malware.trace infection replaces itself upon deletion

orreso · June 15, 2013

did not seem to fix the problems unfortunately

Larusso · June 17, 2013

Hy there. Does that appear after running Combofix ?

Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Double click on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.

orreso · June 17, 2013

problems remain after most recent combofix run. every run of combofix it has said that rasauto.dll and qmgr.dll have been infected and repaired. combofix log below:

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]

R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:11]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]

.

------- Supplementary Scan -------

.

uStart Page =

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e21b83cb00000000000068a3c4745211

FF - user.js: extensions.BabylonToolbar_i.hardId - e21b83cb00000000000068a3c4745211

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15531

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="???楴??汐杵?愠???敗?汐杵? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="???楴??汐杵?愠???敗?汐杵? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

.

**************************************************************************

.

Completion time: 2013-06-17 10:32:15 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-17 17:32

.

Pre-Run: 33,320,013,824 bytes free

Post-Run: 32,886,530,048 bytes free

.

- - End Of File - - 93A8F515AB0D4D6C9149CB2A7BCB16D5

D41D8CD98F00B204E9800998ECF8427E

orreso · June 17, 2013

additionally:

Service_AudioSrv.reg.dat

Service_MSiSCSI.reg.dat

Service_Schedule.reg.dat

Service_SessionEnv.reg.dat

Service_Winmgmt.reg.dat

Service_wuauserv.reg.dat

HKLM-Run-SynTPEnh.reg.dat

and tcpip.reg have been quarantined in Qoobox for approximately a week, which is when the audio service and icons stopped working

Larusso · June 18, 2013

Thanks for letting me know.
Now I have to dig a little bit deeper here.

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.

orreso · June 18, 2013

no malicious objects found supposedly. log below:

09:46:17.0846 3844 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
09:46:18.0719 3844 ============================================================
09:46:18.0719 3844 Current date / time: 2013/06/18 09:46:18.0719
09:46:18.0719 3844 SystemInfo:
09:46:18.0719 3844
09:46:18.0719 3844 OS Version: 6.1.7601 ServicePack: 1.0
09:46:18.0719 3844 Product type: Workstation
09:46:18.0719 3844 ComputerName: ANDREWNASSEN
09:46:18.0719 3844 UserName: Andrew Nassen
09:46:18.0719 3844 Windows directory: C:\Windows
09:46:18.0719 3844 System windows directory: C:\Windows
09:46:18.0719 3844 Running under WOW64
09:46:18.0719 3844 Processor architecture: Intel x64
09:46:18.0719 3844 Number of processors: 1
09:46:18.0719 3844 Page size: 0x1000
09:46:18.0719 3844 Boot type: Normal boot
09:46:18.0719 3844 ============================================================
09:46:20.0747 3844 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:46:20.0747 3844 ============================================================
09:46:20.0747 3844 \Device\Harddisk0\DR0:
09:46:20.0747 3844 MBR partitions:
09:46:20.0747 3844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:46:20.0747 3844 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23114800
09:46:20.0747 3844 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23178800, BlocksNum 0x2282000
09:46:20.0747 3844 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
09:46:20.0747 3844 ============================================================
09:46:20.0934 3844 C: <-> \Device\Harddisk0\DR0\Partition2
09:46:21.0184 3844 D: <-> \Device\Harddisk0\DR0\Partition3
09:46:21.0184 3844 ============================================================
09:46:21.0184 3844 Initialize success
09:46:21.0184 3844 ============================================================
09:47:02.0119 3392 ============================================================
09:47:02.0119 3392 Scan started
09:47:02.0119 3392 Mode: Manual;
09:47:02.0119 3392 ============================================================
09:47:03.0101 3392 ================ Scan system memory ========================
09:47:03.0101 3392 System memory - ok
09:47:03.0117 3392 ================ Scan services =============================
09:47:04.0474 3392 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
09:47:04.0474 3392 1394ohci - ok
09:47:04.0615 3392 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
09:47:04.0630 3392 ACPI - ok
09:47:04.0708 3392 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
09:47:04.0708 3392 AcpiPmi - ok
09:47:04.0958 3392 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:47:04.0958 3392 AdobeARMservice - ok
09:47:05.0192 3392 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:47:05.0192 3392 AdobeFlashPlayerUpdateSvc - ok
09:47:05.0285 3392 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
09:47:05.0317 3392 adp94xx - ok
09:47:05.0363 3392 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
09:47:05.0363 3392 adpahci - ok
09:47:05.0426 3392 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
09:47:05.0441 3392 adpu320 - ok
09:47:05.0473 3392 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:47:05.0473 3392 AeLookupSvc - ok
09:47:05.0629 3392 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters     C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
09:47:05.0629 3392 AERTFilters - ok
09:47:05.0800 3392 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
09:47:05.0816 3392 AFD - ok
09:47:05.0863 3392 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:47:05.0878 3392 agp440 - ok
09:47:05.0925 3392 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
09:47:05.0925 3392 ALG - ok
09:47:05.0972 3392 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
09:47:05.0972 3392 aliide - ok
09:47:05.0987 3392 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
09:47:05.0987 3392 amdide - ok
09:47:06.0065 3392 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:47:06.0065 3392 AmdK8 - ok
09:47:06.0097 3392 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
09:47:06.0097 3392 AmdPPM - ok
09:47:06.0159 3392 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
09:47:06.0159 3392 amdsata - ok
09:47:06.0268 3392 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
09:47:06.0284 3392 amdsbs - ok
09:47:06.0331 3392 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
09:47:06.0331 3392 amdxata - ok
09:47:06.0393 3392 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
09:47:06.0393 3392 AppID - ok
09:47:06.0440 3392 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
09:47:06.0440 3392 AppIDSvc - ok
09:47:06.0518 3392 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
09:47:06.0518 3392 Appinfo - ok
09:47:06.0611 3392 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
09:47:06.0611 3392 arc - ok
09:47:06.0674 3392 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
09:47:06.0674 3392 arcsas - ok
09:47:07.0282 3392 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:47:07.0329 3392 aspnet_state - ok
09:47:07.0376 3392 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:47:07.0376 3392 AsyncMac - ok
09:47:07.0407 3392 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
09:47:07.0407 3392 atapi - ok
09:47:07.0501 3392 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:47:07.0516 3392 AudioEndpointBuilder - ok
09:47:07.0657 3392 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
09:47:07.0657 3392 AxAutoMntSrv - ok
09:47:07.0735 3392 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
09:47:07.0735 3392 AxInstSV - ok
09:47:07.0797 3392 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
09:47:07.0797 3392 b06bdrv - ok
09:47:07.0922 3392 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
09:47:07.0922 3392 b57nd60a - ok
09:47:08.0015 3392 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
09:47:08.0015 3392 BDESVC - ok
09:47:08.0031 3392 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:47:08.0031 3392 Beep - ok
09:47:08.0156 3392 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
09:47:08.0171 3392 BFE - ok
09:47:08.0359 3392 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
09:47:08.0374 3392 BITS - ok
09:47:08.0452 3392 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
09:47:08.0452 3392 blbdrive - ok
09:47:08.0499 3392 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:47:08.0499 3392 bowser - ok
09:47:08.0546 3392 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:47:08.0546 3392 BrFiltLo - ok
09:47:08.0577 3392 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:47:08.0577 3392 BrFiltUp - ok
09:47:08.0639 3392 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
09:47:08.0639 3392 BridgeMP - ok
09:47:08.0686 3392 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
09:47:08.0686 3392 Browser - ok
09:47:08.0749 3392 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
09:47:08.0749 3392 Brserid - ok
09:47:08.0795 3392 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
09:47:08.0795 3392 BrSerWdm - ok
09:47:08.0842 3392 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
09:47:08.0842 3392 BrUsbMdm - ok
09:47:08.0858 3392 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
09:47:08.0858 3392 BrUsbSer - ok
09:47:08.0889 3392 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
09:47:08.0889 3392 BTHMODEM - ok
09:47:08.0936 3392 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
09:47:08.0936 3392 bthserv - ok
09:47:09.0232 3392 catchme - ok
09:47:09.0279 3392 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:47:09.0279 3392 cdfs - ok
09:47:09.0341 3392 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:47:09.0341 3392 cdrom - ok
09:47:09.0404 3392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
09:47:09.0404 3392 CertPropSvc - ok
09:47:09.0497 3392 [ 533328A3D9A9C286682525842547540C ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
09:47:09.0497 3392 CinemaNow Service - ok
09:47:09.0544 3392 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
09:47:09.0560 3392 circlass - ok
09:47:09.0591 3392 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
09:47:09.0607 3392 CLFS - ok
09:47:09.0778 3392 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:47:09.0778 3392 clr_optimization_v2.0.50727_32 - ok
09:47:09.0872 3392 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:47:09.0872 3392 clr_optimization_v2.0.50727_64 - ok
09:47:10.0324 3392 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:47:10.0605 3392 clr_optimization_v4.0.30319_32 - ok
09:47:10.0636 3392 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:47:10.0777 3392 clr_optimization_v4.0.30319_64 - ok
09:47:10.0839 3392 [ 45379507ECC5E406237BFF32C7390675 ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
09:47:10.0839 3392 clwvd - ok
09:47:10.0901 3392 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
09:47:10.0901 3392 CmBatt - ok
09:47:10.0948 3392 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:47:10.0948 3392 cmdide - ok
09:47:10.0995 3392 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
09:47:10.0995 3392 CNG - ok
09:47:11.0073 3392 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
09:47:11.0089 3392 Compbatt - ok
09:47:11.0120 3392 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
09:47:11.0120 3392 CompositeBus - ok
09:47:11.0151 3392 COMSysApp - ok
09:47:11.0182 3392 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
09:47:11.0182 3392 crcdisk - ok
09:47:11.0323 3392 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:47:11.0323 3392 CryptSvc - ok
09:47:11.0416 3392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:47:11.0447 3392 DcomLaunch - ok
09:47:11.0557 3392 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
09:47:11.0557 3392 defragsvc - ok
09:47:11.0619 3392 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:47:11.0619 3392 DfsC - ok
09:47:11.0697 3392 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
09:47:11.0697 3392 Dhcp - ok
09:47:11.0759 3392 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
09:47:11.0759 3392 discache - ok
09:47:11.0837 3392 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
09:47:11.0837 3392 Disk - ok
09:47:11.0900 3392 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:47:11.0900 3392 Dnscache - ok
09:47:12.0009 3392 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
09:47:12.0009 3392 dot3svc - ok
09:47:12.0056 3392 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
09:47:12.0056 3392 DPS - ok
09:47:12.0118 3392 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:47:12.0118 3392 drmkaud - ok
09:47:12.0352 3392 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:47:12.0368 3392 DXGKrnl - ok
09:47:12.0430 3392 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
09:47:12.0430 3392 EapHost - ok
09:47:12.0633 3392 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
09:47:12.0695 3392 ebdrv - ok
09:47:12.0758 3392 [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
09:47:12.0758 3392 EFS - ok
09:47:12.0898 3392 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
09:47:12.0898 3392 ehRecvr - ok
09:47:12.0929 3392 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
09:47:12.0929 3392 ehSched - ok
09:47:13.0023 3392 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
09:47:13.0039 3392 elxstor - ok
09:47:13.0085 3392 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:47:13.0085 3392 ErrDev - ok
09:47:13.0195 3392 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
09:47:13.0210 3392 EventSystem - ok
09:47:13.0241 3392 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
09:47:13.0241 3392 exfat - ok
09:47:13.0288 3392 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:47:13.0288 3392 fastfat - ok
09:47:13.0522 3392 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
09:47:13.0538 3392 Fax - ok
09:47:13.0616 3392 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:47:13.0616 3392 fdc - ok
09:47:13.0741 3392 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
09:47:13.0741 3392 fdPHost - ok
09:47:13.0787 3392 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:47:13.0803 3392 FDResPub - ok
09:47:13.0834 3392 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:47:13.0834 3392 FileInfo - ok
09:47:13.0881 3392 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:47:13.0881 3392 Filetrace - ok
09:47:13.0990 3392 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:47:13.0990 3392 flpydisk - ok
09:47:14.0131 3392 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:47:14.0146 3392 FltMgr - ok
09:47:14.0521 3392 [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
09:47:14.0536 3392 FontCache - ok
09:47:14.0739 3392 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:47:14.0739 3392 FontCache3.0.0.0 - ok
09:47:14.0817 3392 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
09:47:14.0817 3392 FsDepends - ok
09:47:14.0879 3392 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:47:14.0879 3392 Fs_Rec - ok
09:47:15.0082 3392 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
09:47:15.0082 3392 fvevol - ok
09:47:15.0176 3392 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
09:47:15.0176 3392 gagp30kx - ok
09:47:15.0457 3392 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:47:15.0472 3392 GameConsoleService - ok
09:47:15.0675 3392 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
09:47:15.0691 3392 gpsvc - ok
09:47:15.0737 3392 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
09:47:15.0737 3392 hcw85cir - ok
09:47:15.0909 3392 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:47:15.0909 3392 HdAudAddService - ok
09:47:15.0987 3392 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
09:47:15.0987 3392 HDAudBus - ok
09:47:16.0330 3392 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
09:47:16.0393 3392 HidBatt - ok
09:47:16.0517 3392 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
09:47:16.0517 3392 HidBth - ok
09:47:16.0611 3392 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
09:47:16.0611 3392 HidIr - ok
09:47:16.0658 3392 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
09:47:16.0658 3392 hidserv - ok
09:47:16.0783 3392 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:47:17.0360 3392 HidUsb - ok
09:47:17.0391 3392 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:47:17.0391 3392 hkmsvc - ok
09:47:17.0453 3392 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:47:17.0469 3392 HomeGroupListener - ok
09:47:17.0531 3392 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:47:17.0531 3392 HomeGroupProvider - ok
09:47:17.0656 3392 HP Health Check Service - ok
09:47:17.0797 3392 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
09:47:17.0797 3392 HP Wireless Assistant Service - ok
09:47:17.0859 3392 [ 881F74074963CDAD8C475D09DC3A0BB6 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:47:17.0859 3392 HPDrvMntSvc.exe - ok
09:47:17.0921 3392 [ FE51B163A618B1CBF015485D21C1BC68 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
09:47:17.0937 3392 hpqwmiex - ok
09:47:18.0062 3392 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
09:47:18.0062 3392 HpSAMD - ok
09:47:18.0280 3392 [ 5AA89E152634954E15E9DB265C6A8557 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:47:18.0280 3392 HPWMISVC - ok
09:47:18.0327 3392 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:47:18.0343 3392 HTTP - ok
09:47:18.0389 3392 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
09:47:18.0389 3392 hwpolicy - ok
09:47:18.0452 3392 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:47:18.0452 3392 i8042prt - ok
09:47:18.0623 3392 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
09:47:18.0623 3392 iaStor - ok
09:47:18.0764 3392 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
09:47:18.0779 3392 iaStorV - ok
09:47:18.0889 3392 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:47:18.0904 3392 idsvc - ok
09:47:19.0747 3392 [ C6238C6ABD6AC99F5D152DA4E9439A3D ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
09:47:19.0949 3392 igfx - ok
09:47:20.0043 3392 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
09:47:20.0043 3392 iirsp - ok
09:47:20.0105 3392 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
09:47:20.0105 3392 IKEEXT - ok
09:47:20.0371 3392 [ B88E24BD77A0CE2CFFEE2FACF1151BE0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
09:47:20.0386 3392 IntcAzAudAddService - ok
09:47:20.0464 3392 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
09:47:20.0464 3392 intelide - ok
09:47:20.0542 3392 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:47:20.0542 3392 intelppm - ok
09:47:20.0605 3392 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:47:20.0605 3392 IPBusEnum - ok
09:47:20.0651 3392 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:47:20.0667 3392 IpFilterDriver - ok
09:47:20.0698 3392 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:47:20.0714 3392 iphlpsvc - ok
09:47:20.0792 3392 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
09:47:20.0792 3392 IPMIDRV - ok
09:47:20.0839 3392 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
09:47:20.0854 3392 IPNAT - ok
09:47:20.0932 3392 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:47:20.0932 3392 IRENUM - ok
09:47:20.0963 3392 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:47:20.0963 3392 isapnp - ok
09:47:21.0073 3392 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
09:47:21.0073 3392 iScsiPrt - ok
09:47:21.0151 3392 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
09:47:21.0151 3392 kbdclass - ok
09:47:21.0213 3392 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
09:47:21.0213 3392 kbdhid - ok
09:47:21.0244 3392 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
09:47:21.0244 3392 KeyIso - ok
09:47:21.0307 3392 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:47:21.0307 3392 KSecDD - ok
09:47:21.0400 3392 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
09:47:21.0400 3392 KSecPkg - ok
09:47:21.0478 3392 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
09:47:21.0478 3392 ksthunk - ok
09:47:21.0541 3392 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:47:21.0541 3392 KtmRm - ok
09:47:21.0619 3392 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
09:47:21.0619 3392 LanmanServer - ok
09:47:21.0712 3392 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:47:21.0712 3392 LanmanWorkstation - ok
09:47:21.0837 3392 [ 7550D101BF49FDB1F92666A233EE36C4 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
09:47:21.0837 3392 LightScribeService - ok
09:47:21.0931 3392 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:47:21.0931 3392 lltdio - ok
09:47:21.0977 3392 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:47:21.0993 3392 lltdsvc - ok
09:47:21.0993 3392 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:47:21.0993 3392 lmhosts - ok
09:47:22.0071 3392 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
09:47:22.0071 3392 LSI_FC - ok
09:47:22.0118 3392 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
09:47:22.0118 3392 LSI_SAS - ok
09:47:22.0180 3392 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:47:22.0180 3392 LSI_SAS2 - ok
09:47:22.0258 3392 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:47:22.0258 3392 LSI_SCSI - ok
09:47:22.0321 3392 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:47:22.0336 3392 luafv - ok
09:47:22.0399 3392 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
09:47:22.0399 3392 Mcx2Svc - ok
09:47:22.0445 3392 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
09:47:22.0445 3392 megasas - ok
09:47:22.0461 3392 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
09:47:22.0461 3392 MegaSR - ok
09:47:22.0679 3392 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
09:47:22.0679 3392 Microsoft Office Groove Audit Service - ok
09:47:22.0757 3392 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
09:47:22.0757 3392 MMCSS - ok
09:47:22.0820 3392 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
09:47:22.0820 3392 Modem - ok
09:47:22.0882 3392 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:47:22.0882 3392 monitor - ok
09:47:22.0945 3392 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:47:22.0945 3392 mouclass - ok
09:47:23.0007 3392 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:47:23.0007 3392 mouhid - ok
09:47:23.0054 3392 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
09:47:23.0054 3392 mountmgr - ok
09:47:23.0303 3392 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:47:23.0397 3392 MozillaMaintenance - ok
09:47:23.0428 3392 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:47:23.0428 3392 mpio - ok
09:47:23.0459 3392 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:47:23.0475 3392 mpsdrv - ok
09:47:23.0740 3392 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:47:23.0771 3392 MpsSvc - ok
09:47:23.0865 3392 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:47:23.0865 3392 MRxDAV - ok
09:47:23.0943 3392 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:47:23.0959 3392 mrxsmb - ok
09:47:24.0021 3392 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:47:24.0037 3392 mrxsmb10 - ok
09:47:24.0115 3392 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:47:24.0115 3392 mrxsmb20 - ok
09:47:24.0255 3392 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:47:24.0255 3392 msahci - ok
09:47:24.0411 3392 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:47:24.0411 3392 msdsm - ok
09:47:24.0489 3392 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
09:47:24.0489 3392 MSDTC - ok
09:47:24.0551 3392 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:47:24.0551 3392 Msfs - ok
09:47:24.0645 3392 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
09:47:24.0645 3392 mshidkmdf - ok
09:47:24.0739 3392 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:47:24.0739 3392 msisadrv - ok
09:47:24.0739 3392 msiserver - ok
09:47:24.0801 3392 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:47:24.0817 3392 MSKSSRV - ok
09:47:24.0848 3392 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:47:24.0848 3392 MSPCLOCK - ok
09:47:24.0848 3392 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:47:24.0848 3392 MSPQM - ok
09:47:24.0957 3392 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:47:24.0957 3392 MsRPC - ok
09:47:25.0035 3392 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
09:47:25.0035 3392 mssmbios - ok
09:47:25.0129 3392 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:47:25.0129 3392 MSTEE - ok
09:47:25.0144 3392 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
09:47:25.0160 3392 MTConfig - ok
09:47:25.0222 3392 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:47:25.0238 3392 Mup - ok
09:47:25.0456 3392 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
09:47:25.0456 3392 napagent - ok
09:47:25.0519 3392 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:47:25.0519 3392 NativeWifiP - ok
09:47:25.0815 3392 [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:47:25.0831 3392 NDIS - ok
09:47:25.0955 3392 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
09:47:25.0955 3392 NdisCap - ok
09:47:26.0002 3392 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:47:26.0002 3392 NdisTapi - ok
09:47:26.0111 3392 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:47:26.0111 3392 Ndisuio - ok
09:47:26.0236 3392 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:47:26.0252 3392 NdisWan - ok
09:47:26.0345 3392 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:47:26.0345 3392 NDProxy - ok
09:47:26.0408 3392 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:47:26.0408 3392 NetBIOS - ok
09:47:26.0501 3392 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
09:47:26.0501 3392 NetBT - ok
09:47:26.0533 3392 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
09:47:26.0533 3392 Netlogon - ok
09:47:26.0845 3392 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
09:47:26.0845 3392 Netman - ok
09:47:27.0157 3392 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:47:27.0422 3392 NetMsmqActivator - ok
09:47:27.0640 3392 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:47:27.0640 3392 NetPipeActivator - ok
09:47:27.0859 3392 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
09:47:27.0874 3392 netprofm - ok
09:47:27.0999 3392 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:47:27.0999 3392 NetTcpActivator - ok
09:47:28.0015 3392 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:47:28.0015 3392 NetTcpPortSharing - ok
09:47:30.0089 3392 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
09:47:30.0230 3392 netw5v64 - ok
09:47:30.0355 3392 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
09:47:30.0370 3392 nfrd960 - ok
09:47:30.0557 3392 [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:47:30.0557 3392 NlaSvc - ok
09:47:30.0901 3392 [ 5839A8027D6D324A7CD494051A96628C ] NOBU            C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
09:47:30.0963 3392 NOBU - ok
09:47:31.0057 3392 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:47:31.0057 3392 Npfs - ok
09:47:31.0135 3392 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
09:47:31.0135 3392 nsi - ok
09:47:31.0181 3392 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:47:31.0181 3392 nsiproxy - ok
09:47:31.0774 3392 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:47:31.0790 3392 Ntfs - ok
09:47:31.0837 3392 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
09:47:31.0837 3392 Null - ok
09:47:31.0930 3392 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:47:31.0930 3392 nvraid - ok
09:47:32.0008 3392 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:47:32.0008 3392 nvstor - ok
09:47:32.0102 3392 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:47:32.0102 3392 nv_agp - ok
09:47:32.0492 3392 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:47:32.0492 3392 odserv - ok
09:47:32.0570 3392 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:47:32.0570 3392 ohci1394 - ok
09:47:32.0757 3392 [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:47:32.0757 3392 ose - ok
09:47:32.0929 3392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
09:47:32.0929 3392 p2pimsvc - ok
09:47:33.0131 3392 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:47:33.0147 3392 p2psvc - ok
09:47:33.0256 3392 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:47:33.0256 3392 Parport - ok
09:47:33.0365 3392 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:47:33.0365 3392 partmgr - ok
09:47:33.0506 3392 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:47:33.0506 3392 PcaSvc - ok
09:47:33.0584 3392 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
09:47:33.0584 3392 pci - ok
09:47:33.0662 3392 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
09:47:33.0662 3392 pciide - ok
09:47:33.0771 3392 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
09:47:33.0771 3392 pcmcia - ok
09:47:33.0896 3392 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
09:47:33.0896 3392 pcw - ok
09:47:34.0130 3392 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:47:34.0145 3392 PEAUTH - ok
09:47:39.0730 3392 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
09:47:39.0746 3392 PerfHost - ok
09:47:40.0370 3392 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
09:47:40.0385 3392 pla - ok
09:47:40.0635 3392 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:47:40.0635 3392 PlugPlay - ok
09:47:40.0682 3392 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
09:47:40.0682 3392 PNRPAutoReg - ok
09:47:40.0838 3392 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
09:47:40.0838 3392 PNRPsvc - ok
09:47:41.0103 3392 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:47:41.0119 3392 PolicyAgent - ok
09:47:41.0275 3392 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
09:47:41.0275 3392 Power - ok
09:47:41.0431 3392 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:47:41.0446 3392 PptpMiniport - ok
09:47:41.0540 3392 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
09:47:41.0555 3392 Processor - ok
09:47:41.0696 3392 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:47:41.0696 3392 ProfSvc - ok
09:47:41.0727 3392 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:47:41.0727 3392 ProtectedStorage - ok
09:47:41.0852 3392 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
09:47:41.0852 3392 Psched - ok
09:47:42.0491 3392 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
09:47:42.0507 3392 ql2300 - ok
09:47:42.0601 3392 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
09:47:42.0601 3392 ql40xx - ok
09:47:42.0694 3392 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
09:47:42.0694 3392 QWAVE - ok
09:47:42.0772 3392 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:47:42.0772 3392 QWAVEdrv - ok
09:47:42.0803 3392 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:47:42.0803 3392 RasAcd - ok
09:47:42.0866 3392 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
09:47:42.0866 3392 RasAgileVpn - ok
09:47:42.0928 3392 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
09:47:42.0928 3392 RasAuto - ok
09:47:43.0037 3392 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:47:43.0037 3392 Rasl2tp - ok
09:47:43.0256 3392 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
09:47:43.0271 3392 RasMan - ok
09:47:43.0318 3392 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:47:43.0318 3392 RasPppoe - ok
09:47:43.0396 3392 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:47:43.0396 3392 RasSstp - ok
09:47:43.0459 3392 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:47:43.0474 3392 rdbss - ok
09:47:43.0505 3392 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
09:47:43.0505 3392 rdpbus - ok
09:47:43.0521 3392 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:47:43.0521 3392 RDPCDD - ok
09:47:43.0552 3392 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:47:43.0568 3392 RDPENCDD - ok
09:47:43.0583 3392 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
09:47:43.0583 3392 RDPREFMP - ok
09:47:43.0661 3392 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
09:47:43.0677 3392 RdpVideoMiniport - ok
09:47:43.0724 3392 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:47:43.0739 3392 RDPWD - ok
09:47:43.0817 3392 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
09:47:43.0817 3392 rdyboost - ok
09:47:43.0880 3392 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:47:43.0880 3392 RemoteAccess - ok
09:47:43.0973 3392 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:47:43.0973 3392 RemoteRegistry - ok
09:47:44.0051 3392 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
09:47:44.0051 3392 RpcEptMapper - ok
09:47:44.0083 3392 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
09:47:44.0083 3392 RpcLocator - ok
09:47:44.0129 3392 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
09:47:44.0129 3392 RpcSs - ok
09:47:44.0192 3392 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:47:44.0207 3392 rspndr - ok
09:47:44.0473 3392 [ 22D6B47D004A6568C500680BE2972854 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
09:47:44.0473 3392 RSUSBSTOR - ok
09:47:44.0800 3392 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
09:47:44.0800 3392 RTL8167 - ok
09:47:45.0237 3392 [ CE594045B2969F5FC3F77B824629AC7F ] rtl8192se       C:\Windows\system32\DRIVERS\rtl8192se.sys
09:47:45.0253 3392 rtl8192se - ok
09:47:45.0440 3392 [ 5FFF3E71B4724BB10918FD6DD7413D99 ] RtVOsdService   C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
09:47:45.0440 3392 RtVOsdService - ok
09:47:45.0487 3392 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
09:47:45.0502 3392 SamSs - ok
09:47:45.0580 3392 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:47:45.0580 3392 sbp2port - ok
09:47:45.0721 3392 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:47:45.0721 3392 SCardSvr - ok
09:47:45.0783 3392 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
09:47:45.0783 3392 scfilter - ok
09:47:45.0845 3392 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:47:45.0845 3392 SCPolicySvc - ok
09:47:45.0939 3392 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
09:47:45.0939 3392 sdbus - ok
09:47:45.0970 3392 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:47:45.0970 3392 SDRSVC - ok
09:47:46.0033 3392 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:47:46.0048 3392 secdrv - ok
09:47:46.0095 3392 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
09:47:46.0095 3392 seclogon - ok
09:47:46.0173 3392 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
09:47:46.0189 3392 SENS - ok
09:47:46.0251 3392 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
09:47:46.0251 3392 SensrSvc - ok
09:47:46.0298 3392 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:47:46.0298 3392 Serenum - ok
09:47:46.0329 3392 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:47:46.0329 3392 Serial - ok
09:47:46.0376 3392 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
09:47:46.0376 3392 sermouse - ok
09:47:46.0469 3392 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:47:46.0469 3392 sffdisk - ok
09:47:46.0516 3392 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:47:46.0516 3392 sffp_mmc - ok
09:47:46.0563 3392 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:47:46.0563 3392 sffp_sd - ok
09:47:46.0594 3392 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
09:47:46.0594 3392 sfloppy - ok
09:47:46.0688 3392 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:47:46.0688 3392 SharedAccess - ok
09:47:46.0859 3392 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:47:46.0859 3392 ShellHWDetection - ok
09:47:46.0953 3392 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:47:46.0969 3392 SiSRaid2 - ok
09:47:47.0047 3392 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
09:47:47.0047 3392 SiSRaid4 - ok
09:47:47.0109 3392 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:47:47.0125 3392 Smb - ok
09:47:47.0187 3392 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:47:47.0187 3392 SNMPTRAP - ok
09:47:47.0234 3392 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:47:47.0234 3392 spldr - ok
09:47:47.0483 3392 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
09:47:47.0483 3392 Spooler - ok
09:47:47.0905 3392 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
09:47:47.0983 3392 sppsvc - ok
09:47:48.0061 3392 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
09:47:48.0061 3392 sppuinotify - ok
09:47:48.0123 3392 sptd - ok
09:47:48.0248 3392 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:47:48.0263 3392 srv - ok
09:47:48.0357 3392 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:47:48.0357 3392 srv2 - ok
09:47:48.0482 3392 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:47:48.0497 3392 SrvHsfHDA - ok
09:47:48.0731 3392 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:47:48.0747 3392 SrvHsfV92 - ok
09:47:48.0809 3392 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:47:48.0825 3392 SrvHsfWinac - ok
09:47:48.0903 3392 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:47:48.0903 3392 srvnet - ok
09:47:48.0997 3392 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:47:49.0012 3392 SSDPSRV - ok
09:47:49.0059 3392 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:47:49.0059 3392 SstpSvc - ok
09:47:49.0184 3392 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
09:47:49.0199 3392 StarWindServiceAE - ok
09:47:49.0231 3392 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
09:47:49.0231 3392 stexstor - ok
09:47:49.0387 3392 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
09:47:49.0402 3392 stisvc - ok
09:47:49.0480 3392 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
09:47:49.0480 3392 swenum - ok
09:47:49.0605 3392 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
09:47:49.0621 3392 swprv - ok
09:47:50.0026 3392 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
09:47:50.0026 3392 SynTP - ok
09:47:50.0666 3392 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
09:47:50.0697 3392 SysMain - ok
09:47:50.0822 3392 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:47:50.0822 3392 TabletInputService - ok
09:47:50.0962 3392 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:47:50.0978 3392 TapiSrv - ok
09:47:51.0040 3392 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
09:47:51.0040 3392 TBS - ok
09:47:51.0524 3392 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:47:51.0555 3392 Tcpip - ok
09:47:51.0602 3392 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
09:47:51.0617 3392 TCPIP6 - ok
09:47:51.0727 3392 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:47:51.0727 3392 tcpipreg - ok
09:47:51.0836 3392 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:47:51.0836 3392 TDPIPE - ok
09:47:51.0945 3392 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:47:51.0945 3392 TDTCP - ok
09:47:52.0085 3392 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:47:52.0101 3392 tdx - ok
09:47:52.0179 3392 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
09:47:52.0179 3392 TermDD - ok
09:47:52.0444 3392 [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
09:47:52.0460 3392 TermService - ok
09:47:52.0553 3392 [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
09:47:52.0553 3392 Themes - ok
09:47:52.0647 3392 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
09:47:52.0663 3392 THREADORDER - ok
09:47:52.0803 3392 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
09:47:52.0803 3392 TrkWks - ok
09:47:53.0006 3392 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:47:53.0006 3392 TrustedInstaller - ok
09:47:53.0099 3392 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:47:53.0099 3392 tssecsrv - ok
09:47:53.0271 3392 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
09:47:53.0271 3392 TsUsbFlt - ok
09:47:53.0365 3392 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:47:53.0380 3392 tunnel - ok
09:47:53.0474 3392 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
09:47:53.0474 3392 uagp35 - ok
09:47:53.0630 3392 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:47:53.0645 3392 udfs - ok
09:47:53.0723 3392 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:47:53.0723 3392 UI0Detect - ok
09:47:53.0755 3392 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:47:53.0755 3392 uliagpkx - ok
09:47:53.0879 3392 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
09:47:53.0879 3392 umbus - ok
09:47:53.0973 3392 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
09:47:53.0973 3392 UmPass - ok
09:47:54.0067 3392 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
09:47:54.0082 3392 upnphost - ok
09:47:54.0176 3392 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
09:47:54.0176 3392 usbccgp - ok
09:47:54.0238 3392 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:47:54.0238 3392 usbcir - ok
09:47:54.0316 3392 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
09:47:54.0316 3392 usbehci - ok
09:47:54.0488 3392 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:47:54.0503 3392 usbhub - ok
09:47:54.0613 3392 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
09:47:54.0613 3392 usbohci - ok
09:47:54.0691 3392 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
09:47:54.0691 3392 usbprint - ok
09:47:54.0769 3392 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:47:54.0769 3392 USBSTOR - ok
09:47:54.0847 3392 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
09:47:54.0847 3392 usbuhci - ok
09:47:54.0909 3392 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
09:47:54.0909 3392 UxSms - ok
09:47:54.0940 3392 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
09:47:54.0940 3392 VaultSvc - ok
09:47:55.0018 3392 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
09:47:55.0018 3392 vdrvroot - ok
09:47:55.0268 3392 [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
09:47:55.0283 3392 vds - ok
09:47:55.0361 3392 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:47:55.0361 3392 vga - ok
09:47:55.0471 3392 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:47:55.0471 3392 VgaSave - ok
09:47:55.0611 3392 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
09:47:55.0611 3392 vhdmp - ok
09:47:55.0720 3392 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
09:47:55.0720 3392 viaide - ok
09:47:55.0767 3392 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:47:55.0767 3392 volmgr - ok
09:47:56.0001 3392 [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:47:56.0001 3392 volmgrx - ok
09:47:56.0141 3392 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:47:56.0157 3392 volsnap - ok
09:47:56.0235 3392 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
09:47:56.0235 3392 vsmraid - ok
09:47:56.0422 3392 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
09:47:56.0438 3392 VSS - ok
09:47:56.0485 3392 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
09:47:56.0485 3392 vwifibus - ok
09:47:56.0531 3392 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
09:47:56.0531 3392 vwififlt - ok
09:47:56.0578 3392 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
09:47:56.0578 3392 W32Time - ok
09:47:56.0625 3392 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
09:47:56.0625 3392 WacomPen - ok
09:47:56.0687 3392 [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
09:47:56.0687 3392 WANARP - ok
09:47:56.0703 3392 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:47:56.0703 3392 Wanarpv6 - ok
09:47:56.0953 3392 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
09:47:57.0031 3392 WatAdminSvc - ok
09:47:57.0514 3392 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
09:47:57.0577 3392 wbengine - ok
09:47:57.0701 3392 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
09:47:57.0701 3392 WbioSrvc - ok
09:47:57.0764 3392 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:47:57.0764 3392 wcncsvc - ok
09:47:57.0811 3392 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:47:57.0811 3392 WcsPlugInService - ok
09:47:57.0889 3392 [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
09:47:57.0889 3392 Wd - ok
09:47:58.0232 3392 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:47:58.0232 3392 Wdf01000 - ok
09:47:58.0325 3392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:47:58.0325 3392 WdiServiceHost - ok
09:47:58.0325 3392 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:47:58.0341 3392 WdiSystemHost - ok
09:47:58.0450 3392 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
09:47:58.0450 3392 WebClient - ok
09:47:58.0559 3392 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:47:58.0559 3392 Wecsvc - ok
09:47:58.0591 3392 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:47:58.0591 3392 wercplsupport - ok
09:47:58.0684 3392 [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:47:58.0684 3392 WerSvc - ok
09:47:58.0871 3392 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
09:47:58.0871 3392 WfpLwf - ok
09:47:58.0934 3392 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
09:47:58.0934 3392 WIMMount - ok
09:47:58.0965 3392 WinDefend - ok
09:47:59.0074 3392 WinHttpAutoProxySvc - ok
09:47:59.0729 3392 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:47:59.0729 3392 Winmgmt - ok
09:47:59.0932 3392 [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
09:48:00.0010 3392 WinRM - ok
09:48:00.0353 3392 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:48:00.0369 3392 Wlansvc - ok
09:48:01.0399 3392 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:48:01.0430 3392 wlidsvc - ok
09:48:01.0508 3392 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
09:48:01.0508 3392 WmiAcpi - ok
09:48:01.0601 3392 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:48:01.0617 3392 wmiApSrv - ok
09:48:01.0664 3392 WMPNetworkSvc - ok
09:48:01.0695 3392 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
09:48:01.0711 3392 WPCSvc - ok
09:48:01.0742 3392 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:48:01.0742 3392 WPDBusEnum - ok
09:48:01.0789 3392 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:48:01.0789 3392 ws2ifsl - ok
09:48:01.0835 3392 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
09:48:01.0835 3392 wscsvc - ok
09:48:01.0851 3392 WSearch - ok
09:48:01.0991 3392 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:48:02.0038 3392 wuauserv - ok
09:48:02.0132 3392 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
09:48:02.0132 3392 WudfPf - ok
09:48:02.0210 3392 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:48:02.0210 3392 WUDFRd - ok
09:48:02.0257 3392 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:48:02.0272 3392 wudfsvc - ok
09:48:02.0319 3392 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
09:48:02.0319 3392 WwanSvc - ok
09:48:02.0491 3392 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
09:48:02.0506 3392 yukonw7 - ok
09:48:02.0522 3392 ================ Scan global ===============================
09:48:02.0584 3392 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
09:48:02.0678 3392 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:48:02.0693 3392 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
09:48:02.0725 3392 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
09:48:02.0771 3392 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
09:48:02.0771 3392 [Global] - ok
09:48:02.0787 3392 ================ Scan MBR ==================================
09:48:02.0834 3392 [ 8FFBB27037B29E6FBFC4EB4FBD8C137E ] \Device\Harddisk0\DR0
09:48:03.0583 3392 \Device\Harddisk0\DR0 - ok
09:48:03.0583 3392 ================ Scan VBR ==================================
09:48:03.0598 3392 [ D9FCA81CEC84F632FBCB259EEF3BB846 ] \Device\Harddisk0\DR0\Partition1
09:48:03.0614 3392 \Device\Harddisk0\DR0\Partition1 - ok
09:48:03.0629 3392 [ 2A3C115F434EFA736AFB940118AF559B ] \Device\Harddisk0\DR0\Partition2
09:48:03.0629 3392 \Device\Harddisk0\DR0\Partition2 - ok
09:48:03.0676 3392 [ B69FF9C87E4C4F5679DE66A1C66EC66A ] \Device\Harddisk0\DR0\Partition3
09:48:03.0676 3392 \Device\Harddisk0\DR0\Partition3 - ok
09:48:03.0739 3392 [ C2DB7380F537C3DF455B0F7D0021B65F ] \Device\Harddisk0\DR0\Partition4
09:48:03.0739 3392 \Device\Harddisk0\DR0\Partition4 - ok
09:48:03.0739 3392 ============================================================
09:48:03.0739 3392 Scan finished
09:48:03.0739 3392 ============================================================
09:48:03.0754 2248 Detected object count: 0
09:48:03.0754 2248 Actual detected object count: 0
09:48:43.0690 3848 Deinitialize success

orreso · June 18, 2013

the files in Qoobox are labeled as rasauto.dll.vir and qmgr.dll.vir for further clarification. quarantined in Qoobox/Quarantine/C/Windows/System32

Larusso · June 18, 2013

Please post the C:\QooBox\ComboFix-quarantined-files.txt

orreso · June 19, 2013

Combofix-Quarantined-files.txt below:

2013-06-09 21:29:48 . 2013-06-09 21:29:48                0 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-06-09 21:28:34 . 2013-06-09 21:28:34               80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat
2013-06-09 21:28:20 . 2013-06-09 21:28:20              176 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-HPAdvisorDock.reg.dat
2013-06-09 21:28:18 . 2013-06-09 21:28:18              118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03}.reg.dat
2013-06-08 18:53:56 . 2013-06-08 18:53:56            6,196 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_wuauserv.reg.dat
2013-06-08 18:53:56 . 2013-06-08 18:53:56            2,626 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Winmgmt.reg.dat
2013-06-08 18:53:56 . 2013-06-08 18:53:56            5,826 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SessionEnv.reg.dat
2013-06-08 18:53:56 . 2013-06-08 18:53:56            6,148 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_Schedule.reg.dat
2013-06-08 18:53:56 . 2013-06-08 18:53:56            4,396 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_MSiSCSI.reg.dat
2013-06-08 18:53:56 . 2013-06-08 18:53:56            4,292 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_AudioSrv.reg.dat
2013-06-08 18:53:06 . 2013-06-17 17:20:22            6,671 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-06-08 18:40:16 . 2013-06-17 17:10:35              286 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-07-27 05:40:42 . 2010-11-20 13:27:23          849,920 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\qmgr.dll.vir
2009-07-14 00:10:11 . 2009-07-14 01:41:53           99,328 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\rasauto.dll.vir

Larusso · June 20, 2013

Please run OTL.exe.

Under the box paste this in

/md5start

rasouto.dll

qmgr.dll

/md5stop

Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will create a logfile ( OTL.txt ). This is saved in the same location as OTL.

Please post this in your next reply.

orreso · June 20, 2013

OTL.txt below

OTL logfile created on: 6/20/2013 9:46:27 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Andrew Nassen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 54.01% Memory free
5.86 Gb Paging File | 4.52 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.54 Gb Total Space | 30.31 Gb Free Space | 10.80% Space Free | Partition Type: NTFS
Drive D: | 17.25 Gb Total Space | 2.50 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: ANDREWNASSEN | User Name: Andrew Nassen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/11 15:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew Nassen\Desktop\OTL.exe
PRC - [2013/05/23 22:06:35 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 18:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/23 22:06:35 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/05/19 11:05:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/05/19 11:05:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/05/19 11:05:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/06/18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/04/19 19:55:18 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 22:06:35 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 23:11:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/05 08:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010/06/29 19:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 02:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/03 16:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 14:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/08 02:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/02 13:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/07 12:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/13 10:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B6BEA886-7A74-4BF1-9350-F1F780E4B715}
IE:64bit: - HKLM\..\SearchScopes\{65D06065-C4CE-4398-A2A8-731F1F7555A9}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE:64bit: - HKLM\..\SearchScopes\{892D8090-0E4C-4EAA-A471-CC9E611A440A}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{B6BEA886-7A74-4BF1-9350-F1F780E4B715}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{CFCB3FA0-CC49-4636-B9DE-35BA0E771C79}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {B6BEA886-7A74-4BF1-9350-F1F780E4B715}
IE - HKLM\..\SearchScopes\{65D06065-C4CE-4398-A2A8-731F1F7555A9}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{892D8090-0E4C-4EAA-A471-CC9E611A440A}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{B6BEA886-7A74-4BF1-9350-F1F780E4B715}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{CFCB3FA0-CC49-4636-B9DE-35BA0E771C79}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{65D06065-C4CE-4398-A2A8-731F1F7555A9}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKCU\..\SearchScopes\{892D8090-0E4C-4EAA-A471-CC9E611A440A}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{B6BEA886-7A74-4BF1-9350-F1F780E4B715}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{CFCB3FA0-CC49-4636-B9DE-35BA0E771C79}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
IE - HKCU\..\SearchScopes\{EF8CC1FB-9622-4F3E-AE9F-BC9267EBF2C7}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7BFF2FA6A4-B3B1-11DD-B910-6C9A55D89593%7D:0.46
FF - prefs.js..extensions.enabledAddons: pterodactl%40zenlunatics.com:0.9.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Andrew Nassen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/26 20:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Extensions
[2013/05/08 22:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\extensions
[2013/01/23 20:43:14 | 000,000,000 | ---D | M] (Bazzacuda Image Saver Plus) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593}
[2012/07/04 02:23:43 | 000,000,000 | ---D | M] (ExHentai Easy) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\extensions\jid0-db0owQRjcx0mRj5LBNH2MHAwEkc@jetpack
[2013/04/02 18:53:27 | 000,000,000 | ---D | M] (Pterodactl) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\extensions\pterodactl@zenlunatics.com
[2012/12/05 21:59:10 | 000,676,098 | ---- | M] () (No name found) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\extensions\jid0-0PGffAcVvhUBieFYkRVVc5w6lIU@jetpack.xpi
[2013/05/08 22:28:49 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/05/23 22:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/23 22:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/05/23 22:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/05/23 22:06:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/05/23 22:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/23 22:06:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: uTorrentControl2 = C:\Users\Andrew Nassen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.19.11_0\

O1 HOSTS File: ([2013/06/17 10:26:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C14D4070-E15C-4787-9ABE-B28AA2E2827E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/18 09:45:55 | 002,240,864 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Andrew Nassen\Desktop\tdsskiller.exe
[2013/06/17 10:27:03 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/17 10:24:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/17 10:09:14 | 005,079,999 | R--- | C] (Swearware) -- C:\Users\Andrew Nassen\Desktop\ComboFix.exe
[2013/06/15 13:21:19 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/06/15 13:19:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/06/15 12:18:39 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/06/15 12:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/06/15 12:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/06/13 14:25:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/12 16:25:23 | 000,355,651 | ---- | C] (Farbar) -- C:\Users\Andrew Nassen\Desktop\FSS.exe
[2013/06/11 15:30:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Andrew Nassen\Desktop\OTL.exe
[2013/06/09 10:20:44 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/08 18:20:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\mbar-1.06.0.1003
[2013/06/08 13:30:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/08 11:58:56 | 000,000,000 | ---D | C] -- C:\Device
[2013/06/08 11:40:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/08 11:40:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/08 11:40:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/08 11:33:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/08 11:32:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/08 09:00:04 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Andrew Nassen\Desktop\dds.scr
[2013/06/05 19:33:21 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\Pokemon Emerald
[2013/06/05 19:33:07 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\Pokemon SoulSilver
[2013/06/05 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\Pokemon Yellow
[2013/06/05 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\VisualBoyAdvance-1.8.0-beta3
[2013/06/05 19:33:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\desmume-0.9.9-win32
[2013/06/05 19:33:00 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\UPRandomizer-120a
[2013/06/05 19:32:05 | 000,000,000 | ---D | C] -- C:\Users\Andrew Nassen\Desktop\pb2-us-fixed
[2013/05/23 22:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013/06/20 09:25:37 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/20 09:25:37 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/20 09:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/20 09:20:12 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/18 09:46:05 | 002,240,864 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Andrew Nassen\Desktop\tdsskiller.exe
[2013/06/17 10:26:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/17 10:09:34 | 005,079,999 | R--- | M] (Swearware) -- C:\Users\Andrew Nassen\Desktop\ComboFix.exe
[2013/06/15 17:33:27 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/15 17:33:27 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/15 17:33:27 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/15 13:19:54 | 000,436,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/15 13:18:32 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/06/15 12:18:13 | 000,002,129 | ---- | M] () -- C:\Users\Andrew Nassen\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/06/15 12:16:21 | 005,555,190 | ---- | M] () -- C:\Users\Andrew Nassen\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/06/12 16:25:30 | 000,355,651 | ---- | M] (Farbar) -- C:\Users\Andrew Nassen\Desktop\FSS.exe
[2013/06/11 15:30:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew Nassen\Desktop\OTL.exe
[2013/06/10 16:23:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_663
[2013/06/08 18:19:38 | 013,169,742 | ---- | M] () -- C:\Users\Andrew Nassen\Desktop\mbar-1.06.0.1003.zip
[2013/06/08 11:27:40 | 000,000,216 | ---- | M] () -- C:\Users\Andrew Nassen\defogger_reenable
[2013/06/08 11:27:19 | 000,050,477 | ---- | M] () -- C:\Users\Andrew Nassen\Desktop\Defogger.exe
[2013/06/08 11:10:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/08 11:08:07 | 000,377,856 | ---- | M] () -- C:\Users\Andrew Nassen\Desktop\xsu6f18h.exe
[2013/06/08 09:00:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Andrew Nassen\Desktop\dds.scr
[2013/05/28 18:43:27 | 003,926,160 | ---- | M] () -- C:\Users\Andrew Nassen\Desktop\83gb.pdf

========== Files Created - No Company Name ==========

[2013/06/15 12:18:13 | 000,002,129 | ---- | C] () -- C:\Users\Andrew Nassen\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/06/15 12:16:17 | 005,555,190 | ---- | C] () -- C:\Users\Andrew Nassen\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/06/08 18:18:38 | 013,169,742 | ---- | C] () -- C:\Users\Andrew Nassen\Desktop\mbar-1.06.0.1003.zip
[2013/06/08 12:25:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/08 11:40:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/08 11:40:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/08 11:40:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/08 11:40:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/08 11:27:40 | 000,000,216 | ---- | C] () -- C:\Users\Andrew Nassen\defogger_reenable
[2013/06/08 11:27:18 | 000,050,477 | ---- | C] () -- C:\Users\Andrew Nassen\Desktop\Defogger.exe
[2013/06/08 11:08:02 | 000,377,856 | ---- | C] () -- C:\Users\Andrew Nassen\Desktop\xsu6f18h.exe
[2013/05/28 18:43:25 | 003,926,160 | ---- | C] () -- C:\Users\Andrew Nassen\Desktop\83gb.pdf
[2013/04/24 20:56:37 | 000,764,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/29 23:02:15 | 000,000,018 | ---- | C] () -- C:\Windows\cnc.ini
[2011/06/24 13:38:34 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/06/24 13:38:34 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/06 21:26:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\Audacity
[2012/05/02 19:52:18 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\LolClient
[2012/05/24 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\LolClient2
[2012/12/03 21:33:51 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\Mumble
[2012/03/29 19:45:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\RenPy
[2012/03/19 22:34:47 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\RotMG.Production
[2013/05/12 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\SYSTEMAX Software Development
[2012/07/28 21:43:53 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\SystemRequirementsLab
[2013/06/08 00:33:04 | 000,000,000 | ---D | M] -- C:\Users\Andrew Nassen\AppData\Roaming\TS3Client

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: QMGR.DLL >
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 06:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 18:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RASAUTO.DLL >
[2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) MD5=8F26510C5383B8DBE976DE1CD00FC8C7 -- C:\Windows\SysNative\rasauto.dll
[2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) MD5=8F26510C5383B8DBE976DE1CD00FC8C7 -- C:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasauto.dll

< End of report >

Larusso · June 21, 2013

Open notepad and copy/paste the text in the Code-box below into it:

FCopy::C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll | C:\Windows\SysNative\qmgr.dllC:\Windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasauto.dll | C:\Windows\SysNative\rasauto.dllFile::C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

Save this as CFScript.txt, in the same location as ComboFix.exe.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

orreso · June 21, 2013

Combofix.txt below:

ComboFix 13-06-21.02 - Andrew Nassen 1/2013 Fri   8:49.5.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.3003.2060 [GMT -7:00]
Running from: c:\users\Andrew Nassen\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrew Nassen\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0"
"c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
c:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll --> c:\windows\system32\qmgr.dll
c:\windows\winsxs\amd64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_6bcef05d7f04260a\rasauto.dll --> c:\windows\system32\rasauto.dll
.
(((((((((((((((((((((((((   Files Created from 2013-05-21 to 2013-06-21 )))))))))))))))))))))))))))))))
.
.
2013-06-21 15:59 . 2013-06-21 15:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-06-21 15:42 . 2013-06-21 15:42   76232   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A593400-4B14-4A5C-94E4-132AD64B665D}\offreg.dll
2013-06-21 05:51 . 2013-06-12 03:08   9552976   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A593400-4B14-4A5C-94E4-132AD64B665D}\mpengine.dll
2013-06-19 17:39 . 2013-06-13 04:47   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-15 20:19 . 2013-06-16 07:17   --------   d-----w-   c:\windows\system32\catroot2
2013-06-15 20:13 . 2013-06-15 20:14   --------   d-----w-   c:\windows\SysWow64\wbem\Performance
2013-06-15 19:18 . 2013-06-15 20:18   181064   ----a-w-   c:\windows\PSEXESVC.EXE
2013-06-15 19:18 . 2013-06-15 19:18   --------   d-----w-   c:\program files (x86)\Tweaking.com
2013-06-13 21:25 . 2013-06-13 21:25   --------   d-----w-   C:\_OTL
2013-06-12 23:04 . 2013-05-08 06:39   1910632   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-06-12 23:03 . 2013-04-25 23:30   1505280   ----a-w-   c:\windows\SysWow64\d3d11.dll
2013-06-12 23:03 . 2013-03-31 22:52   1887232   ----a-w-   c:\windows\system32\d3d11.dll
2013-06-09 17:20 . 2013-06-09 17:20   --------   d-----w-   C:\FRST
2013-06-08 20:30 . 2013-06-09 04:54   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-08 18:58 . 2013-06-08 18:58   --------   d-----w-   C:\Device
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 05:43 . 2011-08-01 18:28   75825640   ----a-w-   c:\windows\system32\MRT.exe
2013-06-13 04:48 . 2012-06-27 07:38   867240   ----a-w-   c:\windows\SysWow64\npdeployJava1.dll
2013-06-13 04:48 . 2010-07-14 18:28   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-05-15 06:11 . 2012-04-03 22:33   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 06:11 . 2011-07-27 03:39   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 09:06 . 2011-07-27 03:39   278800   ------w-   c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 03:42   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 03:42   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 03:42   308736   ----a-w-   c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 03:42   111104   ----a-w-   c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 03:42   474624   ----a-w-   c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 03:42   2176512   ----a-w-   c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 04:16   1656680   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-16 03:42   265064   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 03:42   983400   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 03:42   3153920   ----a-w-   c:\windows\system32\win32k.sys
2013-04-05 08:02 . 2013-04-05 08:02   73728   ----a-w-   c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 08:02 . 2013-04-05 08:02   719360   ----a-w-   c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 08:02 . 2013-04-05 08:02   61952   ----a-w-   c:\windows\SysWow64\tdc.ocx
2013-04-05 08:02 . 2013-04-05 08:02   523264   ----a-w-   c:\windows\SysWow64\vbscript.dll
2013-04-05 08:02 . 2013-04-05 08:02   48640   ----a-w-   c:\windows\SysWow64\mshtmler.dll
2013-04-05 08:02 . 2013-04-05 08:02   38400   ----a-w-   c:\windows\SysWow64\imgutil.dll
2013-04-05 08:02 . 2013-04-05 08:02   361984   ----a-w-   c:\windows\SysWow64\html.iec
2013-04-05 08:02 . 2013-04-05 08:02   226304   ----a-w-   c:\windows\system32\elshyph.dll
2013-04-05 08:02 . 2013-04-05 08:02   185344   ----a-w-   c:\windows\SysWow64\elshyph.dll
2013-04-05 08:02 . 2013-04-05 08:02   158720   ----a-w-   c:\windows\SysWow64\msls31.dll
2013-04-05 08:02 . 2013-04-05 08:02   150528   ----a-w-   c:\windows\SysWow64\iexpress.exe
2013-04-05 08:02 . 2013-04-05 08:02   138752   ----a-w-   c:\windows\SysWow64\wextract.exe
2013-04-05 08:02 . 2013-04-05 08:02   137216   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2013-04-05 08:02 . 2013-04-05 08:02   12800   ----a-w-   c:\windows\SysWow64\mshta.exe
2013-04-05 08:02 . 2013-04-05 08:02   110592   ----a-w-   c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 08:02 . 2013-04-05 08:02   1054720   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 08:02 . 2013-04-05 08:02   97280   ----a-w-   c:\windows\system32\mshtmled.dll
2013-04-05 08:02 . 2013-04-05 08:02   92160   ----a-w-   c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 08:02 . 2013-04-05 08:02   905728   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2013-04-05 08:02 . 2013-04-05 08:02   81408   ----a-w-   c:\windows\system32\icardie.dll
2013-04-05 08:02 . 2013-04-05 08:02   77312   ----a-w-   c:\windows\system32\tdc.ocx
2013-04-05 08:02 . 2013-04-05 08:02   762368   ----a-w-   c:\windows\system32\ieapfltr.dll
2013-04-05 08:02 . 2013-04-05 08:02   62976   ----a-w-   c:\windows\system32\pngfilt.dll
2013-04-05 08:02 . 2013-04-05 08:02   599552   ----a-w-   c:\windows\system32\vbscript.dll
2013-04-05 08:02 . 2013-04-05 08:02   52224   ----a-w-   c:\windows\system32\msfeedsbs.dll
2013-04-05 08:02 . 2013-04-05 08:02   51200   ----a-w-   c:\windows\system32\imgutil.dll
2013-04-05 08:02 . 2013-04-05 08:02   48640   ----a-w-   c:\windows\system32\mshtmler.dll
2013-04-05 08:02 . 2013-04-05 08:02   452096   ----a-w-   c:\windows\system32\dxtmsft.dll
2013-04-05 08:02 . 2013-04-05 08:02   441856   ----a-w-   c:\windows\system32\html.iec
2013-04-05 08:02 . 2013-04-05 08:02   281600   ----a-w-   c:\windows\system32\dxtrans.dll
2013-04-05 08:02 . 2013-04-05 08:02   27648   ----a-w-   c:\windows\system32\licmgr10.dll
2013-04-05 08:02 . 2013-04-05 08:02   270848   ----a-w-   c:\windows\system32\iedkcs32.dll
2013-04-05 08:02 . 2013-04-05 08:02   247296   ----a-w-   c:\windows\system32\webcheck.dll
2013-04-05 08:02 . 2013-04-05 08:02   235008   ----a-w-   c:\windows\system32\url.dll
2013-04-05 08:02 . 2013-04-05 08:02   23040   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2013-04-05 08:02 . 2013-04-05 08:02   216064   ----a-w-   c:\windows\system32\msls31.dll
2013-04-05 08:02 . 2013-04-05 08:02   197120   ----a-w-   c:\windows\system32\msrating.dll
2013-04-05 08:02 . 2013-04-05 08:02   173568   ----a-w-   c:\windows\system32\ieUnatt.exe
2013-04-05 08:02 . 2013-04-05 08:02   167424   ----a-w-   c:\windows\system32\iexpress.exe
2013-04-05 08:02 . 2013-04-05 08:02   1509376   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-04-05 08:02 . 2013-04-05 08:02   149504   ----a-w-   c:\windows\system32\occache.dll
2013-04-05 08:02 . 2013-04-05 08:02   144896   ----a-w-   c:\windows\system32\wextract.exe
2013-04-05 08:02 . 2013-04-05 08:02   1441280   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2013-04-05 08:02 . 2013-04-05 08:02   1400416   ----a-w-   c:\windows\system32\ieapfltr.dat
2013-04-05 08:02 . 2013-04-05 08:02   13824   ----a-w-   c:\windows\system32\mshta.exe
2013-04-05 08:02 . 2013-04-05 08:02   136192   ----a-w-   c:\windows\system32\iepeers.dll
2013-04-05 08:02 . 2013-04-05 08:02   135680   ----a-w-   c:\windows\system32\IEAdvpack.dll
2013-04-05 08:02 . 2013-04-05 08:02   12800   ----a-w-   c:\windows\system32\msfeedssync.exe
2013-04-05 08:02 . 2013-04-05 08:02   102912   ----a-w-   c:\windows\system32\inseng.dll
2013-04-05 08:01 . 2013-04-05 08:01   9728   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   648192   ----a-w-   c:\windows\system32\d3d10level9.dll
2013-04-05 08:01 . 2013-04-05 08:01   604160   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2013-04-05 08:01 . 2013-04-05 08:01   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   5632   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   5632   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   522752   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2013-04-05 08:01 . 2013-04-05 08:01   465920   ----a-w-   c:\windows\system32\WMPhoto.dll
2013-04-05 08:01 . 2013-04-05 08:01   417792   ----a-w-   c:\windows\SysWow64\WMPhoto.dll
2013-04-05 08:01 . 2013-04-05 08:01   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   4096   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   3928064   ----a-w-   c:\windows\system32\d2d1.dll
2013-04-05 08:01 . 2013-04-05 08:01   364544   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 08:01 . 2013-04-05 08:01   363008   ----a-w-   c:\windows\system32\dxgi.dll
2013-04-05 08:01 . 2013-04-05 08:01   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   3584   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   3419136   ----a-w-   c:\windows\SysWow64\d2d1.dll
2013-04-05 08:01 . 2013-04-05 08:01   333312   ----a-w-   c:\windows\system32\d3d10_1core.dll
2013-04-05 08:01 . 2013-04-05 08:01   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   3072   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   296960   ----a-w-   c:\windows\system32\d3d10core.dll
2013-04-05 08:01 . 2013-04-05 08:01   293376   ----a-w-   c:\windows\SysWow64\dxgi.dll
2013-04-05 08:01 . 2013-04-05 08:01   2776576   ----a-w-   c:\windows\system32\msmpeg2vdec.dll
2013-04-05 08:01 . 2013-04-05 08:01   2565120   ----a-w-   c:\windows\system32\d3d10warp.dll
2013-04-05 08:01 . 2013-04-05 08:01   2560   ---ha-w-   c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   2560   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 08:01 . 2013-04-05 08:01   249856   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2013-04-05 08:01 . 2013-04-05 08:01   245248   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 08:01 . 2013-04-05 08:01   2284544   ----a-w-   c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-05 08:01 . 2013-04-05 08:01   221184   ----a-w-   c:\windows\system32\UIAnimation.dll
2013-04-05 08:01 . 2013-04-05 08:01   220160   ----a-w-   c:\windows\SysWow64\d3d10core.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 18:36   451872   ----a-w-   c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-05-26 6245408]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Andrew Nassen\AppData\Roaming\Mozilla\Firefox\Profiles\kjl6vhit.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010712_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e21b83cb00000000000068a3c4745211
FF - user.js: extensions.BabylonToolbar_i.hardId - e21b83cb00000000000068a3c4745211
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15531
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="???楴??汐杵?愠???敗?汐杵? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="???楴??汐杵?愠???敗?汐杵? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-06-21 09:02:29
ComboFix-quarantined-files.txt 2013-06-21 16:02
ComboFix2.txt 2013-06-17 17:32
.
Pre-Run: 33,483,333,632 bytes free
Post-Run: 33,051,258,880 bytes free
.
- - End Of File - - 4BECD7479A560C534749BB3F55B2D802
D41D8CD98F00B204E9800998ECF8427E

Larusso · June 22, 2013

Hy there. How is your system behaving now ? Still no sound and no file icons ?

orreso · June 22, 2013

yeah, still no sound or file icons

Larusso · June 23, 2013

Hy there.

I'll consult another expert to have a look over this topic. Please stand by

orreso · June 25, 2013

still waiting on a reply, please don't close topic

Larusso · June 25, 2013

No reason to close this topic.

In the meantime, please

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

orreso · June 25, 2013

ESET online scanner behaved similarly to Malware Bytes Antirootkit eventually. I says it has detected a variant of MSIL/Injector.BKO trojan but about an hour into the scan hangs and then doesn't scan any further.

orreso · June 25, 2013

my apologies, the scan continued shortly after the last post.

orreso · June 25, 2013

C:\FRST\Quarantine\milesoft.exe   a variant of MSIL/Injector.BKO trojan
C:\Users\Andrew Nassen\Desktop\random stuff\Violet\start.exe   a variant of MSIL/Injector.BKO trojan
C:\Users\Andrew Nassen\Desktop\rar files\Violet.rar   a variant of MSIL/Injector.BKO trojan

no change yet, but I didn't remove the threats

Larusso · June 26, 2013

Could you please attach the following file

C:\Users\Andrew Nassen\Desktop\rar files\Violet.rar

I want to have a look over it.

orreso · June 26, 2013

i sent it to you via personal message

Larusso · June 27, 2013

Thanks, I'll have a look over this file as soon as I have time. So back to the major problems.

Please remove the .dat extension from this file C:\Qoobox\Quarantine\Registry_backups\Service_AudioSrv.reg.dat

Doubleclick on it and allow the registry changes. Reboot your system and let me know if you have sound now.

Next, please post me a screenshot where I can see how those "no icon" files looks like.

Hy. Please post me a Screenshot.

How to create a Screen Shot

Please press the Print Key on your Keyboard. This will create a snapshot from your current desktop and save it to clip-board.

Nowfollow these steps.

Press the Windows + R Key ( or use Start --> Run )
Into the commandline type pbrush and press OK.
Now make one mouse-click into the Paint-window and press Ctrl + V. This will paste the current picture from your clip-board into your Paint window.
Here you can crop/resize the picture if you want.
Save the picture on a location where it is easy to find.

Attach the picture to your next reply

If you have any problems, feel free to ask.

orreso · June 27, 2013

sound has been restored, so yeah to that.

I attached 3 images to sort of break down the specificity of the problem

in the first example, it displays that desktop icons and shortcuts are unaffected.

the second shows that icons aligned in rows are likewise unaffected.

but the second shows the problem itself, that preview thumbnails are not being loaded

malware.trace infection replaces itself upon deletion

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information