:52 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 22:52 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 22:52 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 22:51 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 22:51 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-25 19:39 . 2012-06-21 03:02 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-25 19:39 . 2012-06-21 03:02 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-15 05:34 . 2012-04-10 11:26 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-15 05:34 . 2011-08-31 21:54 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-14 16:07 . 2011-08-07 11:01 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-04 04:43 . 2013-02-13 22:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-17 23:06 . 2013-01-21 11:25 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-12-17 23:06 . 2012-12-17 23:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-12-17 23:06 . 2012-12-17 23:06 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-12-17 23:06 . 2012-12-17 23:06 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-12-17 23:06 . 2012-12-17 23:06 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-12-17 23:06 . 2012-12-17 23:06 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-12-17 23:06 . 2012-12-17 23:06 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-12-17 23:06 . 2012-12-17 23:06 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-12-17 23:06 . 2012-12-17 23:06 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-12-17 23:06 . 2012-12-17 23:06 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-12-17 23:06 . 2012-12-17 23:06 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-12-17 23:06 . 2012-12-17 23:06 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-12-17 23:06 . 2012-12-17 23:06 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-12-17 23:06 . 2012-12-17 23:06 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-12-17 23:06 . 2012-12-17 23:06 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-12-17 23:06 . 2012-12-17 23:06 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-12-17 23:06 . 2012-12-17 23:06 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-12-17 23:06 . 2012-12-17 23:06 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-12-17 23:06 . 2012-12-17 23:06 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-12-17 23:06 . 2012-12-17 23:06 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-12-17 23:06 . 2012-12-17 23:06 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-12-17 23:06 . 2012-12-17 23:06 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-12-17 23:06 . 2012-12-17 23:06 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-12-17 23:06 . 2012-12-17 23:06 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-12-17 23:06 . 2012-12-17 23:06 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-12-17 23:06 . 2012-12-17 23:06 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-12-17 23:06 . 2012-12-17 23:06 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-12-17 23:06 . 2012-12-17 23:06 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-12-17 23:06 . 2012-12-17 23:06 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-12-17 23:06 . 2013-01-21 11:25 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-12-16 17:11 . 2012-12-21 16:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 16:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 16:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 16:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 05:49 . 2011-08-19 11:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-13 02:50 . 2012-12-13 02:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-12-13 02:50 . 2012-12-13 02:50 54784 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-12-07 13:20 . 2013-01-09 04:34 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 04:34 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 04:34 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 04:34 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 04:34 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 04:34 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 04:34 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 04:34 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 04:34 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 04:34 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 04:34 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 04:34 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 04:34 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 04:34 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 04:34 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 04:34 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 04:34 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 04:34 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 04:34 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 04:34 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 04:34 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 04:34 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 04:34 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 04:34 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 04:34 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 04:34 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 04:34 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 04:34 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 04:34 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 04:34 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 04:34 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 04:34 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-09 04:32 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 04:32 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 04:32 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-09 04:32 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 04:32 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 04:32 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 04:32 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 04:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2adefb8e-b923-35e6-86e2-2b7841f5d2a2}]

2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-9-8 1207312]

QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-3-21 724992]

UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-8-14 29310]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-02-21 1038088]

R3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;c:\windows\system32\DRIVERS\libusb0.sys [2011-05-13 44480]

R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-05 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-14 63328]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-20 225120]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-13 40800]

S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-07-01 293416]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-01 185696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-20 200032]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-19 203776]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-07-06 375176]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-13 20512]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2009-06-17 74256]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2009-06-17 13328]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]

S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 05:34]

.

2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 11:26]

.

2013-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-24 11:26]

.

2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219751069-628700628-3337679430-1002Core.job

- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 00:50]

.

2013-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219751069-628700628-3337679430-1002UA.job

- c:\users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-18 00:50]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 08:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 08:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 08:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 08:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-19 20480]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]

"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1238528]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [2010-03-24 633200]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q={searchTerms}

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 211.31.138.11 211.29.132.12 198.142.0.51

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

FF - ProfilePath - c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\sl89vjk1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q=

FF - ExtSQL: !HIDDEN! 2012-11-14 10:54; hotfix@mozilla.org; c:\users\Andrea\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

FF - user.js: extensions.autoDisableScopes - 10

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Memory Cache 4.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]

"ImagePath"="system32\DRIVERS\1394ohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]

"ImagePath"="system32\drivers\ACPI.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]

"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeARMservice]

"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeDriveCS4_NP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc]

"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]

"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]

"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]

"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]

"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]

"ImagePath"="\SystemRoot\system32\drivers\afd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]

"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]

"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility]

"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]

"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]

"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag]

"ImagePath"="system32\DRIVERS\atikmdag.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap]

"ImagePath"="system32\DRIVERS\atikmpag.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]

"ImagePath"="\SystemRoot\system32\drivers\amdppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]

"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]

"ImagePath"="\SystemRoot\system32\drivers\amdsbs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]

"ImagePath"="system32\drivers\amdxata.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]

"ImagePath"="\SystemRoot\system32\drivers\appid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]

"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]

"ServiceDll"="%SystemRoot%\System32\appinfo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Apple Mobile Device]

"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]

"ImagePath"="\SystemRoot\system32\drivers\arc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]

"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET_4.0.30319]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]

"ImagePath"="system32\drivers\atapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiHDAudioService]

"ImagePath"="system32\drivers\AtihdW76.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]

"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]

"ImagePath"="system32\DRIVERS\avgidsha.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]

"ImagePath"="system32\DRIVERS\avgldx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]

"ImagePath"="system32\DRIVERS\avgloga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]

"ImagePath"="system32\DRIVERS\avgmfx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]

"ImagePath"="system32\DRIVERS\avgrkx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]

"ImagePath"="system32\DRIVERS\avgtdia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]

"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]

"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]

"ImagePath"="\SystemRoot\system32\drivers\bxvbda.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]

"ImagePath"="system32\DRIVERS\b57nd60a.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]

"MofImagePath"="system32\drivers\battc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]

"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]

"ServiceDll"="%SystemRoot%\System32\bfe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]

"ServiceDll"="%SystemRoot%\System32\qmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]

"ImagePath"="system32\DRIVERS\blbdrive.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Bonjour Service]

"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]

"ImagePath"="system32\DRIVERS\bowser.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]

"ImagePath"="\SystemRoot\system32\drivers\BrFiltLo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]

"ImagePath"="\SystemRoot\system32\drivers\BrFiltUp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]

"ImagePath"="system32\DRIVERS\bridge.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]

"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]

"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]

"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]

"ImagePath"="System32\Drivers\BTHport.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]

"ServiceDll"="%SystemRoot%\system32\bthserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHUSB]

"ImagePath"="System32\Drivers\BTHUSB.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]

"ImagePath"="\??\c:\combofix\catchme.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]

"ImagePath"="system32\DRIVERS\cdfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]

"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]

"ImagePath"="System32\CLFS.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]

"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]

"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]

"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]

"ImagePath"="\SystemRoot\system32\drivers\CmBatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]

"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]

"ImagePath"="System32\Drivers\cng.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]

"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]

"ImagePath"="system32\DRIVERS\CompositeBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]

"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]

"ImagePath"="\SystemRoot\system32\drivers\crcdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]

"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]

"ServiceDll"="%Systemroot%\System32\defragsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]

"ImagePath"="System32\Drivers\dfsc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dgderdrv]

"ImagePath"="System32\drivers\dgderdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dg_ssudbus]

"ImagePath"="system32\DRIVERS\ssudbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]

"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]

"ImagePath"="System32\drivers\discache.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]

"ImagePath"="system32\drivers\disk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]

"ServiceDll"="%SystemRoot%\system32\dps.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]

"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]

"ImagePath"="\SystemRoot\system32\drivers\evbda.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]

"ImagePath"="%SystemRoot%\System32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehRecvr]

"ImagePath"="%systemroot%\ehome\ehRecvr.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ehSched]

"ImagePath"="%systemroot%\ehome\ehsched.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]

"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]

"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]

"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]

"ServiceDll"="%systemroot%\system32\es.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]

"ImagePath"="%systemroot%\system32\fxssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]

"ImagePath"="\SystemRoot\system32\drivers\fdc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]

"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]

"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]

"ImagePath"="system32\drivers\fileinfo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]

"ImagePath"="system32\drivers\filetrace.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FLEXnet Licensing Service]

"ImagePath"="\"c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FLEXnet Licensing Service 64]

"ImagePath"="\"c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]

"ImagePath"="\SystemRoot\system32\drivers\flpydisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]

"ServiceDll"="%SystemRoot%\system32\FntCache.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]

"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]

"ImagePath"="System32\drivers\FsDepends.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]

"ImagePath"="System32\DRIVERS\fvevol.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]

"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\GEARAspiWDM]

"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]

"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdate]

"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdatem]

"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gusvc]

"ImagePath"="\"c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]

"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]

"ImagePath"="system32\drivers\HdAudio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]

"ImagePath"="system32\DRIVERS\HDAudBus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]

"ImagePath"="\SystemRoot\system32\drivers\HidBatt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]

"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]

"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]

"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]

"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]

"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]

"ServiceDll"="%SystemRoot%\system32\provsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]

"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]

"ImagePath"="system32\drivers\HTTP.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]

"ImagePath"="System32\drivers\hwpolicy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]

"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IDriverT]

"ImagePath"="\"c:\program files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]

"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]

"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]

"ServiceDll"="%SystemRoot%\System32\ikeext.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IntcAzAudAddService]

"ImagePath"="system32\drivers\RTKVHD64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]

"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]

"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]

"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]

"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]

"ImagePath"="System32\drivers\ipnat.sys"

[AndyP888]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iPod Service]

"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]

"ImagePath"="system32\drivers\irenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]

"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]

"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]

"ImagePath"="System32\Drivers\ksecdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]

"ImagePath"="System32\Drivers\ksecpkg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]

"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]

"ServiceDll"="%systemroot%\system32\msdtckrm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\L8042Kbd]

"ImagePath"="system32\DRIVERS\L8042Kbd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LBTServ]

"ImagePath"="c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LEqdUsb]

"ImagePath"="system32\DRIVERS\LEqdUsb.Sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LHidEqd]

"ImagePath"="system32\DRIVERS\LHidEqd.Sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LHidFilt]

"ImagePath"="system32\DRIVERS\LHidFilt.Sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\libusb0]

"ImagePath"="system32\DRIVERS\libusb0.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]

"ImagePath"="system32\DRIVERS\lltdio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]

"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMIGuardianSvc]

"ImagePath"="\"c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMIInfo]

"ImagePath"="\??\c:\program files (x86)\LogMeIn\x64\RaInfo.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMIMaint]

"ImagePath"="\"c:\program files (x86)\LogMeIn\x64\RaMaint.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmimirr]

"ImagePath"="system32\DRIVERS\lmimirr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMIRfsClientNP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMIRfsDriver]

"ImagePath"="\??\c:\windows\system32\drivers\LMIRfsDriver.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMouFilt]

"ImagePath"="system32\DRIVERS\LMouFilt.Sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LogMeIn]

"ImagePath"="\"c:\program files (x86)\LogMeIn\x64\LogMeIn.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]

"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]

"ImagePath"="\SystemRoot\system32\drivers\lsi_sas2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]

"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]

"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LUsbFilt]

"ImagePath"="System32\Drivers\LUsbFilt.Sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMProtector]

"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMScheduler]

"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService]

"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mcx2Svc]

"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]

"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]

"ImagePath"="\SystemRoot\system32\drivers\MegaSR.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]

"ImagePath"="system32\drivers\modem.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]

"ImagePath"="system32\DRIVERS\monitor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]

"ImagePath"="System32\drivers\mountmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MozillaMaintenance]

"ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]

"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]

"ImagePath"="System32\drivers\mpsdrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]

"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]

"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]

"ImagePath"="system32\DRIVERS\mrxsmb10.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]

"ImagePath"="system32\DRIVERS\mrxsmb20.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]

"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]

"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]

"ImagePath"="%SystemRoot%\System32\msdtc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]

"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSICDSetup]

"ImagePath"="\??\E:\CDriver64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]

"ImagePath"="system32\drivers\msisadrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]

"ServiceDll"="%systemroot%\system32\iscsiexe.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]

"ImagePath"="system32\drivers\MSTEE.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]

"ImagePath"="\SystemRoot\system32\drivers\MTConfig.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]

"ImagePath"="System32\Drivers\mup.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mv91xx]

"ImagePath"="system32\DRIVERS\mv91xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]

"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]

"ImagePath"="system32\DRIVERS\nwifi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]

"ImagePath"="system32\drivers\ndis.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]

"ImagePath"="system32\DRIVERS\ndiscap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]

"ImagePath"="System32\DRIVERS\netbt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetMsmqActivator]

"ImagePath"="\"c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetPipeActivator]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]

"ServiceDll"="%SystemRoot%\System32\netprofm.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpActivator]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]

"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]

"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]

"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nmwcd]

"ImagePath"="system32\drivers\ccdcmbx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nmwcdc]

"ImagePath"="system32\drivers\ccdcmbox64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]

"ServiceDll"="%systemroot%\system32\nsisvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]

"ImagePath"="system32\drivers\nsiproxy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nusb3hub]

"ImagePath"="system32\DRIVERS\nusb3hub.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nusb3xhc]

"ImagePath"="system32\DRIVERS\nusb3xhc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]

"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]

"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]

"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]

"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ose]

"ImagePath"="\"c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\osppsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Outlook]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]

"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]

"ImagePath"="\SystemRoot\system32\drivers\parport.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]

"ImagePath"="System32\drivers\partmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]

"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pccsmcfd]

"ImagePath"="system32\DRIVERS\pccsmcfdx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]

"ImagePath"="system32\drivers\pci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]

"ImagePath"="system32\drivers\pciide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]

"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]

"ImagePath"="System32\drivers\pcw.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]

"ImagePath"="system32\drivers\peauth.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]

"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]

"ServiceDll"="%systemroot%\system32\pla.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]

"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]

"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]

"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]

"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]

"ServiceDll"="%SystemRoot%\system32\umpo.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]

"ImagePath"="\SystemRoot\system32\drivers\processr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]

"ServiceDll"="%systemroot%\system32\profsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]

"ImagePath"="system32\DRIVERS\pacer.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]

"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]

"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]

"ServiceDll"="%windir%\system32\qwave.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]

"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]

"ImagePath"="System32\DRIVERS\rasacd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]

"ImagePath"="system32\DRIVERS\AgileVpn.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]

"ImagePath"="system32\DRIVERS\rassstp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]

"ImagePath"="\SystemRoot\system32\drivers\rdpbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]

"ImagePath"="system32\drivers\rdpencdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]

"ImagePath"="system32\drivers\rdprefmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]

"ImagePath"="System32\drivers\rdyboost.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]

"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]

"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]

"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]

"ImagePath"="system32\DRIVERS\rspndr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL8167]

"ImagePath"="system32\DRIVERS\Rt64win7.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]

"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]

"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCDEmu]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]

"ImagePath"="System32\DRIVERS\scfilter.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]

"ServiceDll"="%systemroot%\system32\schedsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]

"ServiceDll"="%SystemRoot%\System32\certprop.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]

"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\secdrv]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]

"ServiceDll"="%windir%\system32\seclogon.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]

"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]

"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceLayer]

"ImagePath"="\"c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]

"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]

"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]

"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]

"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]

"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]

"ImagePath"="\SystemRoot\system32\drivers\SiSRaid2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]

"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]

"ImagePath"="system32\DRIVERS\smb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]

"ImagePath"="%SystemRoot%\System32\snmptrap.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]

"ImagePath"="%SystemRoot%\System32\spoolsv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]

"ImagePath"="%SystemRoot%\system32\sppsvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]

"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]

"ImagePath"="System32\DRIVERS\srv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]

"ImagePath"="System32\DRIVERS\srv2.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]

"ImagePath"="System32\DRIVERS\srvnet.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]

"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ssudmdm]

"ImagePath"="system32\DRIVERS\ssudmdm.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]

"ImagePath"="\SystemRoot\system32\drivers\stexstor.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]

"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]

"ServiceDll"="%Systemroot%\System32\swprv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]

"ServiceDll"="%systemroot%\system32\sysmain.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]

"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]

"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]

"ImagePath"="System32\drivers\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]

"ImagePath"="system32\DRIVERS\tcpip.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]

"ImagePath"="System32\drivers\tcpipreg.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]

"ImagePath"="system32\drivers\tdpipe.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]

"ImagePath"="system32\drivers\tdtcp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]

"ImagePath"="system32\DRIVERS\tdx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]

"ServiceDll"="%SystemRoot%\system32\themeservice.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]

"ServiceDll"="%SystemRoot%\system32\mmcss.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]

"ServiceDll"="%SystemRoot%\System32\trkwks.dll"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]

"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]

"ImagePath"="System32\DRIVERS\tssecsrv.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt]

"ImagePath"="system32\drivers\tsusbflt.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbGD]

"ImagePath"="\SystemRoot\system32\drivers\TsUsbGD.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]

"ImagePath"="system32\DRIVERS\tunnel.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]

"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]

"ImagePath"="system32\DRIVERS\udfs.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]

"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]

"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UltraMonUtility]

"ImagePath"="\??\c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]

"ImagePath"="system32\DRIVERS\umbus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]

"ImagePath"="\SystemRoot\system32\drivers\umpass.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upperdev]

"ImagePath"="system32\DRIVERS\usbser_lowerfltx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBAAPL64]

"ImagePath"="System32\Drivers\usbaapl64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]

"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]

"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]

"ImagePath"="system32\DRIVERS\usbprint.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbscan]

"ImagePath"="system32\DRIVERS\usbscan.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbser]

"ImagePath"="system32\DRIVERS\usbser.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UsbserFilt]

"ImagePath"="system32\DRIVERS\usbser_lowerfltjx64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]

"ServiceDll"="%SystemRoot%\System32\uxsms.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]

"ImagePath"="system32\drivers\vdrvroot.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]

"ImagePath"="%SystemRoot%\System32\vds.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]

"ImagePath"="system32\DRIVERS\vgapnp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]

"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]

"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]

"ImagePath"="system32\drivers\volmgr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]

"ImagePath"="System32\drivers\volmgrx.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]

"ImagePath"="system32\drivers\volsnap.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]

"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]

"ImagePath"="%systemroot%\system32\vssvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]

"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]

"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]

"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]

"ImagePath"="\"%systemroot%\system32\wbengine.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]

"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]

"ImagePath"="\SystemRoot\system32\drivers\wd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WDC_SAM]

"ImagePath"="system32\DRIVERS\wdcsam64.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]

"ImagePath"="system32\DRIVERS\wfplwf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WimFltr]

"ImagePath"="system32\DRIVERS\wimfltr.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]

"ImagePath"="system32\drivers\wimmount.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb]

"ImagePath"="system32\DRIVERS\WinUsb.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wlidsvc]

"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]

"ImagePath"="system32\DRIVERS\wmiacpi.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]

"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]

"ImagePath"="system32\drivers\WudfPf.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]

"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{A1FBE589-2F81-419A-A041-8586B735EF2B}]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

.

**************************************************************************

.

Completion time: 2013-02-27 19:50:44 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-27 08:50

ComboFix2.txt 2013-02-19 09:07

.

Pre-Run: 356,129,361,920 bytes free

Post-Run: 356,669,845,504 bytes free

.

- - End Of File - - B08F6E3BA3525BA87FC457ECD2F56713

[Maurice Naggar]

You said

Thank you again for your help Maurice, this is obviously a very serious threat and I would love to know how it got through my anti-virus protection. I was very concerned about your warnings that I may be subject to identity theft, and I have changed all my critical passwords.

I am curious that 2 other members who were recently helped with seemingly this same trojan were not given the same warnings... is my infection different or have there been recent upgrades to the seriousness of it?

After running TDSSKiller and Combofix, which didn't appear to detect anything at this stage, I am having difficulty connecting to the internet so I am posting via my son's laptop.

I am also getting constant permission requests to run certain things now, which I wasn't before.

My note on identity theft possibility is a safety precaution. I have seen a recent case where a variant of this "false windows update" was also grouped with ransomware.

The safest thing to do -is- to change passwords and take precaution on identity theft.

On the "constant permission" please be precise in your observation and in your description. What you are "likely seeing" is Windows User Account Control prompting you whether or not to start running executable programs.

"That" is normal.

As to the internet connection you mentioned, let's have you do this.

Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Right-click flush.bat file and select RUN as Administrator to run it.

It will start and run very quickly in a Command prompt window.

Your computer will reboot.

Edited February 27, 2013 by Maurice Naggar

[AndyP888]

I agree, better to take the precautions.

I have run the flush.bat file but alas still have no internet connection from this computer though all other computers in the house do.

Still working from son's laptop at 4am!

[Maurice Naggar]

Is the computer directly connected to the internet modem or router ?

Or are you "using" a wireless connection?

Use a new / clean USB-flash-thumb drive to shuttle back & forth; to save downloads and copy to the "desktop of problem computer" and visa-versa with reports-logs

Please download Windows Repair (all in one) from here.

• Install the program.
  
• Please proceed to run it. On Vista, Windows 7 or 8, Right-click the executable and select Run as Administrator.
  
• Go to Step 2 and allow it to run CheckDisk by clicking on the Do It button:
  
  
• Once that is done please go to Step 3 and allow it to run the System File Check by clicking on the Do It button:
  
  
• Go to Step 4 and under System Restore click on the Create button:
  
  
• Next, go to the Start Repairs tab and click the Start button.
  
  
• Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
  
  
• Click on the box next to the Restart System when Finished. Then click on Start.

[AndyP888]

It is directly connected to the router. I will run the windows repair as per your instructions.

[AndyP888]

Still no internet connection unfortunately

Not sure if you needed to see the system file check log, it said it fixed corrupt files, but thenext few posts are the log

[AndyP888]

Looks like it's far too long and will take many posts. Should I attach the text file?

[Maurice Naggar]

I will not need those logs. Just please make sure you restart your system fresh.

You have the DDS tool from before. Please run it and then Copy & Paste the new DDS.txt log for my review.

Also.....

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  
• Other services
  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

[AndyP888]

Thank you Maurice. I will have to do these steps when I get home from work in a few hours.

Will be in touch!

[AndyP888]

Good evening Maurice, dds log attached:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2

Run by Andrea at 19:32:29 on 2013-02-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12279.9857 [GMT 11:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe

C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\Grid64.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe

C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\UltraMon\UltraMon.exe

C:\Program Files\UltraMon\UltraMonTaskbar.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\UltraMon\UltraMonUiAcc.exe

C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com.au/

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q={searchTerms}

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Blog This in Windows Live: {2adefb8e-b923-35e6-86e2-2b7841f5d2a2} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll

TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Grid] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraGrd.exe"

uRun: [FMCore.exe] "C:\Program Files (x86)\Extensis\Suitcase Fusion 3\FMCore.exe" -standalone

uRun: [90A4488B45C50C9049F387EB11B9ACF449011272._service_run] "C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe

uRun: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] "C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup

mRun: [NeroFilterCheck] C:\Windows\SysWOW64\NeroCheck.exe

mRun: [GBMPro8Agent] C:\Program Files (x86)\Genie-Soft\GBMPro8\GBMAgent.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

TCP: NameServer = 211.31.138.11 211.29.132.12 198.142.0.51

TCP: Interfaces\{A1FBE589-2F81-419A-A041-8586B735EF2B} : DHCPNameServer = 211.31.138.11 211.29.132.12 198.142.0.51

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll

x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [PrnStatusMX] C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\sl89vjk1.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/

FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\sl89vjk1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: !HIDDEN! 2012-11-14 10:54; hotfix@mozilla.org; C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.autoDisableScopes - 10

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-7-1 293416]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-27 203776]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-6-8 375176]

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-1-11 15928]

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-6-29 72216]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-4 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-25 682344]

R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-27 115216]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2009-6-18 74256]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2009-6-18 13328]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-8-19 24176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-27 344680]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-1-21 102368]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-2-21 1038088]

S3 libusb0;libusb-win32 - Kernel Driver 04/08/2011 1.2.4.0;C:\Windows\System32\drivers\libusb0.sys [2011-5-13 44480]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-1-21 203104]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-6 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-02-27 19:35:06 -------- d-----w- C:\Windows\System32\catroot2

2013-02-27 19:28:48 -------- d-----w- C:\Windows\SysWow64\wbem\Performance

2013-02-27 17:38:00 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2013-02-27 10:22:43 -------- d-----w- C:\Users\Andrea\AppData\Local\Diagnostics

2013-02-27 08:46:43 -------- d-----w- C:\$RECYCLE.BIN

2013-02-26 20:51:05 -------- d-----w- C:\Users\Andrea\AppData\Local\VirtualStore

2013-02-25 19:39:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 13:44:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 12:40:11 -------- d-----w- C:\ProgramData\ALM

2013-02-21 12:30:05 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll

2013-02-21 12:04:26 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared

2013-02-21 11:57:59 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2013-02-19 08:50:46 98816 ----a-w- C:\Windows\sed.exe

2013-02-19 08:50:46 256000 ----a-w- C:\Windows\PEV.exe

2013-02-19 08:50:46 208896 ----a-w- C:\Windows\MBR.exe

2013-02-17 11:14:03 -------- d-----w- C:\_OTL

2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-14 16:03:19 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 16:03:19 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-14 16:00:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-02-13 22:52:05 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 22:52:04 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 22:52:04 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 22:52:01 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 22:52:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 22:52:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 22:52:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 22:52:00 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 22:52:00 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 22:52:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 22:51:59 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-13 22:51:59 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2013-02-25 19:39:27 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-25 19:39:27 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-15 05:34:22 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-15 05:34:22 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 05:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-13 02:50:38 6112864 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-12-13 02:50:36 54784 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

.

============= FINISH: 19:32:50.79 ===============

[AndyP888]

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 27/06/2011 9:05:46 AM

System Uptime: 28/02/2013 5:50:29 PM (2 hours ago)

.

Motherboard: MSI | | X58A-GD45 (MS-7522)

Processor: Intel® Core i7 CPU 960 @ 3.20GHz | CPU 1 | 2656/133mhz

.

==== Disk Partitions =========================

.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe After Effects CS4 Third Party Content

Adobe AIR

Adobe Anchor Service CS4

Adobe Anchor Service x64 CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe CMaps x64 CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Master Collection

Adobe CSI CS4

Adobe CSI CS4 x64

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Drive CS4 x64

Adobe Dynamiclink Support

Adobe Encore CS4 Codecs

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Fonts All

Adobe Fonts All x64

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe InDesign CS4 Icon Handler x64

Adobe Linguistics CS4

Adobe Linguistics CS4 x64

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Exporter

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe PDF Library Files x64 CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 (64 Bit)

Adobe Photoshop CS4 Support

Adobe Photoshop Lightroom 3 64-bit

Adobe Premiere Pro CS4 Third Party Content

Adobe Reader 64-bit fixes

Adobe Reader X (10.1.6)

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe Shockwave Player 11.6

Adobe SING CS4

Adobe Soundbooth CS4 Codecs

Adobe Type Support CS4

Adobe Type Support x64 CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe WinSoft Linguistics Plugin x64

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

AMD Drag and Drop Transcoding

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ATI AVIVO64 Codecs

ATI Catalyst Install Manager

AVG 2013

Belarc Advisor 8.2

Bonjour

Bulk Rename Utility 2.7.1.2

calibre

Canon CanoScan Toolbox 5.0

CanoScan LiDE 600F

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CDDRV_Installer

Connect

Crystal Reports for .NET Framework 2.0 (x86)

D3DX10

Data Converter

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DVD Shrink 3.2

erLT

Extensis Suitcase Fusion 3

ExtractNow

Free Launch Bar 64-bit Edition

Garmin ANT Agent

Garmin Communicator Plugin

Garmin USB Drivers

Genie Backup Manager Pro 8.0

Google Chrome

Google Drive

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Color LaserJet CP1210 Series

HP Color LaserJet CP1210 Series Toolbox

HP LaserJet Toolbox

HP Update

HPSSupply

HydraVision

iCloud

ImagXpress

ImgBurn

iTunes

Java 7 Update 15

Java Auto Updater

JavaFX 2.1.1

K-Lite Codec Pack 4.0.0 (Full)

KhalInstallWrapper

kuler

Logitech SetPoint

LogMeIn

Malwarebytes Anti-Malware version 1.70.0.1100

marvell 91xx driver

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Report Viewer Redistributable 2008 (KB971118)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Sync Framework 2.1 Core Components (x86) ENU

Microsoft Sync Framework 2.1 Database Providers (x86) ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Movie Maker

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Netscape Navigator (9.0.0.6)

Noise Ninja 2.0.2

Nokia Connectivity Cable Driver

Nokia Ovi Suite

Nokia Ovi Suite Software Updater

ObjectDock Plus 2

Ovi Desktop Sync Engine

OviMPlatform

PC Connectivity Solution

PDF Settings CS4

Photo Common

Photo Gallery

Photocopier 3.03

Photoshop Camera Raw

Photoshop Camera Raw_x64

Pixel Bender Toolkit

PowerISO

Quicken 2012

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Safari

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

ScanSoft OmniPage SE 4.0

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SnagIt 8

Stardock Software

Suite Shared Configuration CS4

swMSM

Tweaking.com - Windows Repair (All in One)

UltraMon

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Windows 7 USB/DVD Download Tool

Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinZip 15.0

WMV9/VC-1 Video Playback

.

==== End Of File ===========================

[AndyP888]

FSS.txt:

Farbar Service Scanner Version: 20-02-2013

Ran by Andrea (administrator) on 28-02-2013 at 19:43:20

Running from "C:\Users\Andrea\Desktop"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.

Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:

==============

Localhost is accessible.

There is no connection to network.

Attempt to access Google IP returned error.

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\ipnathlp.dll => MD5 is legit

C:\Windows\System32\iphlpsvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Maurice Naggar]

These steps are for AndyP888 only. If you are a casual viewer, do NOT try this on your system!

If you are not AndyP888 and have a similar problem, do NOT post here; start your own topic

You will want to print out or copy these instructions to Notepad for offline reference!

Step 1

Now, using Windows Explorer, go to and locate this file C:\Qoobox\ComboFix-quarantined-files.txt

Then you may attach it in a new reply, or, otherwise copy all its contents and Paste into a new reply --- so I can have for review.

Step 2

Download and SAVE this reg file to the DESKTOP

http://download.bleepingcomputer.com/win-services/7/Dhcp.reg

Then do a Right-click on the reg-file and select MERGE and allow the merge into the registry.

Then

1. Go >> Here << and download & SAVE ERUNT to the Desktop

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

Now, Logoff and Restart the system fresh.

Step 4

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Start NOTEPAD

Start NOTEPAD. Check and make sure "word wrap" is off.

From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.

IF it -is- checkmarked, click that one time so that it is un-checked.

In notepad and copy/paste the text in the quotebox below into it:

KILLALL::

DDS::
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=AU&userid=9246367d-bfe6-44ca-abc5-1966ba841cf1&searchtype=ds&q={searchTerms}
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [90A4488B45C50C9049F387EB11B9ACF449011272._service_run] "C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe" 

Driver::
90A4488B45C50C9049F387EB11B9ACF449011272._service_run

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Step 5

Re-enable your Antivirus program when all done.

Start your Chrome browser, while Chrome is running:

Press & hold SHIFT+CTRL+Del keys to get menu for clearing browing data:

Check Empty the cache

Delete cookies and other site and plug-in data

and press Clear browsing data button

Still in Chrome, press ALT+F then Settings

Click Extensions on the left.

Closely review the browser extensions that are listed. Disable any that you are not familiar with or that you do not trust.

Step 7

Tell me if this system is a notebook/laptop or a desktop type.

Tell me if the internet connection is ok now.

[AndyP888]

Here is the Combofix quarantined files log from yesterday:

2013-02-26 20:51:15 . 2013-02-26 20:51:15 81,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_webview_vc.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 152,576 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wxbase293u_net_vc.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 593,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_html_vc.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 1,214,976 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_adv_vc.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 4,555,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wxmsw293u_core_vc.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 1,972,224 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wxbase293u_vc.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 2,149,888 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\python26.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 86,016 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\_elementtree.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 571,392 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\pysqlite2._sqlite.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 96,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32api.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 263,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32com.shell.shell.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 11,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32crypt.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 23,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32ts.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 70,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._html2.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 40,448 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\_socket.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 153,088 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\pyexpat.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 1,024,616 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\windows._cacheinvalidation.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 792,576 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._gdi_.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 354,304 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\pythoncom26.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 17,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32profile.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 731,136 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._misc_.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 73,728 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\_ctypes.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 110,592 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\PyWinTypes26.dll.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 110,592 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32security.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 645,120 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\_ssl.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 22,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32pdh.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 36,352 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32process.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 1,169,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._core_.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 311,808 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\_hashlib.pyd.vir

2013-02-26 20:51:15 . 2013-02-26 20:51:15 807,424 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._windows_.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 121,856 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._wizard.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 111,104 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32file.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 39,424 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32inet.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 585,728 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\unicodedata.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 17,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\win32event.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 1,056,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\wx._controls_.pyd.vir

2013-02-26 20:51:14 . 2013-02-26 20:51:14 11,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33122\select.pyd.vir

2013-02-19 09:06:19 . 2013-02-19 09:06:19 168 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKU-Default-Run-Exetender.reg.dat

2013-02-19 09:06:18 . 2013-02-19 09:06:18 108 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-NWEReboot.reg.dat

2013-02-19 09:06:18 . 2013-02-19 09:06:18 97 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-AdobeBridge.reg.dat

2013-02-19 08:57:28 . 2013-02-27 08:43:16 4,037 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2013-02-19 08:50:44 . 2013-02-27 08:38:44 102 ----a-w- C:\Qoobox\Quarantine\catchme.log

2013-02-19 07:56:47 . 2013-02-19 07:56:47 81,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wxmsw293u_webview_vc.dll.vir

2013-02-19 07:56:47 . 2013-02-19 07:56:47 152,576 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wxbase293u_net_vc.dll.vir

2013-02-19 07:56:47 . 2013-02-19 07:56:47 593,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wxmsw293u_html_vc.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 1,214,976 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wxmsw293u_adv_vc.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 4,555,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wxmsw293u_core_vc.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 1,972,224 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wxbase293u_vc.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 2,149,888 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\python26.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 571,392 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\pysqlite2._sqlite.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 96,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32api.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 23,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32ts.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 86,016 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\_elementtree.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 40,448 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\_socket.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 153,088 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\pyexpat.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 263,168 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32com.shell.shell.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 11,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32crypt.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 792,576 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._gdi_.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 70,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._html2.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 17,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32profile.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 1,024,616 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\windows._cacheinvalidation.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 73,728 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\_ctypes.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 354,304 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\pythoncom26.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 731,136 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._misc_.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 110,592 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\PyWinTypes26.dll.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 110,592 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32security.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 645,120 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\_ssl.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 22,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32pdh.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 36,352 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32process.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 1,169,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._core_.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 311,808 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\_hashlib.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 807,424 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._windows_.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 111,104 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32file.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 39,424 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32inet.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 121,856 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._wizard.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 585,728 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\unicodedata.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 17,920 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\win32event.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 1,056,256 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\wx._controls_.pyd.vir

2013-02-19 07:56:46 . 2013-02-19 07:56:46 11,776 ----a-w- C:\Qoobox\Quarantine\C\Users\Andrea\AppData\Local\Temp\_MEI33362\select.pyd.vir

2012-12-17 23:06:06 . 2012-12-17 23:06:06 172,032 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\muzapp.exe.vir

2011-08-07 07:45:55 . 1997-02-24 00:12:44 9,728 ----a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\rnaph.dll.vir