Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

SMART scan 2012 virus Ran Malware and computer freezes in the reboot

Started by Ballerhappygirl , May 03 2012 03:57 PM

Please log in to reply

#16
Ballerhappygirl

Posted 05 May 2012 - 04:40 PM

Member

Topic Starter
Member
19 posts

When I ran the command for otx my computer froze on the reboot. I kept having t
his problem with the malware program before

#17
Nedklaw

Posted 05 May 2012 - 04:45 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Has OTL produced a log in this location C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log?, where mmddyyyy_hhmmss is the date and the time of the tool run.

#18
Ballerhappygirl

Posted 05 May 2012 - 04:53 PM

Member

Topic Starter
Member
19 posts

Yes I'm posting it now.I'll continue with the rest of the instructions

========== OTL ==========
Process svchost.exe killed successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}\ not found.
Registry key HKEY_USERS\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CAA0926-39F4-4EBD-BC17-FDCD597C2F85}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LHWmcRqHquM.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\uEhBAYCSUUPOwa.exe deleted successfully.
C:\ProgramData\uEhBAYCSUUPOwa.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\afdbeacfbcadct deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\afdbeacfbcadct not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\dplaysvr not found.
Registry value HKEY_USERS\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Run\\afdbeacfbcadct deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\schaney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery folder moved successfully.
C:\ProgramData\-QbbpZOqa9tVeme moved successfully.
C:\ProgramData\QbbpZOqa9tVeme moved successfully.
File C:\ProgramData\uEhBAYCSUUPOwa.exe not found.
C:\Users\schaney\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\Users\schaney\Desktop\Data_Recovery.lnk moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX0\procs\explorer.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX1\procs\explorer.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX0\h\explorer.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX1\h\explorer.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX0\userinit.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX1\userinit.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX0\winlogon.exe moved successfully.
C:\Users\schaney\AppData\Local\Temp\RarSFX1\winlogon.exe moved successfully.
C:\Windows\SysNative\SET2B63.tmp deleted successfully.
C:\Windows\SysNative\SET6399.tmp deleted successfully.
C:\Windows\SysNative\SETADE5.tmp deleted successfully.
C:\Windows\SysNative\SETD7FB.tmp deleted successfully.
C:\Windows\SysNative\SETEF9B.tmp deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\schaney\Desktop\cmd.bat deleted successfully.
C:\Users\schaney\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\schaney\Desktop\cmd.bat deleted successfully.
C:\Users\schaney\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Unable to start System Restore Service. Error code 1084

OTL by OldTimer - Version 3.2.42.2 log created on 05052012_171304

#19
Nedklaw

Posted 05 May 2012 - 04:55 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Yes, the OTL ran correctly. Please continue with the rest of the instructions and post the logs.

#20
Ballerhappygirl

Posted 05 May 2012 - 05:31 PM

Member

Topic Starter
Member
19 posts

OTL logfile created on: 5/5/2012 5:57:54 PM - Run 2
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\schaney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 39.20% Memory free
7.60 Gb Paging File | 4.79 Gb Available in Paging File | 62.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 372.79 Gb Free Space | 83.13% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: SCHANEY-HP | User Name: schaney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
PRC - [2012/04/12 02:36:13 | 000,096,752 | ---- | M] (Google Inc.) -- C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe
PRC - [2012/03/27 12:04:23 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/28 19:07:54 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/11 17:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/11/14 12:50:35 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/25 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2005/04/04 19:58:30 | 003,502,080 | ---- | M] () -- C:\Users\schaney\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 19:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 18:00:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/22 18:00:06 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e3b2d98c11781e59f2e69bb71b8c853f\IAStorUtil.ni.dll
MOD - [2012/02/15 22:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 22:38:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 22:38:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 22:38:20 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/15 22:38:10 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 22:37:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 22:37:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 22:37:45 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 22:37:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 22:37:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 22:37:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 22:37:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 19:14:20 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/10/31 14:26:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2005/08/22 17:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/25 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/25 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 12:00:30 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/22 16:21:07 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/25 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/03/25 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes,DefaultScope = {B856020B-2409-4015-B2B1-D092DFC7D22C}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{B856020B-2409-4015-B2B1-D092DFC7D22C}: "URL" = http://www.google.co...1I7ADRA_enUS416
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPNOT/1"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 15:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/22 10:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Extensions
[2011/11/11 14:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions
[2011/11/11 14:18:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/14 13:11:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/14 13:11:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/05/05 17:13:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\.DEFAULT..\Run: [govShell] C:\Windows\SysWOW64\config\systemprofile\govttct.exe ()
O4 - HKU\.DEFAULT..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()
O4 - HKU\S-1-5-18..\Run: [govShell] C:\Windows\SysWOW64\config\systemprofile\govttct.exe ()
O4 - HKU\S-1-5-18..\Run: [Svc2dll] C:\Windows\SysWOW64\config\systemprofile\AppData\Local\svcxdcl32.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [ChromeFrameHelper] C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe (Google Inc.)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aim-hqevents...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23D51591-C4EE-469F-9AF0-E4BFEA3D2CBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA67CC1E-E2E3-40CE-A725-5CB301336AE2}: DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/05 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{7EB1966C-E876-4304-8ACA-995F67209FEC}
[2012/05/05 17:49:38 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{475E1E61-4D8E-4C6A-A1D3-121BD84496D1}
[2012/05/05 17:13:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\RK_Quarantine
[2012/05/04 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{B893855C-1CB2-4273-8AA7-F31AC56C3233}
[2012/05/04 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{A0D19733-E4B4-4434-8C74-1E88C1857DC4}
[2012/05/03 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\New folder
[2012/05/03 18:53:41 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{C2884B8A-FF65-48D1-839A-323ECAF3EED2}
[2012/04/27 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{9971BED2-0A63-4F63-A0ED-BA73019EB8FB}
[2012/04/27 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{1498B0E8-114C-4A6B-83C4-F61A22154700}
[2012/04/27 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{415263AC-8841-47DA-BFB0-D19121FA111E}
[2012/04/26 17:31:13 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{D0C28078-58C2-4679-8D0B-D78449C9709F}
[2012/04/26 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{58E325EE-7FA5-4055-8DB0-EE7F764F293B}
[2012/04/26 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Roaming\Malwarebytes
[2012/04/26 13:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 13:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 13:27:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/26 13:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/26 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{3E90931D-3B4D-44B6-ADBF-EC7E979460EC}
[2012/04/26 12:00:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{E8743892-DCD6-4430-8719-ADAF2B63BBCC}
[2012/04/26 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 11:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/25 23:59:59 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{D4369161-1175-4952-8939-162E30DCB5DA}
[2012/04/25 23:59:12 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{58702679-D48A-4120-9929-582D5ACAB06C}
[2012/04/25 23:53:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/25 23:09:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/25 23:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/25 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{76E6C1F0-BB54-4444-B789-3B0721FC7DB9}
[2012/04/25 22:52:00 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{2E7AB63C-CE61-4C40-80E8-228079E707E6}
[2012/04/22 11:13:47 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{139C2302-8595-4DB0-838B-6E41127DCE3A}
[2012/04/22 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{2F2E990A-EAA0-4CB6-8965-ACE8F888EBA3}
[2012/04/22 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{291B2AC0-A21F-4667-A59C-0735A85E03E6}
[2012/04/19 23:49:46 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\ARVO 2012 computer work
[2012/04/15 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{EAC88ABB-0A8A-4EFC-8501-8197901CCCB1}
[2012/04/15 15:31:37 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{17A1511B-8860-4341-B19A-3C7F2514A513}
[2012/04/15 11:44:44 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{0F1D8ABF-FF45-4B54-9965-439C8C80277D}
[2012/04/05 23:32:46 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{7CF495C5-9DC0-4ABA-9CB8-D3BB77928630}

========== Files - Modified Within 30 Days ==========

[2012/05/05 18:12:48 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000UA.job
[2012/05/05 18:12:47 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/05 17:57:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 17:57:03 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/05 17:48:25 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/05 17:48:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 17:47:55 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/05 17:09:37 | 001,412,608 | ---- | M] () -- C:\Users\schaney\Desktop\Nedklaw.exe
[2012/05/05 16:08:53 | 000,000,882 | RH-- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/05/04 20:12:33 | 001,412,608 | ---- | M] () -- C:\Users\schaney\Desktop\winlogon.exe
[2012/05/04 20:04:53 | 255,054,248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/03 19:29:45 | 000,000,512 | ---- | M] () -- C:\Users\schaney\Desktop\MBR.dat
[2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:33:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 12:10:08 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000Core.job
[2012/04/26 11:26:23 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 11:26:23 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 11:26:23 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/22 10:04:46 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForschaney.job
[2012/04/19 22:30:45 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/05/05 17:08:25 | 001,412,608 | ---- | C] () -- C:\Users\schaney\Desktop\Nedklaw.exe
[2012/05/04 20:12:29 | 001,412,608 | ---- | C] () -- C:\Users\schaney\Desktop\winlogon.exe
[2012/05/03 19:29:45 | 000,000,512 | ---- | C] () -- C:\Users\schaney\Desktop\MBR.dat
[2012/04/27 14:29:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 09:59:45 | 255,054,248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 22:30:45 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 15:52:53 | 000,000,088 | ---- | C] () -- C:\Users\schaney\AppData\Roaming\usb.inf
[2011/07/18 11:49:05 | 000,004,096 | ---- | C] () -- C:\Users\schaney\AppData\Local\keyfile3.drm
[2011/03/23 11:36:35 | 000,001,854 | ---- | C] () -- C:\Users\schaney\AppData\Roaming\GhostObjGAFix.xml
[2010/12/20 18:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/30 20:20:12 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/10/22 16:20:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/10/22 16:20:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/15 17:11:45 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/15 14:42:24 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/05/14 13:27:50 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 12:16:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 12:16:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2010/12/20 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/20 15:12:20 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Opera
[2011/01/27 14:33:25 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Synergy Software
[2011/01/17 22:21:39 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Watchtower
[2011/02/10 11:41:13 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\webex
[2011/07/01 10:12:26 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Windows Live Writer
[2012/02/14 00:25:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#21
Nedklaw

Posted 05 May 2012 - 05:36 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Do you have the ComboFix and TDSSKiller logs?

#22
Ballerhappygirl

Posted 05 May 2012 - 07:44 PM

Member

Topic Starter
Member
19 posts

I ran combfix and now everyone I try to open a program I get an error message that says "illegal operation attempted on a registry Key that has been marked for deletion"

#23
Nedklaw

Posted 06 May 2012 - 07:41 AM

Trusted Helper

Malware Removal
1,652 posts

Hi.

This is a known problem with ComboFix, just simply restarting the computer should solve the problem.
Remember to post the ComboFix and TDSSKiller logs in your next post.

Things I want to see in your next reply

ComboFix.txt
TDSSKiller.[Version]_[Date]_[Time]_log.txt

#24
Ballerhappygirl

Posted 06 May 2012 - 07:51 PM

Member

Topic Starter
Member
19 posts

ComboFix 12-05-05.06 - schaney 05/05/2012 18:47:26.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2348 [GMT -5:00]
Running from: c:\users\schaney\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
c:\windows\SysWow64\config\systemprofile\Appdata\local\svcxdcl32.exe
c:\windows\SysWow64\config\systemprofile\govttct.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-05 22:13 . 2012-05-05 22:13 -------- d-----w- C:\_OTL
2012-04-26 18:27 . 2012-04-26 18:27 -------- d-----w- c:\users\schaney\AppData\Roaming\Malwarebytes
2012-04-26 18:27 . 2012-04-26 18:27 -------- d-----w- c:\programdata\Malwarebytes
2012-04-26 18:27 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-26 18:27 . 2012-05-03 21:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-26 16:22 . 2012-04-26 16:22 -------- d-----w- c:\users\schaney\AppData\Roaming\SUPERAntiSpyware.com
2012-04-26 16:22 . 2012-04-26 16:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-26 16:22 . 2012-04-26 16:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-26 04:09 . 2012-04-26 04:09 -------- d-----w- c:\windows\en
2012-04-26 04:02 . 2012-04-26 04:02 -------- d-----w- c:\program files\Windows Live
2012-04-26 03:53 . 2012-04-26 03:53 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2c6fe1781cd236001\DSETUP.dll
2012-04-26 03:53 . 2012-04-26 03:53 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2c6fe1781cd236001\DXSETUP.exe
2012-04-26 03:53 . 2012-04-26 03:53 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\2c6fe1781cd236001\dsetup32.dll
2012-04-20 03:21 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-20 03:21 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-20 03:21 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-20 03:21 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-20 03:21 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-20 03:21 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-20 03:21 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 03:27 . 2012-04-05 02:33 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{73486F1F-0E36-48A7-B45F-113786C7F450}\mpengine.dll
2012-03-08 23:50 . 2012-03-08 23:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 14:18 . 2010-12-01 05:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-13 22:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 22:27 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 22:27 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 22:27 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:58 . 2012-02-15 18:58 768848 ----a-w- c:\windows\SysWow64\msvcr100.dll
2012-02-15 18:58 . 2012-02-15 18:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-13 22:28 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 22:28 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-26 39408]
"ChromeFrameHelper"="c:\users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe" [2012-04-12 96752]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 4785536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-03-26 124224]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Version Cue CS2"="c:\users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2010-03-26 20792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 23:41]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-26 23:41]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000Core.job
- c:\users\schaney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 20:57]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000UA.job
- c:\users\schaney\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 20:57]
.
2012-05-06 c:\windows\Tasks\HPCeeScheduleForschaney.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-20 6486120]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\
FF - prefs.js: browser.startup.homepage - hxxp://g.msn.com/HPNOT/1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
Wow6432Node-HKU-Default-Run-Svc2dll - c:\windows\system32\config\systemprofile\AppData\Local\svcxdcl32.exe
Wow6432Node-HKU-Default-Run-govShell - c:\windows\system32\config\systemprofile\govttct.exe
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\users\schaney\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-05-05 20:25:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-06 01:25
.
Pre-Run: 399,510,007,808 bytes free
Post-Run: 401,688,055,808 bytes free
.
- - End Of File - - 891F1DBEF315FC6FE9F083E6A618D16A

20:36:11.0498 4848 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
20:36:13.0510 4848 ============================================================
20:36:13.0510 4848 Current date / time: 2012/05/06 20:36:13.0510
20:36:13.0510 4848 SystemInfo:
20:36:13.0510 4848
20:36:13.0510 4848 OS Version: 6.1.7601 ServicePack: 1.0
20:36:13.0510 4848 Product type: Workstation
20:36:13.0510 4848 ComputerName: SCHANEY-HP
20:36:13.0510 4848 UserName: schaney
20:36:13.0510 4848 Windows directory: C:\Windows
20:36:13.0510 4848 System windows directory: C:\Windows
20:36:13.0510 4848 Running under WOW64
20:36:13.0510 4848 Processor architecture: Intel x64
20:36:13.0510 4848 Number of processors: 4
20:36:13.0510 4848 Page size: 0x1000
20:36:13.0510 4848 Boot type: Normal boot
20:36:13.0510 4848 ============================================================
20:36:14.0930 4848 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:36:14.0930 4848 ============================================================
20:36:14.0930 4848 \Device\Harddisk0\DR0:
20:36:14.0930 4848 MBR partitions:
20:36:14.0930 4848 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:36:14.0930 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380E6800
20:36:14.0930 4848 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3814A800, BlocksNum 0x2207800
20:36:14.0930 4848 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:36:14.0930 4848 ============================================================
20:36:14.0961 4848 C: <-> \Device\Harddisk0\DR0\Partition1
20:36:15.0008 4848 D: <-> \Device\Harddisk0\DR0\Partition2
20:36:15.0008 4848 ============================================================
20:36:15.0008 4848 Initialize success
20:36:15.0008 4848 ============================================================
20:37:25.0400 6404 ============================================================
20:37:25.0400 6404 Scan started
20:37:25.0400 6404 Mode: Manual; SigCheck; TDLFS;
20:37:25.0400 6404 ============================================================
20:37:29.0802 6404 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:37:30.0042 6404 !SASCORE - ok
20:37:30.0242 6404 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:37:30.0592 6404 1394ohci - ok
20:37:30.0652 6404 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:37:30.0742 6404 ACPI - ok
20:37:30.0792 6404 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:37:31.0012 6404 AcpiPmi - ok
20:37:31.0142 6404 Adobe LM Service (52fdd74c71bd8181feccea13d1d76210) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:37:31.0282 6404 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:37:31.0282 6404 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:37:31.0422 6404 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe
20:37:31.0562 6404 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
20:37:31.0562 6404 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
20:37:31.0662 6404 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:37:31.0752 6404 AdobeARMservice - ok
20:37:31.0812 6404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:37:31.0872 6404 adp94xx - ok
20:37:31.0942 6404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:37:32.0012 6404 adpahci - ok
20:37:32.0072 6404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:37:32.0112 6404 adpu320 - ok
20:37:32.0142 6404 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:37:32.0312 6404 AeLookupSvc - ok
20:37:32.0402 6404 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:37:32.0462 6404 AERTFilters - ok
20:37:32.0542 6404 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:37:32.0692 6404 AFD - ok
20:37:32.0792 6404 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
20:37:32.0902 6404 AgereSoftModem - ok
20:37:32.0952 6404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:37:32.0982 6404 agp440 - ok
20:37:33.0022 6404 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:37:33.0072 6404 ALG - ok
20:37:33.0112 6404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:37:33.0142 6404 aliide - ok
20:37:33.0162 6404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:37:33.0182 6404 amdide - ok
20:37:33.0212 6404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:37:33.0262 6404 AmdK8 - ok
20:37:33.0282 6404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:37:33.0342 6404 AmdPPM - ok
20:37:33.0412 6404 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:37:33.0502 6404 amdsata - ok
20:37:33.0532 6404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:37:33.0562 6404 amdsbs - ok
20:37:33.0572 6404 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:37:33.0642 6404 amdxata - ok
20:37:33.0722 6404 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:37:34.0262 6404 AppID - ok
20:37:34.0282 6404 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:37:34.0382 6404 AppIDSvc - ok
20:37:34.0452 6404 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:37:34.0572 6404 Appinfo - ok
20:37:34.0722 6404 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:37:34.0802 6404 Apple Mobile Device - ok
20:37:34.0872 6404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:37:34.0902 6404 arc - ok
20:37:34.0932 6404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:37:34.0953 6404 arcsas - ok
20:37:35.0003 6404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:37:35.0103 6404 AsyncMac - ok
20:37:35.0163 6404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:37:35.0193 6404 atapi - ok
20:37:35.0313 6404 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
20:37:35.0483 6404 athr - ok
20:37:35.0893 6404 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:36.0073 6404 AudioEndpointBuilder - ok
20:37:36.0083 6404 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:37:36.0133 6404 AudioSrv - ok
20:37:36.0213 6404 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:37:36.0363 6404 AxInstSV - ok
20:37:36.0473 6404 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:37:36.0573 6404 b06bdrv - ok
20:37:36.0643 6404 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:37:36.0733 6404 b57nd60a - ok
20:37:36.0843 6404 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
20:37:36.0923 6404 BBSvc - ok
20:37:37.0194 6404 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:37:43.0455 6404 BCM43XX - ok
20:37:43.0555 6404 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:37:43.0635 6404 BDESVC - ok
20:37:43.0685 6404 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:37:43.0745 6404 Beep - ok
20:37:43.0845 6404 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:37:43.0935 6404 BFE - ok
20:37:44.0075 6404 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
20:37:44.0345 6404 BITS - ok
20:37:44.0395 6404 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:37:44.0445 6404 blbdrive - ok
20:37:44.0565 6404 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:37:44.0635 6404 Bonjour Service - ok
20:37:44.0715 6404 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:37:44.0825 6404 bowser - ok
20:37:44.0865 6404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:37:44.0905 6404 BrFiltLo - ok
20:37:44.0915 6404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:37:44.0945 6404 BrFiltUp - ok
20:37:45.0005 6404 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:37:45.0085 6404 BridgeMP - ok
20:37:45.0125 6404 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:37:45.0205 6404 Browser - ok
20:37:45.0245 6404 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:37:45.0295 6404 Brserid - ok
20:37:45.0305 6404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:37:45.0345 6404 BrSerWdm - ok
20:37:45.0375 6404 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:37:45.0425 6404 BrUsbMdm - ok
20:37:45.0435 6404 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:37:45.0475 6404 BrUsbSer - ok
20:37:45.0525 6404 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:37:45.0605 6404 BthEnum - ok
20:37:45.0675 6404 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:37:45.0715 6404 BTHMODEM - ok
20:37:45.0765 6404 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:37:45.0805 6404 BthPan - ok
20:37:45.0875 6404 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:37:46.0036 6404 BTHPORT - ok
20:37:46.0076 6404 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:37:46.0136 6404 bthserv - ok
20:37:46.0186 6404 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:37:46.0276 6404 BTHUSB - ok
20:37:46.0296 6404 catchme - ok
20:37:46.0326 6404 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:37:46.0396 6404 cdfs - ok
20:37:46.0456 6404 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:37:46.0596 6404 cdrom - ok
20:37:46.0686 6404 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:37:46.0856 6404 CertPropSvc - ok
20:37:46.0926 6404 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
20:37:47.0027 6404 CinemaNow Service - ok
20:37:47.0067 6404 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:37:47.0107 6404 circlass - ok
20:37:47.0147 6404 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:37:47.0177 6404 CLFS - ok
20:37:47.0267 6404 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:37:47.0287 6404 clr_optimization_v2.0.50727_32 - ok
20:37:47.0337 6404 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:37:47.0367 6404 clr_optimization_v2.0.50727_64 - ok
20:37:47.0417 6404 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:37:47.0507 6404 clr_optimization_v4.0.30319_32 - ok
20:37:47.0547 6404 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:37:47.0647 6404 clr_optimization_v4.0.30319_64 - ok
20:37:47.0677 6404 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:37:47.0727 6404 CmBatt - ok
20:37:47.0767 6404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:37:47.0787 6404 cmdide - ok
20:37:47.0827 6404 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:37:47.0927 6404 CNG - ok
20:37:47.0967 6404 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:37:47.0987 6404 Compbatt - ok
20:37:48.0077 6404 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:37:48.0177 6404 CompositeBus - ok
20:37:48.0197 6404 COMSysApp - ok
20:37:48.0227 6404 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:37:48.0247 6404 crcdisk - ok
20:37:48.0297 6404 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:37:48.0417 6404 CryptSvc - ok
20:37:48.0477 6404 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:37:48.0547 6404 DcomLaunch - ok
20:37:48.0577 6404 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:37:48.0677 6404 defragsvc - ok
20:37:48.0727 6404 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:37:48.0837 6404 DfsC - ok
20:37:48.0927 6404 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:37:49.0058 6404 Dhcp - ok
20:37:49.0088 6404 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:37:49.0158 6404 discache - ok
20:37:49.0198 6404 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:37:49.0218 6404 Disk - ok
20:37:49.0278 6404 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:37:49.0368 6404 Dnscache - ok
20:37:49.0408 6404 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:37:49.0528 6404 dot3svc - ok
20:37:49.0588 6404 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:37:49.0708 6404 DPS - ok
20:37:49.0738 6404 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:37:49.0778 6404 drmkaud - ok
20:37:49.0888 6404 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:37:50.0028 6404 DXGKrnl - ok
20:37:50.0108 6404 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:37:50.0168 6404 EapHost - ok
20:37:50.0388 6404 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:37:50.0578 6404 ebdrv - ok
20:37:50.0698 6404 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:37:50.0858 6404 EFS - ok
20:37:51.0168 6404 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:37:51.0408 6404 ehRecvr - ok
20:37:51.0444 6404 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:37:51.0491 6404 ehSched - ok
20:37:51.0584 6404 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:37:51.0662 6404 elxstor - ok
20:37:51.0749 6404 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:37:51.0809 6404 ErrDev - ok
20:37:51.0869 6404 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:37:51.0959 6404 EventSystem - ok
20:37:51.0999 6404 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:37:52.0069 6404 exfat - ok
20:37:52.0099 6404 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:37:52.0159 6404 fastfat - ok
20:37:52.0299 6404 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:37:52.0439 6404 Fax - ok
20:37:52.0459 6404 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:37:52.0499 6404 fdc - ok
20:37:52.0529 6404 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:37:52.0599 6404 fdPHost - ok
20:37:52.0619 6404 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:37:52.0679 6404 FDResPub - ok
20:37:52.0719 6404 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:37:52.0739 6404 FileInfo - ok
20:37:52.0749 6404 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:37:52.0829 6404 Filetrace - ok
20:37:52.0849 6404 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:37:52.0879 6404 flpydisk - ok
20:37:52.0929 6404 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:37:53.0019 6404 FltMgr - ok
20:37:53.0159 6404 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:37:53.0289 6404 FontCache - ok
20:37:53.0369 6404 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:37:53.0469 6404 FontCache3.0.0.0 - ok
20:37:53.0509 6404 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:37:53.0539 6404 FsDepends - ok
20:37:53.0559 6404 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:37:53.0629 6404 Fs_Rec - ok
20:37:53.0709 6404 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:37:53.0789 6404 fvevol - ok
20:37:53.0829 6404 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:37:53.0849 6404 gagp30kx - ok
20:37:53.0949 6404 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:37:54.0029 6404 GameConsoleService - ok
20:37:54.0089 6404 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:37:54.0149 6404 GEARAspiWDM - ok
20:37:54.0229 6404 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:37:54.0349 6404 gpsvc - ok
20:37:54.0489 6404 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:37:54.0599 6404 gupdate - ok
20:37:54.0839 6404 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:37:54.0859 6404 gupdatem - ok
20:37:55.0079 6404 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:37:55.0159 6404 gusvc - ok
20:37:55.0189 6404 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:37:55.0309 6404 hcw85cir - ok
20:37:55.0419 6404 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:37:55.0579 6404 HdAudAddService - ok
20:37:55.0639 6404 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:37:55.0719 6404 HDAudBus - ok
20:37:55.0749 6404 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:37:55.0829 6404 HECIx64 - ok
20:37:55.0849 6404 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:37:55.0869 6404 HidBatt - ok
20:37:55.0889 6404 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:37:55.0919 6404 HidBth - ok
20:37:55.0949 6404 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:37:55.0989 6404 HidIr - ok
20:37:56.0059 6404 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:37:56.0129 6404 hidserv - ok
20:37:56.0219 6404 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:37:56.0299 6404 HidUsb - ok
20:37:56.0339 6404 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:37:56.0489 6404 hkmsvc - ok
20:37:56.0539 6404 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:37:56.0629 6404 HomeGroupListener - ok
20:37:56.0649 6404 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:37:56.0739 6404 HomeGroupProvider - ok
20:37:56.0849 6404 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:37:56.0919 6404 HP Support Assistant Service - ok
20:37:57.0009 6404 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:37:57.0070 6404 HP Wireless Assistant Service - ok
20:37:57.0170 6404 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:37:57.0240 6404 HPDrvMntSvc.exe - ok
20:37:57.0330 6404 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:37:57.0460 6404 hpqwmiex - ok
20:37:57.0640 6404 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:37:57.0710 6404 HpSAMD - ok
20:37:57.0820 6404 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:37:57.0890 6404 HPWMISVC - ok
20:37:58.0030 6404 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:37:58.0160 6404 HTTP - ok
20:37:58.0190 6404 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:37:58.0240 6404 hwpolicy - ok
20:37:58.0290 6404 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:37:58.0340 6404 i8042prt - ok
20:37:58.0410 6404 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
20:37:58.0440 6404 iaStor - ok
20:37:58.0510 6404 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
20:37:58.0570 6404 IAStorDataMgrSvc - ok
20:37:58.0640 6404 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:37:58.0770 6404 iaStorV - ok
20:37:58.0920 6404 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:37:59.0030 6404 idsvc - ok
20:37:59.0690 6404 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:38:00.0130 6404 igfx - ok
20:38:00.0280 6404 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:38:00.0300 6404 iirsp - ok
20:38:00.0380 6404 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:38:00.0470 6404 IKEEXT - ok
20:38:00.0620 6404 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
20:38:00.0810 6404 IntcAzAudAddService - ok
20:38:00.0950 6404 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:38:01.0100 6404 IntcDAud - ok
20:38:01.0130 6404 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:38:01.0150 6404 intelide - ok
20:38:01.0260 6404 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:38:01.0320 6404 intelppm - ok
20:38:01.0360 6404 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:38:01.0420 6404 IPBusEnum - ok
20:38:01.0480 6404 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:38:01.0590 6404 IpFilterDriver - ok
20:38:01.0680 6404 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:38:01.0800 6404 iphlpsvc - ok
20:38:01.0820 6404 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:38:01.0930 6404 IPMIDRV - ok
20:38:02.0030 6404 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:38:02.0091 6404 IPNAT - ok
20:38:02.0311 6404 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
20:38:02.0431 6404 iPod Service - ok
20:38:02.0471 6404 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:38:02.0551 6404 IRENUM - ok
20:38:02.0601 6404 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:38:02.0621 6404 isapnp - ok
20:38:02.0661 6404 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:38:02.0751 6404 iScsiPrt - ok
20:38:02.0771 6404 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:38:02.0801 6404 kbdclass - ok
20:38:02.0841 6404 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:38:02.0961 6404 kbdhid - ok
20:38:03.0011 6404 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:03.0031 6404 KeyIso - ok
20:38:03.0051 6404 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:38:03.0121 6404 KSecDD - ok
20:38:03.0141 6404 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:38:03.0241 6404 KSecPkg - ok
20:38:03.0281 6404 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:38:03.0361 6404 ksthunk - ok
20:38:03.0461 6404 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:38:03.0551 6404 KtmRm - ok
20:38:03.0631 6404 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:38:03.0741 6404 LanmanServer - ok
20:38:03.0781 6404 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:38:03.0881 6404 LanmanWorkstation - ok
20:38:03.0921 6404 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:38:04.0031 6404 lltdio - ok
20:38:04.0101 6404 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:38:04.0191 6404 lltdsvc - ok
20:38:04.0231 6404 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:38:04.0301 6404 lmhosts - ok
20:38:04.0481 6404 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:38:04.0601 6404 LMS - ok
20:38:04.0721 6404 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:38:04.0791 6404 LSI_FC - ok
20:38:04.0841 6404 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:38:04.0861 6404 LSI_SAS - ok
20:38:04.0881 6404 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:38:04.0901 6404 LSI_SAS2 - ok
20:38:04.0921 6404 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:38:04.0951 6404 LSI_SCSI - ok
20:38:04.0981 6404 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:38:05.0061 6404 luafv - ok
20:38:05.0131 6404 McAfeeEngineService (cec4d9c0a64993f4f82fd77a84b21944) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
20:38:05.0221 6404 McAfeeEngineService - ok
20:38:05.0391 6404 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
20:38:05.0471 6404 McAfeeFramework - ok
20:38:05.0541 6404 McShield (911a6416d429ee8a8804d44f2e181a31) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
20:38:05.0621 6404 McShield - ok
20:38:05.0671 6404 McTaskManager (f199668780c3d208930257a7ce655c27) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
20:38:05.0791 6404 McTaskManager - ok
20:38:05.0881 6404 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:38:06.0001 6404 Mcx2Svc - ok
20:38:06.0041 6404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:38:06.0061 6404 megasas - ok
20:38:06.0101 6404 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:38:06.0151 6404 MegaSR - ok
20:38:06.0181 6404 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
20:38:06.0251 6404 mfeapfk - ok
20:38:06.0391 6404 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
20:38:06.0491 6404 mfeavfk - ok
20:38:06.0571 6404 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
20:38:06.0701 6404 mfehidk - ok
20:38:06.0731 6404 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
20:38:06.0811 6404 mferkdet - ok
20:38:06.0831 6404 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
20:38:06.0901 6404 mfetdik - ok
20:38:06.0941 6404 mfevtp (be9d3bf69f3958492b56dce7ea7f5fa9) C:\Windows\system32\mfevtps.exe
20:38:06.0991 6404 mfevtp - ok
20:38:07.0092 6404 Microsoft SharePoint Workspace Audit Service - ok
20:38:07.0122 6404 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:38:07.0192 6404 MMCSS - ok
20:38:07.0272 6404 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:38:07.0362 6404 Modem - ok
20:38:07.0392 6404 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:38:07.0442 6404 monitor - ok
20:38:07.0482 6404 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:38:07.0512 6404 mouclass - ok
20:38:07.0542 6404 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:38:07.0562 6404 mouhid - ok
20:38:07.0602 6404 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:38:07.0662 6404 mountmgr - ok
20:38:07.0692 6404 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:38:07.0772 6404 mpio - ok
20:38:07.0812 6404 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:38:07.0862 6404 mpsdrv - ok
20:38:08.0082 6404 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:38:08.0182 6404 MpsSvc - ok
20:38:08.0222 6404 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:38:08.0352 6404 MRxDAV - ok
20:38:08.0402 6404 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:38:08.0522 6404 mrxsmb - ok
20:38:08.0552 6404 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:38:08.0662 6404 mrxsmb10 - ok
20:38:08.0702 6404 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:38:08.0762 6404 mrxsmb20 - ok
20:38:08.0802 6404 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:38:08.0892 6404 msahci - ok
20:38:09.0022 6404 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:38:09.0122 6404 msdsm - ok
20:38:09.0162 6404 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:38:09.0202 6404 MSDTC - ok
20:38:09.0232 6404 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:38:09.0292 6404 Msfs - ok
20:38:09.0302 6404 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:38:09.0372 6404 mshidkmdf - ok
20:38:09.0412 6404 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:38:09.0432 6404 msisadrv - ok
20:38:09.0462 6404 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:38:09.0542 6404 MSiSCSI - ok
20:38:09.0552 6404 msiserver - ok
20:38:09.0592 6404 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:38:09.0672 6404 MSKSSRV - ok
20:38:09.0702 6404 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:38:09.0782 6404 MSPCLOCK - ok
20:38:09.0802 6404 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:38:09.0872 6404 MSPQM - ok
20:38:10.0102 6404 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:38:10.0183 6404 MsRPC - ok
20:38:10.0243 6404 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:38:10.0263 6404 mssmbios - ok
20:38:10.0313 6404 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:38:10.0493 6404 MSTEE - ok
20:38:10.0593 6404 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:38:10.0633 6404 MTConfig - ok
20:38:10.0673 6404 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:38:10.0693 6404 Mup - ok
20:38:10.0743 6404 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:38:10.0823 6404 napagent - ok
20:38:10.0873 6404 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:38:10.0933 6404 NativeWifiP - ok
20:38:11.0053 6404 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:38:11.0153 6404 NDIS - ok
20:38:11.0233 6404 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:38:11.0333 6404 NdisCap - ok
20:38:11.0363 6404 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:38:11.0413 6404 NdisTapi - ok
20:38:11.0453 6404 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:38:11.0553 6404 Ndisuio - ok
20:38:11.0583 6404 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:38:11.0703 6404 NdisWan - ok
20:38:11.0723 6404 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:38:11.0823 6404 NDProxy - ok
20:38:11.0873 6404 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
20:38:11.0933 6404 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:38:11.0933 6404 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:38:11.0983 6404 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:38:12.0073 6404 NetBIOS - ok
20:38:12.0113 6404 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:38:12.0204 6404 NetBT - ok
20:38:12.0234 6404 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:12.0244 6404 Netlogon - ok
20:38:12.0294 6404 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:38:12.0384 6404 Netman - ok
20:38:12.0434 6404 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:38:12.0504 6404 netprofm - ok
20:38:12.0574 6404 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:38:12.0594 6404 NetTcpPortSharing - ok
20:38:13.0034 6404 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
20:38:13.0214 6404 netw5v64 - ok
20:38:13.0434 6404 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:38:13.0474 6404 nfrd960 - ok
20:38:13.0554 6404 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:38:13.0684 6404 NlaSvc - ok
20:38:13.0924 6404 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
20:38:14.0054 6404 NOBU - ok
20:38:14.0164 6404 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:38:14.0224 6404 Npfs - ok
20:38:14.0244 6404 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:38:14.0314 6404 nsi - ok
20:38:14.0324 6404 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:38:14.0414 6404 nsiproxy - ok
20:38:14.0534 6404 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:38:14.0714 6404 Ntfs - ok
20:38:14.0844 6404 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:38:14.0924 6404 Null - ok
20:38:14.0974 6404 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:38:15.0054 6404 nvraid - ok
20:38:15.0074 6404 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:38:15.0154 6404 nvstor - ok
20:38:15.0174 6404 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:38:15.0194 6404 nv_agp - ok
20:38:15.0224 6404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:38:15.0254 6404 ohci1394 - ok
20:38:15.0344 6404 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:38:15.0434 6404 ose - ok
20:38:16.0104 6404 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:38:16.0434 6404 osppsvc - ok
20:38:16.0624 6404 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:38:16.0714 6404 p2pimsvc - ok
20:38:16.0764 6404 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:38:16.0814 6404 p2psvc - ok
20:38:16.0864 6404 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:38:16.0904 6404 Parport - ok
20:38:17.0014 6404 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:38:17.0185 6404 partmgr - ok
20:38:17.0225 6404 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:38:17.0265 6404 PcaSvc - ok
20:38:17.0315 6404 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:38:17.0415 6404 pci - ok
20:38:17.0425 6404 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:38:17.0445 6404 pciide - ok
20:38:17.0485 6404 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:38:17.0515 6404 pcmcia - ok
20:38:17.0545 6404 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:38:17.0565 6404 pcw - ok
20:38:17.0605 6404 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:38:17.0865 6404 PEAUTH - ok
20:38:18.0185 6404 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:38:18.0225 6404 PerfHost - ok
20:38:18.0325 6404 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:38:18.0540 6404 pla - ok
20:38:18.0602 6404 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:38:18.0712 6404 PlugPlay - ok
20:38:18.0758 6404 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
20:38:18.0836 6404 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:38:18.0836 6404 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:38:18.0883 6404 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:38:18.0919 6404 PNRPAutoReg - ok
20:38:18.0999 6404 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:38:19.0039 6404 PNRPsvc - ok
20:38:19.0129 6404 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:38:19.0239 6404 PolicyAgent - ok
20:38:19.0289 6404 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:38:19.0369 6404 Power - ok
20:38:19.0449 6404 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:38:19.0559 6404 PptpMiniport - ok
20:38:19.0589 6404 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:38:19.0629 6404 Processor - ok
20:38:19.0669 6404 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:38:19.0779 6404 ProfSvc - ok
20:38:19.0829 6404 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:19.0859 6404 ProtectedStorage - ok
20:38:19.0969 6404 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:38:20.0099 6404 Psched - ok
20:38:20.0319 6404 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:38:20.0399 6404 ql2300 - ok
20:38:20.0579 6404 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:38:20.0629 6404 ql40xx - ok
20:38:20.0689 6404 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:38:20.0759 6404 QWAVE - ok
20:38:20.0799 6404 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:38:20.0839 6404 QWAVEdrv - ok
20:38:20.0859 6404 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:38:20.0909 6404 RasAcd - ok
20:38:20.0979 6404 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:38:21.0039 6404 RasAgileVpn - ok
20:38:21.0089 6404 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:38:21.0179 6404 RasAuto - ok
20:38:21.0239 6404 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:38:21.0379 6404 Rasl2tp - ok
20:38:21.0439 6404 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:38:21.0529 6404 RasMan - ok
20:38:21.0659 6404 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:38:21.0759 6404 RasPppoe - ok
20:38:21.0819 6404 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:38:21.0889 6404 RasSstp - ok
20:38:21.0969 6404 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:38:22.0119 6404 rdbss - ok
20:38:22.0159 6404 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:38:22.0199 6404 rdpbus - ok
20:38:22.0229 6404 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:38:22.0279 6404 RDPCDD - ok
20:38:22.0309 6404 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:38:22.0369 6404 RDPENCDD - ok
20:38:22.0409 6404 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:38:22.0479 6404 RDPREFMP - ok
20:38:22.0519 6404 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:38:22.0659 6404 RDPWD - ok
20:38:22.0729 6404 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:38:22.0819 6404 rdyboost - ok
20:38:22.0869 6404 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:38:22.0939 6404 RemoteAccess - ok
20:38:22.0979 6404 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:38:23.0069 6404 RemoteRegistry - ok
20:38:23.0149 6404 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:38:23.0199 6404 RFCOMM - ok
20:38:23.0270 6404 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:38:23.0370 6404 RpcEptMapper - ok
20:38:23.0400 6404 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:38:23.0440 6404 RpcLocator - ok
20:38:23.0500 6404 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
20:38:23.0600 6404 RpcSs - ok
20:38:23.0720 6404 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:38:23.0810 6404 rspndr - ok
20:38:23.0900 6404 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
20:38:24.0050 6404 RSUSBSTOR - ok
20:38:24.0100 6404 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:38:24.0180 6404 RTL8167 - ok
20:38:24.0260 6404 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
20:38:24.0320 6404 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
20:38:24.0320 6404 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
20:38:24.0360 6404 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:24.0380 6404 SamSs - ok
20:38:24.0440 6404 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:38:24.0540 6404 SASDIFSV - ok
20:38:24.0590 6404 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:38:24.0670 6404 SASKUTIL - ok
20:38:24.0690 6404 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:38:24.0790 6404 sbp2port - ok
20:38:24.0820 6404 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:38:24.0890 6404 SCardSvr - ok
20:38:24.0920 6404 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:38:25.0040 6404 scfilter - ok
20:38:25.0140 6404 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:38:25.0250 6404 Schedule - ok
20:38:25.0290 6404 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:38:25.0360 6404 SCPolicySvc - ok
20:38:25.0400 6404 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:38:25.0510 6404 sdbus - ok
20:38:25.0620 6404 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:38:25.0720 6404 SDRSVC - ok
20:38:25.0870 6404 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
20:38:25.0900 6404 SeaPort - ok
20:38:25.0940 6404 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:38:26.0010 6404 secdrv - ok
20:38:26.0060 6404 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:38:26.0150 6404 seclogon - ok
20:38:26.0220 6404 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:38:26.0270 6404 SENS - ok
20:38:26.0320 6404 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:38:26.0390 6404 SensrSvc - ok
20:38:26.0450 6404 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:38:26.0470 6404 Serenum - ok
20:38:26.0520 6404 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:38:26.0580 6404 Serial - ok
20:38:26.0660 6404 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:38:26.0710 6404 sermouse - ok
20:38:26.0810 6404 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:38:26.0980 6404 SessionEnv - ok
20:38:27.0020 6404 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:38:27.0090 6404 sffdisk - ok
20:38:27.0100 6404 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:38:27.0150 6404 sffp_mmc - ok
20:38:27.0160 6404 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:38:27.0280 6404 sffp_sd - ok
20:38:27.0300 6404 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:38:27.0350 6404 sfloppy - ok
20:38:27.0410 6404 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:38:27.0500 6404 SharedAccess - ok
20:38:27.0570 6404 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:38:27.0670 6404 ShellHWDetection - ok
20:38:27.0760 6404 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:38:27.0790 6404 SiSRaid2 - ok
20:38:27.0830 6404 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:38:27.0860 6404 SiSRaid4 - ok
20:38:27.0960 6404 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:38:28.0200 6404 Smb - ok
20:38:28.0230 6404 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:38:28.0270 6404 SNMPTRAP - ok
20:38:28.0280 6404 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:38:28.0300 6404 spldr - ok
20:38:28.0360 6404 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:38:28.0470 6404 Spooler - ok
20:38:28.0790 6404 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:38:28.0900 6404 sppsvc - ok
20:38:29.0020 6404 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:38:29.0070 6404 sppuinotify - ok
20:38:29.0140 6404 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:38:29.0291 6404 srv - ok
20:38:29.0331 6404 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:38:29.0451 6404 srv2 - ok
20:38:29.0511 6404 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:38:29.0571 6404 SrvHsfHDA - ok
20:38:29.0791 6404 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:38:29.0881 6404 SrvHsfV92 - ok
20:38:30.0061 6404 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:38:30.0121 6404 SrvHsfWinac - ok
20:38:30.0171 6404 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:38:30.0271 6404 srvnet - ok
20:38:30.0331 6404 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:38:30.0401 6404 SSDPSRV - ok
20:38:30.0431 6404 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:38:30.0481 6404 SstpSvc - ok
20:38:30.0501 6404 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:38:30.0521 6404 stexstor - ok
20:38:30.0601 6404 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:38:30.0741 6404 stisvc - ok
20:38:30.0781 6404 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:38:30.0811 6404 swenum - ok
20:38:30.0871 6404 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:38:30.0971 6404 swprv - ok
20:38:31.0131 6404 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
20:38:31.0261 6404 SynTP - ok
20:38:31.0511 6404 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:38:31.0621 6404 SysMain - ok
20:38:31.0901 6404 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:38:32.0041 6404 TabletInputService - ok
20:38:32.0091 6404 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:38:32.0201 6404 TapiSrv - ok
20:38:32.0231 6404 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:38:32.0282 6404 TBS - ok
20:38:32.0492 6404 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:38:32.0662 6404 Tcpip - ok
20:38:32.0932 6404 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:38:33.0002 6404 TCPIP6 - ok
20:38:33.0102 6404 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:38:33.0232 6404 tcpipreg - ok
20:38:33.0262 6404 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:38:33.0303 6404 TDPIPE - ok
20:38:33.0333 6404 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:38:33.0423 6404 TDTCP - ok
20:38:33.0463 6404 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:38:33.0573 6404 tdx - ok
20:38:33.0613 6404 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:38:33.0663 6404 TermDD - ok
20:38:33.0733 6404 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:38:33.0853 6404 TermService - ok
20:38:33.0883 6404 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:38:33.0913 6404 Themes - ok
20:38:33.0943 6404 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:38:33.0993 6404 THREADORDER - ok
20:38:34.0043 6404 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:38:34.0113 6404 TrkWks - ok
20:38:34.0183 6404 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:38:34.0293 6404 TrustedInstaller - ok
20:38:34.0343 6404 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:38:34.0473 6404 tssecsrv - ok
20:38:34.0573 6404 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:38:34.0683 6404 TsUsbFlt - ok
20:38:34.0733 6404 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:38:34.0873 6404 tunnel - ok
20:38:34.0903 6404 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:38:34.0923 6404 uagp35 - ok
20:38:34.0973 6404 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:38:35.0093 6404 udfs - ok
20:38:35.0123 6404 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:38:35.0153 6404 UI0Detect - ok
20:38:35.0183 6404 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:38:35.0203 6404 uliagpkx - ok
20:38:35.0243 6404 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:38:35.0343 6404 umbus - ok
20:38:35.0373 6404 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:38:35.0413 6404 UmPass - ok
20:38:35.0623 6404 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:38:35.0773 6404 UNS - ok
20:38:35.0893 6404 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:38:36.0013 6404 upnphost - ok
20:38:36.0113 6404 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:38:36.0223 6404 usbccgp - ok
20:38:36.0273 6404 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:38:36.0313 6404 usbcir - ok
20:38:36.0363 6404 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:38:36.0473 6404 usbehci - ok
20:38:36.0513 6404 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:38:36.0643 6404 usbhub - ok
20:38:36.0663 6404 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:38:36.0763 6404 usbohci - ok
20:38:36.0803 6404 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:38:36.0843 6404 usbprint - ok
20:38:36.0873 6404 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
20:38:36.0973 6404 USBSTOR - ok
20:38:36.0993 6404 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:38:37.0083 6404 usbuhci - ok
20:38:37.0143 6404 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:38:37.0223 6404 usbvideo - ok
20:38:37.0273 6404 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:38:37.0343 6404 UxSms - ok
20:38:37.0373 6404 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:37.0413 6404 VaultSvc - ok
20:38:37.0463 6404 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:38:37.0483 6404 vdrvroot - ok
20:38:37.0523 6404 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:38:37.0633 6404 vds - ok
20:38:37.0693 6404 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:38:37.0713 6404 vga - ok
20:38:37.0763 6404 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:38:37.0823 6404 VgaSave - ok
20:38:38.0003 6404 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:38:38.0253 6404 vhdmp - ok
20:38:38.0283 6404 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:38:38.0323 6404 viaide - ok
20:38:38.0453 6404 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:38:38.0533 6404 volmgr - ok
20:38:39.0443 6404 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:38:39.0513 6404 volmgrx - ok
20:38:39.0613 6404 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:38:39.0733 6404 volsnap - ok
20:38:39.0783 6404 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:38:39.0813 6404 vsmraid - ok
20:38:39.0963 6404 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:38:40.0173 6404 VSS - ok
20:38:40.0333 6404 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:38:40.0393 6404 vwifibus - ok
20:38:40.0433 6404 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:38:40.0483 6404 vwififlt - ok
20:38:40.0523 6404 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:38:40.0583 6404 W32Time - ok
20:38:40.0613 6404 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:38:40.0643 6404 WacomPen - ok
20:38:40.0693 6404 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:38:40.0823 6404 WANARP - ok
20:38:40.0833 6404 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:38:40.0873 6404 Wanarpv6 - ok
20:38:40.0993 6404 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:38:41.0183 6404 WatAdminSvc - ok
20:38:41.0293 6404 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:38:41.0433 6404 wbengine - ok
20:38:41.0553 6404 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:38:41.0593 6404 WbioSrvc - ok
20:38:41.0643 6404 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:38:41.0743 6404 wcncsvc - ok
20:38:41.0783 6404 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:38:41.0813 6404 WcsPlugInService - ok
20:38:41.0883 6404 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:38:41.0913 6404 Wd - ok
20:38:41.0973 6404 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:38:42.0043 6404 Wdf01000 - ok
20:38:42.0063 6404 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:38:42.0133 6404 WdiServiceHost - ok
20:38:42.0133 6404 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:38:42.0163 6404 WdiSystemHost - ok
20:38:42.0203 6404 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:38:42.0333 6404 WebClient - ok
20:38:42.0393 6404 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:38:42.0483 6404 Wecsvc - ok
20:38:42.0513 6404 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:38:42.0573 6404 wercplsupport - ok
20:38:42.0593 6404 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:38:42.0653 6404 WerSvc - ok
20:38:42.0723 6404 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:38:42.0783 6404 WfpLwf - ok
20:38:42.0803 6404 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:38:42.0823 6404 WIMMount - ok
20:38:42.0863 6404 WinDefend - ok
20:38:42.0873 6404 WinHttpAutoProxySvc - ok
20:38:42.0953 6404 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:38:43.0063 6404 Winmgmt - ok
20:38:43.0203 6404 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:38:43.0383 6404 WinRM - ok
20:38:43.0553 6404 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:38:43.0653 6404 Wlansvc - ok
20:38:43.0883 6404 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:38:44.0013 6404 wlidsvc - ok
20:38:44.0153 6404 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:38:44.0213 6404 WmiAcpi - ok
20:38:44.0304 6404 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:38:44.0364 6404 wmiApSrv - ok
20:38:44.0404 6404 WMPNetworkSvc - ok
20:38:44.0434 6404 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:38:44.0474 6404 WPCSvc - ok
20:38:44.0514 6404 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:38:44.0614 6404 WPDBusEnum - ok
20:38:44.0644 6404 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:38:44.0704 6404 ws2ifsl - ok
20:38:44.0764 6404 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:38:44.0814 6404 wscsvc - ok
20:38:44.0814 6404 WSearch - ok
20:38:44.0994 6404 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:38:45.0104 6404 wuauserv - ok
20:38:45.0214 6404 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:38:45.0334 6404 WudfPf - ok
20:38:45.0364 6404 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:38:45.0474 6404 WUDFRd - ok
20:38:45.0514 6404 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:38:45.0614 6404 wudfsvc - ok
20:38:45.0654 6404 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:38:45.0704 6404 WwanSvc - ok
20:38:45.0764 6404 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
20:38:45.0824 6404 yukonw7 - ok
20:38:45.0844 6404 MBR (0x1B8) (e3e91e98346c8b0475259c238728e9e3) \Device\Harddisk0\DR0
20:38:45.0874 6404 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
20:38:45.0874 6404 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
20:38:45.0964 6404 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:38:45.0964 6404 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:38:46.0004 6404 Boot (0x1200) (9dcf43b27f1200469d517b079d1c6d88) \Device\Harddisk0\DR0\Partition0
20:38:46.0004 6404 \Device\Harddisk0\DR0\Partition0 - ok
20:38:46.0034 6404 Boot (0x1200) (5224322ae68d0d8cd49d43dff912f474) \Device\Harddisk0\DR0\Partition1
20:38:46.0034 6404 \Device\Harddisk0\DR0\Partition1 - ok
20:38:46.0074 6404 Boot (0x1200) (15983bfbcd0ddbae2eb216250d1bb4ef) \Device\Harddisk0\DR0\Partition2
20:38:46.0074 6404 \Device\Harddisk0\DR0\Partition2 - ok
20:38:46.0094 6404 Boot (0x1200) (8aeef6e26c3fd4e7296562324b6f4967) \Device\Harddisk0\DR0\Partition3
20:38:46.0094 6404 \Device\Harddisk0\DR0\Partition3 - ok
20:38:46.0094 6404 ============================================================
20:38:46.0094 6404 Scan finished
20:38:46.0094 6404 ============================================================
20:38:46.0114 5164 Detected object count: 7
20:38:46.0114 5164 Actual detected object count: 7
20:40:42.0513 5164 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:42.0513 5164 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:42.0513 5164 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:42.0513 5164 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:42.0523 5164 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:42.0523 5164 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:42.0523 5164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:42.0523 5164 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:42.0523 5164 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
20:40:42.0523 5164 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:40:42.0633 5164 \Device\Harddisk0\DR0\# - copied to quarantine
20:40:42.0643 5164 \Device\Harddisk0\DR0 - copied to quarantine
20:40:42.0743 5164 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
20:40:53.0775 5164 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
20:41:04.0389 5164 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:41:04.0560 5164 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:41:04.0670 5164 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
20:41:04.0760 5164 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
20:41:04.0840 5164 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
20:41:04.0850 5164 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
20:41:04.0860 5164 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
20:41:04.0870 5164 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
20:41:15.0104 5164 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
20:41:25.0937 5164 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
20:41:25.0947 5164 \Device\Harddisk0\DR0\TDLFS\raqx - copied to quarantine
20:41:26.0047 5164 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
20:41:26.0057 5164 \Device\Harddisk0\DR0 - ok
20:41:27.0398 5164 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
20:41:27.0408 5164 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:41:27.0408 5164 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:41:56.0257 4816 Deinitialize success

#25
Nedklaw

Posted 07 May 2012 - 04:25 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

Step 1

Run TDSSKiller using the same instructions as before and when you get to the following screen, the TDSS File System needs to be changed from Skip to Delete. You must leave all of the other items as Skip and then click Continue to remove the TDSS File System.

Posted Image

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents in your next reply.

Step 2

Start RogueKiller.exe.
Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
Wait until the Prescan has finished.
Click on Scan.
Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.
The report has been created on the desktop.
Next click on ShortcutsFix.
The report has been created on the desktop.

Step 3

Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

TDSSKiller.[Version]_[Date]_[Time]_log.txt
All RKreport.txt files
OTL.txt

#26
Ballerhappygirl

Posted 07 May 2012 - 10:58 PM

Member

Topic Starter
Member
19 posts

23:35:49.0290 3020 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
23:35:49.0712 3020 ============================================================
23:35:49.0712 3020 Current date / time: 2012/05/07 23:35:49.0712
23:35:49.0712 3020 SystemInfo:
23:35:49.0712 3020
23:35:49.0712 3020 OS Version: 6.1.7601 ServicePack: 1.0
23:35:49.0712 3020 Product type: Workstation
23:35:49.0712 3020 ComputerName: SCHANEY-HP
23:35:49.0712 3020 UserName: schaney
23:35:49.0712 3020 Windows directory: C:\Windows
23:35:49.0712 3020 System windows directory: C:\Windows
23:35:49.0712 3020 Running under WOW64
23:35:49.0712 3020 Processor architecture: Intel x64
23:35:49.0712 3020 Number of processors: 4
23:35:49.0712 3020 Page size: 0x1000
23:35:49.0712 3020 Boot type: Normal boot
23:35:49.0712 3020 ============================================================
23:35:50.0273 3020 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:35:50.0273 3020 ============================================================
23:35:50.0273 3020 \Device\Harddisk0\DR0:
23:35:50.0273 3020 MBR partitions:
23:35:50.0273 3020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:35:50.0273 3020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x380E6800
23:35:50.0273 3020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3814A800, BlocksNum 0x2207800
23:35:50.0273 3020 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:35:50.0273 3020 ============================================================
23:35:50.0320 3020 C: <-> \Device\Harddisk0\DR0\Partition1
23:35:50.0445 3020 D: <-> \Device\Harddisk0\DR0\Partition2
23:35:50.0445 3020 ============================================================
23:35:50.0445 3020 Initialize success
23:35:50.0445 3020 ============================================================
23:36:30.0949 5396 ============================================================
23:36:30.0949 5396 Scan started
23:36:30.0949 5396 Mode: Manual; SigCheck; TDLFS;
23:36:30.0949 5396 ============================================================
23:36:31.0510 5396 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
23:36:31.0573 5396 !SASCORE - ok
23:36:31.0776 5396 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:36:31.0822 5396 1394ohci - ok
23:36:31.0854 5396 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:36:31.0885 5396 ACPI - ok
23:36:31.0916 5396 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:36:31.0978 5396 AcpiPmi - ok
23:36:32.0103 5396 Adobe LM Service (52fdd74c71bd8181feccea13d1d76210) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:36:32.0119 5396 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:36:32.0119 5396 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:36:32.0244 5396 Adobe Version Cue CS2 (41d15ead554396bf35b7c5246ad47a28) C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe
23:36:32.0275 5396 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - warning
23:36:32.0275 5396 Adobe Version Cue CS2 - detected UnsignedFile.Multi.Generic (1)
23:36:32.0400 5396 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:36:32.0400 5396 AdobeARMservice - ok
23:36:32.0462 5396 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:36:32.0509 5396 adp94xx - ok
23:36:32.0618 5396 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:36:32.0680 5396 adpahci - ok
23:36:32.0790 5396 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:36:32.0836 5396 adpu320 - ok
23:36:32.0868 5396 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:36:32.0930 5396 AeLookupSvc - ok
23:36:33.0008 5396 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
23:36:33.0024 5396 AERTFilters - ok
23:36:33.0102 5396 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:36:33.0211 5396 AFD - ok
23:36:33.0289 5396 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
23:36:33.0336 5396 AgereSoftModem - ok
23:36:33.0398 5396 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:36:33.0414 5396 agp440 - ok
23:36:33.0445 5396 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:36:33.0476 5396 ALG - ok
23:36:33.0523 5396 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:36:33.0538 5396 aliide - ok
23:36:33.0554 5396 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:36:33.0601 5396 amdide - ok
23:36:33.0648 5396 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:36:33.0679 5396 AmdK8 - ok
23:36:33.0694 5396 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:36:33.0741 5396 AmdPPM - ok
23:36:33.0804 5396 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:36:33.0819 5396 amdsata - ok
23:36:33.0850 5396 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:36:33.0866 5396 amdsbs - ok
23:36:33.0882 5396 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:36:33.0897 5396 amdxata - ok
23:36:33.0944 5396 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:36:34.0006 5396 AppID - ok
23:36:34.0053 5396 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:36:34.0100 5396 AppIDSvc - ok
23:36:34.0162 5396 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:36:34.0209 5396 Appinfo - ok
23:36:34.0334 5396 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:36:34.0334 5396 Apple Mobile Device - ok
23:36:34.0412 5396 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:36:34.0412 5396 arc - ok
23:36:34.0443 5396 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:36:34.0459 5396 arcsas - ok
23:36:34.0474 5396 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:36:34.0521 5396 AsyncMac - ok
23:36:34.0552 5396 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:36:34.0584 5396 atapi - ok
23:36:34.0680 5396 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
23:36:34.0840 5396 athr - ok
23:36:34.0980 5396 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:35.0060 5396 AudioEndpointBuilder - ok
23:36:35.0070 5396 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:36:35.0120 5396 AudioSrv - ok
23:36:35.0190 5396 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:36:35.0260 5396 AxInstSV - ok
23:36:35.0350 5396 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:36:35.0410 5396 b06bdrv - ok
23:36:35.0470 5396 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:36:35.0530 5396 b57nd60a - ok
23:36:35.0680 5396 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
23:36:35.0700 5396 BBSvc - ok
23:36:35.0840 5396 BCM43XX (810be94a9e42309b3f74217ac28bc6ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:36:36.0000 5396 BCM43XX - ok
23:36:36.0100 5396 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:36:36.0150 5396 BDESVC - ok
23:36:36.0220 5396 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:36:36.0270 5396 Beep - ok
23:36:36.0360 5396 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
23:36:36.0430 5396 BFE - ok
23:36:36.0500 5396 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
23:36:36.0560 5396 BITS - ok
23:36:36.0660 5396 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:36:36.0680 5396 blbdrive - ok
23:36:36.0794 5396 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
23:36:36.0810 5396 Bonjour Service - ok
23:36:36.0872 5396 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:36:36.0888 5396 bowser - ok
23:36:36.0919 5396 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:36:36.0981 5396 BrFiltLo - ok
23:36:36.0981 5396 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:36:37.0012 5396 BrFiltUp - ok
23:36:37.0044 5396 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
23:36:37.0090 5396 BridgeMP - ok
23:36:37.0137 5396 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:36:37.0184 5396 Browser - ok
23:36:37.0215 5396 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:36:37.0231 5396 Brserid - ok
23:36:37.0262 5396 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:36:37.0278 5396 BrSerWdm - ok
23:36:37.0309 5396 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:36:37.0371 5396 BrUsbMdm - ok
23:36:37.0387 5396 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:36:37.0402 5396 BrUsbSer - ok
23:36:37.0465 5396 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
23:36:37.0527 5396 BthEnum - ok
23:36:37.0558 5396 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:36:37.0590 5396 BTHMODEM - ok
23:36:37.0636 5396 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
23:36:37.0668 5396 BthPan - ok
23:36:37.0730 5396 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
23:36:37.0777 5396 BTHPORT - ok
23:36:37.0839 5396 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:36:37.0886 5396 bthserv - ok
23:36:37.0964 5396 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
23:36:37.0980 5396 BTHUSB - ok
23:36:38.0011 5396 catchme - ok
23:36:38.0042 5396 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:36:38.0104 5396 cdfs - ok
23:36:38.0292 5396 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:36:38.0338 5396 cdrom - ok
23:36:38.0385 5396 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:36:38.0463 5396 CertPropSvc - ok
23:36:39.0009 5396 CinemaNow Service (533328a3d9a9c286682525842547540c) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
23:36:39.0025 5396 CinemaNow Service - ok
23:36:39.0056 5396 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:36:39.0087 5396 circlass - ok
23:36:39.0134 5396 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:36:39.0150 5396 CLFS - ok
23:36:39.0243 5396 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:36:39.0243 5396 clr_optimization_v2.0.50727_32 - ok
23:36:39.0306 5396 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:36:39.0306 5396 clr_optimization_v2.0.50727_64 - ok
23:36:39.0368 5396 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:36:39.0384 5396 clr_optimization_v4.0.30319_32 - ok
23:36:39.0430 5396 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:36:39.0446 5396 clr_optimization_v4.0.30319_64 - ok
23:36:39.0477 5396 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:36:39.0508 5396 CmBatt - ok
23:36:39.0540 5396 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:36:39.0555 5396 cmdide - ok
23:36:39.0602 5396 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
23:36:39.0649 5396 CNG - ok
23:36:39.0680 5396 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:36:39.0696 5396 Compbatt - ok
23:36:39.0758 5396 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:36:39.0820 5396 CompositeBus - ok
23:36:39.0836 5396 COMSysApp - ok
23:36:39.0867 5396 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:36:39.0898 5396 crcdisk - ok
23:36:39.0945 5396 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
23:36:39.0992 5396 CryptSvc - ok
23:36:40.0039 5396 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:36:40.0101 5396 DcomLaunch - ok
23:36:40.0148 5396 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:36:40.0210 5396 defragsvc - ok
23:36:40.0257 5396 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:36:40.0320 5396 DfsC - ok
23:36:40.0382 5396 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:36:40.0444 5396 Dhcp - ok
23:36:40.0460 5396 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:36:40.0507 5396 discache - ok
23:36:40.0569 5396 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:36:40.0569 5396 Disk - ok
23:36:40.0616 5396 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:36:40.0663 5396 Dnscache - ok
23:36:40.0710 5396 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:36:40.0756 5396 dot3svc - ok
23:36:40.0772 5396 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:36:40.0834 5396 DPS - ok
23:36:40.0850 5396 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:36:40.0866 5396 drmkaud - ok
23:36:40.0959 5396 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:36:41.0006 5396 DXGKrnl - ok
23:36:41.0037 5396 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:36:41.0084 5396 EapHost - ok
23:36:41.0240 5396 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:36:41.0334 5396 ebdrv - ok
23:36:41.0443 5396 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:36:41.0490 5396 EFS - ok
23:36:41.0583 5396 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:36:41.0661 5396 ehRecvr - ok
23:36:41.0708 5396 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:36:41.0739 5396 ehSched - ok
23:36:41.0817 5396 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:36:41.0864 5396 elxstor - ok
23:36:41.0880 5396 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:36:41.0911 5396 ErrDev - ok
23:36:41.0958 5396 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:36:42.0020 5396 EventSystem - ok
23:36:42.0067 5396 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:36:42.0114 5396 exfat - ok
23:36:42.0145 5396 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:36:42.0192 5396 fastfat - ok
23:36:42.0254 5396 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:36:42.0301 5396 Fax - ok
23:36:42.0332 5396 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:36:42.0363 5396 fdc - ok
23:36:42.0394 5396 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:36:42.0457 5396 fdPHost - ok
23:36:42.0472 5396 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:36:42.0535 5396 FDResPub - ok
23:36:42.0566 5396 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:36:42.0582 5396 FileInfo - ok
23:36:42.0597 5396 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:36:42.0644 5396 Filetrace - ok
23:36:42.0675 5396 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:36:42.0691 5396 flpydisk - ok
23:36:42.0722 5396 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:36:42.0753 5396 FltMgr - ok
23:36:42.0816 5396 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:36:42.0956 5396 FontCache - ok
23:36:43.0018 5396 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:36:43.0034 5396 FontCache3.0.0.0 - ok
23:36:43.0081 5396 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:36:43.0096 5396 FsDepends - ok
23:36:43.0128 5396 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:36:43.0143 5396 Fs_Rec - ok
23:36:43.0190 5396 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:36:43.0221 5396 fvevol - ok
23:36:43.0252 5396 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:36:43.0268 5396 gagp30kx - ok
23:36:43.0362 5396 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
23:36:43.0377 5396 GameConsoleService - ok
23:36:43.0408 5396 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:36:43.0424 5396 GEARAspiWDM - ok
23:36:43.0471 5396 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:36:43.0564 5396 gpsvc - ok
23:36:43.0720 5396 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:43.0736 5396 gupdate - ok
23:36:43.0767 5396 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:36:43.0767 5396 gupdatem - ok
23:36:43.0830 5396 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:36:43.0845 5396 gusvc - ok
23:36:43.0876 5396 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:36:43.0923 5396 hcw85cir - ok
23:36:43.0986 5396 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:36:44.0032 5396 HdAudAddService - ok
23:36:44.0079 5396 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:36:44.0095 5396 HDAudBus - ok
23:36:44.0142 5396 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:36:44.0157 5396 HECIx64 - ok
23:36:44.0188 5396 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:36:44.0204 5396 HidBatt - ok
23:36:44.0235 5396 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:36:44.0251 5396 HidBth - ok
23:36:44.0282 5396 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:36:44.0313 5396 HidIr - ok
23:36:44.0360 5396 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
23:36:44.0412 5396 hidserv - ok
23:36:44.0460 5396 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:36:44.0475 5396 HidUsb - ok
23:36:44.0506 5396 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:36:44.0584 5396 hkmsvc - ok
23:36:44.0616 5396 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:36:44.0647 5396 HomeGroupListener - ok
23:36:44.0694 5396 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:36:44.0709 5396 HomeGroupProvider - ok
23:36:44.0803 5396 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:36:44.0818 5396 HP Support Assistant Service - ok
23:36:44.0896 5396 HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
23:36:44.0896 5396 HP Wireless Assistant Service - ok
23:36:44.0974 5396 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
23:36:44.0974 5396 HPDrvMntSvc.exe - ok
23:36:45.0052 5396 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:36:45.0084 5396 hpqwmiex - ok
23:36:45.0208 5396 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:36:45.0224 5396 HpSAMD - ok
23:36:45.0286 5396 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:36:45.0302 5396 HPWMISVC - ok
23:36:45.0364 5396 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:36:45.0442 5396 HTTP - ok
23:36:45.0474 5396 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:36:45.0474 5396 hwpolicy - ok
23:36:45.0536 5396 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:36:45.0552 5396 i8042prt - ok
23:36:45.0598 5396 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys
23:36:45.0614 5396 iaStor - ok
23:36:45.0723 5396 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:36:45.0723 5396 IAStorDataMgrSvc - ok
23:36:45.0786 5396 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:36:45.0817 5396 iaStorV - ok
23:36:45.0926 5396 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:36:45.0988 5396 idsvc - ok
23:36:46.0441 5396 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
23:36:46.0737 5396 igfx - ok
23:36:46.0846 5396 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:36:46.0862 5396 iirsp - ok
23:36:46.0940 5396 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:36:47.0034 5396 IKEEXT - ok
23:36:47.0158 5396 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
23:36:47.0236 5396 IntcAzAudAddService - ok
23:36:47.0346 5396 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
23:36:47.0392 5396 IntcDAud - ok
23:36:47.0424 5396 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:36:47.0439 5396 intelide - ok
23:36:47.0470 5396 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:36:47.0486 5396 intelppm - ok
23:36:47.0533 5396 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:36:47.0580 5396 IPBusEnum - ok
23:36:47.0658 5396 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:36:47.0798 5396 IpFilterDriver - ok
23:36:47.0907 5396 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
23:36:47.0954 5396 iphlpsvc - ok
23:36:47.0985 5396 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:36:48.0001 5396 IPMIDRV - ok
23:36:48.0048 5396 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:36:48.0110 5396 IPNAT - ok
23:36:48.0219 5396 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
23:36:48.0235 5396 iPod Service - ok
23:36:48.0266 5396 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:36:48.0328 5396 IRENUM - ok
23:36:48.0360 5396 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:36:48.0375 5396 isapnp - ok
23:36:48.0391 5396 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:36:48.0422 5396 iScsiPrt - ok
23:36:48.0453 5396 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
23:36:48.0453 5396 kbdclass - ok
23:36:48.0484 5396 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
23:36:48.0516 5396 kbdhid - ok
23:36:48.0562 5396 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:48.0562 5396 KeyIso - ok
23:36:48.0594 5396 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
23:36:48.0609 5396 KSecDD - ok
23:36:48.0625 5396 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
23:36:48.0625 5396 KSecPkg - ok
23:36:48.0672 5396 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:36:48.0734 5396 ksthunk - ok
23:36:48.0781 5396 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:36:48.0843 5396 KtmRm - ok
23:36:48.0921 5396 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
23:36:48.0968 5396 LanmanServer - ok
23:36:48.0999 5396 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:36:49.0062 5396 LanmanWorkstation - ok
23:36:49.0093 5396 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:36:49.0140 5396 lltdio - ok
23:36:49.0186 5396 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:36:49.0264 5396 lltdsvc - ok
23:36:49.0280 5396 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:36:49.0327 5396 lmhosts - ok
23:36:49.0420 5396 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:36:49.0436 5396 LMS - ok
23:36:49.0483 5396 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:36:49.0498 5396 LSI_FC - ok
23:36:49.0514 5396 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:36:49.0514 5396 LSI_SAS - ok
23:36:49.0545 5396 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:36:49.0561 5396 LSI_SAS2 - ok
23:36:49.0576 5396 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:36:49.0592 5396 LSI_SCSI - ok
23:36:49.0623 5396 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:36:49.0701 5396 luafv - ok
23:36:49.0779 5396 McAfeeEngineService (cec4d9c0a64993f4f82fd77a84b21944) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
23:36:49.0795 5396 McAfeeEngineService - ok
23:36:49.0842 5396 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
23:36:49.0842 5396 McAfeeFramework - ok
23:36:49.0857 5396 McShield (911a6416d429ee8a8804d44f2e181a31) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
23:36:49.0873 5396 McShield - ok
23:36:49.0873 5396 McTaskManager (f199668780c3d208930257a7ce655c27) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
23:36:49.0888 5396 McTaskManager - ok
23:36:49.0935 5396 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:36:49.0951 5396 Mcx2Svc - ok
23:36:49.0982 5396 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:36:49.0998 5396 megasas - ok
23:36:50.0044 5396 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:36:50.0060 5396 MegaSR - ok
23:36:50.0107 5396 mfeapfk (12ad015f8c2c109c6a74d25da94607fe) C:\Windows\system32\drivers\mfeapfk.sys
23:36:50.0107 5396 mfeapfk - ok
23:36:50.0122 5396 mfeavfk (dd17753ad5fa52f3bcd3b512934690c4) C:\Windows\system32\drivers\mfeavfk.sys
23:36:50.0138 5396 mfeavfk - ok
23:36:50.0185 5396 mfehidk (3ba96b0584ad024f03eb9835d45619c2) C:\Windows\system32\drivers\mfehidk.sys
23:36:50.0216 5396 mfehidk - ok
23:36:50.0232 5396 mferkdet (158c24a8ed5f2cab71a86fd775bc1727) C:\Windows\system32\drivers\mferkdet.sys
23:36:50.0247 5396 mferkdet - ok
23:36:50.0247 5396 mfetdik (6cfff53e82808268dd61ab4790a36426) C:\Windows\system32\drivers\mfetdik.sys
23:36:50.0263 5396 mfetdik - ok
23:36:50.0294 5396 mfevtp (be9d3bf69f3958492b56dce7ea7f5fa9) C:\Windows\system32\mfevtps.exe
23:36:50.0294 5396 mfevtp - ok
23:36:50.0403 5396 Microsoft SharePoint Workspace Audit Service - ok
23:36:50.0419 5396 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:36:50.0481 5396 MMCSS - ok
23:36:50.0497 5396 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:36:50.0559 5396 Modem - ok
23:36:50.0575 5396 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:36:50.0606 5396 monitor - ok
23:36:50.0653 5396 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:36:50.0668 5396 mouclass - ok
23:36:50.0700 5396 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:36:50.0715 5396 mouhid - ok
23:36:50.0746 5396 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:36:50.0762 5396 mountmgr - ok
23:36:50.0778 5396 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:36:50.0793 5396 mpio - ok
23:36:50.0824 5396 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:36:50.0871 5396 mpsdrv - ok
23:36:50.0965 5396 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
23:36:51.0043 5396 MpsSvc - ok
23:36:51.0090 5396 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:36:51.0136 5396 MRxDAV - ok
23:36:51.0168 5396 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:36:51.0214 5396 mrxsmb - ok
23:36:51.0246 5396 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:36:51.0292 5396 mrxsmb10 - ok
23:36:51.0308 5396 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:36:51.0324 5396 mrxsmb20 - ok
23:36:51.0339 5396 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:36:51.0355 5396 msahci - ok
23:36:51.0386 5396 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:36:51.0402 5396 msdsm - ok
23:36:51.0433 5396 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:36:51.0464 5396 MSDTC - ok
23:36:51.0495 5396 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:36:51.0558 5396 Msfs - ok
23:36:51.0589 5396 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:36:51.0636 5396 mshidkmdf - ok
23:36:51.0667 5396 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:36:51.0667 5396 msisadrv - ok
23:36:51.0714 5396 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:36:51.0760 5396 MSiSCSI - ok
23:36:51.0760 5396 msiserver - ok
23:36:51.0807 5396 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:36:51.0870 5396 MSKSSRV - ok
23:36:51.0885 5396 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:36:51.0932 5396 MSPCLOCK - ok
23:36:51.0948 5396 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:36:52.0010 5396 MSPQM - ok
23:36:52.0057 5396 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:36:52.0088 5396 MsRPC - ok
23:36:52.0119 5396 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:36:52.0135 5396 mssmbios - ok
23:36:52.0150 5396 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:36:52.0197 5396 MSTEE - ok
23:36:52.0213 5396 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:36:52.0228 5396 MTConfig - ok
23:36:52.0260 5396 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:36:52.0275 5396 Mup - ok
23:36:52.0322 5396 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:36:52.0400 5396 napagent - ok
23:36:52.0431 5396 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:36:52.0478 5396 NativeWifiP - ok
23:36:52.0572 5396 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:36:52.0603 5396 NDIS - ok
23:36:52.0634 5396 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:36:52.0681 5396 NdisCap - ok
23:36:52.0728 5396 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:36:52.0774 5396 NdisTapi - ok
23:36:52.0821 5396 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:36:52.0884 5396 Ndisuio - ok
23:36:52.0930 5396 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:36:52.0977 5396 NdisWan - ok
23:36:53.0055 5396 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:36:53.0086 5396 NDProxy - ok
23:36:53.0118 5396 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
23:36:53.0133 5396 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:36:53.0133 5396 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:36:53.0149 5396 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:36:53.0211 5396 NetBIOS - ok
23:36:53.0242 5396 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:36:53.0274 5396 NetBT - ok
23:36:53.0320 5396 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:53.0320 5396 Netlogon - ok
23:36:53.0367 5396 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:36:53.0430 5396 Netman - ok
23:36:53.0461 5396 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:36:53.0539 5396 netprofm - ok
23:36:53.0632 5396 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:36:53.0648 5396 NetTcpPortSharing - ok
23:36:53.0882 5396 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
23:36:54.0038 5396 netw5v64 - ok
23:36:54.0147 5396 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:36:54.0163 5396 nfrd960 - ok
23:36:54.0459 5396 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:36:54.0537 5396 NlaSvc - ok
23:36:54.0740 5396 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
23:36:54.0834 5396 NOBU - ok
23:36:54.0958 5396 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:36:54.0990 5396 Npfs - ok
23:36:55.0021 5396 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:36:55.0068 5396 nsi - ok
23:36:55.0099 5396 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:36:55.0146 5396 nsiproxy - ok
23:36:55.0239 5396 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:36:55.0270 5396 Ntfs - ok
23:36:55.0380 5396 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:36:55.0426 5396 Null - ok
23:36:55.0473 5396 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:36:55.0489 5396 nvraid - ok
23:36:55.0504 5396 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:36:55.0520 5396 nvstor - ok
23:36:55.0551 5396 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:36:55.0567 5396 nv_agp - ok
23:36:55.0598 5396 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:36:55.0629 5396 ohci1394 - ok
23:36:55.0723 5396 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:36:55.0738 5396 ose - ok
23:36:56.0019 5396 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:36:56.0206 5396 osppsvc - ok
23:36:56.0316 5396 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:36:56.0362 5396 p2pimsvc - ok
23:36:56.0394 5396 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:36:56.0425 5396 p2psvc - ok
23:36:56.0487 5396 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:36:56.0503 5396 Parport - ok
23:36:56.0550 5396 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:36:56.0550 5396 partmgr - ok
23:36:56.0581 5396 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:36:56.0612 5396 PcaSvc - ok
23:36:56.0643 5396 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:36:56.0659 5396 pci - ok
23:36:56.0674 5396 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:36:56.0690 5396 pciide - ok
23:36:56.0721 5396 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:36:56.0737 5396 pcmcia - ok
23:36:56.0768 5396 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:36:56.0784 5396 pcw - ok
23:36:56.0815 5396 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:36:56.0893 5396 PEAUTH - ok
23:36:56.0986 5396 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:36:57.0002 5396 PerfHost - ok
23:36:57.0096 5396 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:36:57.0174 5396 pla - ok
23:36:57.0220 5396 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:36:57.0283 5396 PlugPlay - ok
23:36:57.0314 5396 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
23:36:57.0345 5396 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:36:57.0345 5396 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:36:57.0392 5396 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:36:57.0423 5396 PNRPAutoReg - ok
23:36:57.0454 5396 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:36:57.0470 5396 PNRPsvc - ok
23:36:57.0532 5396 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:36:57.0609 5396 PolicyAgent - ok
23:36:57.0669 5396 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:36:57.0719 5396 Power - ok
23:36:57.0779 5396 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:36:57.0869 5396 PptpMiniport - ok
23:36:57.0889 5396 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:36:57.0909 5396 Processor - ok
23:36:58.0179 5396 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
23:36:58.0259 5396 ProfSvc - ok
23:36:58.0349 5396 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:36:58.0359 5396 ProtectedStorage - ok
23:36:58.0419 5396 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:36:58.0469 5396 Psched - ok
23:36:58.0609 5396 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:36:58.0679 5396 ql2300 - ok
23:36:59.0149 5396 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:36:59.0159 5396 ql40xx - ok
23:36:59.0189 5396 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:36:59.0239 5396 QWAVE - ok
23:36:59.0249 5396 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:36:59.0279 5396 QWAVEdrv - ok
23:36:59.0299 5396 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:36:59.0349 5396 RasAcd - ok
23:36:59.0409 5396 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:36:59.0449 5396 RasAgileVpn - ok
23:36:59.0479 5396 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:36:59.0539 5396 RasAuto - ok
23:36:59.0599 5396 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:36:59.0667 5396 Rasl2tp - ok
23:36:59.0729 5396 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:36:59.0792 5396 RasMan - ok
23:36:59.0854 5396 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:36:59.0917 5396 RasPppoe - ok
23:36:59.0963 5396 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:37:00.0010 5396 RasSstp - ok
23:37:00.0057 5396 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:37:00.0119 5396 rdbss - ok
23:37:00.0135 5396 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:37:00.0182 5396 rdpbus - ok
23:37:00.0197 5396 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:37:00.0260 5396 RDPCDD - ok
23:37:00.0275 5396 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:37:00.0338 5396 RDPENCDD - ok
23:37:00.0353 5396 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:37:00.0385 5396 RDPREFMP - ok
23:37:00.0416 5396 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
23:37:00.0478 5396 RDPWD - ok
23:37:00.0556 5396 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:37:00.0572 5396 rdyboost - ok
23:37:00.0619 5396 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:37:00.0665 5396 RemoteAccess - ok
23:37:00.0712 5396 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:37:00.0775 5396 RemoteRegistry - ok
23:37:00.0821 5396 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
23:37:00.0853 5396 RFCOMM - ok
23:37:00.0868 5396 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:37:00.0931 5396 RpcEptMapper - ok
23:37:00.0977 5396 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:37:00.0993 5396 RpcLocator - ok
23:37:01.0040 5396 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
23:37:01.0087 5396 RpcSs - ok
23:37:01.0118 5396 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:37:01.0180 5396 rspndr - ok
23:37:01.0258 5396 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
23:37:01.0321 5396 RSUSBSTOR - ok
23:37:01.0367 5396 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:37:01.0399 5396 RTL8167 - ok
23:37:01.0477 5396 RtVOsdService (4ea7e5df0cb237156176fa0349e6e87f) C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
23:37:01.0477 5396 RtVOsdService ( UnsignedFile.Multi.Generic ) - warning
23:37:01.0477 5396 RtVOsdService - detected UnsignedFile.Multi.Generic (1)
23:37:01.0508 5396 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:01.0523 5396 SamSs - ok
23:37:01.0601 5396 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:37:01.0601 5396 SASDIFSV - ok
23:37:01.0617 5396 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:37:01.0633 5396 SASKUTIL - ok
23:37:01.0664 5396 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:37:01.0679 5396 sbp2port - ok
23:37:01.0711 5396 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:37:01.0789 5396 SCardSvr - ok
23:37:01.0820 5396 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:37:01.0867 5396 scfilter - ok
23:37:01.0945 5396 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:37:02.0007 5396 Schedule - ok
23:37:02.0023 5396 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:37:02.0054 5396 SCPolicySvc - ok
23:37:02.0101 5396 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
23:37:02.0147 5396 sdbus - ok
23:37:02.0179 5396 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:37:02.0210 5396 SDRSVC - ok
23:37:02.0303 5396 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
23:37:02.0319 5396 SeaPort - ok
23:37:02.0366 5396 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:37:02.0413 5396 secdrv - ok
23:37:02.0444 5396 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:37:02.0506 5396 seclogon - ok
23:37:02.0537 5396 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
23:37:02.0584 5396 SENS - ok
23:37:02.0615 5396 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:37:02.0647 5396 SensrSvc - ok
23:37:02.0678 5396 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:37:02.0693 5396 Serenum - ok
23:37:02.0725 5396 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:37:02.0756 5396 Serial - ok
23:37:02.0787 5396 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:37:02.0818 5396 sermouse - ok
23:37:02.0881 5396 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:37:02.0927 5396 SessionEnv - ok
23:37:02.0959 5396 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:37:02.0990 5396 sffdisk - ok
23:37:03.0005 5396 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:37:03.0021 5396 sffp_mmc - ok
23:37:03.0052 5396 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:37:03.0099 5396 sffp_sd - ok
23:37:03.0130 5396 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:37:03.0161 5396 sfloppy - ok
23:37:03.0224 5396 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:37:03.0302 5396 SharedAccess - ok
23:37:03.0333 5396 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:37:03.0395 5396 ShellHWDetection - ok
23:37:03.0473 5396 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:37:03.0473 5396 SiSRaid2 - ok
23:37:03.0505 5396 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:37:03.0520 5396 SiSRaid4 - ok
23:37:03.0567 5396 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:37:03.0614 5396 Smb - ok
23:37:03.0661 5396 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:37:03.0692 5396 SNMPTRAP - ok
23:37:03.0707 5396 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:37:03.0723 5396 spldr - ok
23:37:03.0770 5396 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:37:03.0817 5396 Spooler - ok
23:37:03.0973 5396 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:37:04.0066 5396 sppsvc - ok
23:37:04.0160 5396 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:37:04.0207 5396 sppuinotify - ok
23:37:04.0253 5396 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:37:04.0316 5396 srv - ok
23:37:04.0347 5396 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:37:04.0394 5396 srv2 - ok
23:37:04.0472 5396 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:37:04.0487 5396 SrvHsfHDA - ok
23:37:04.0581 5396 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:37:04.0690 5396 SrvHsfV92 - ok
23:37:04.0846 5396 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:37:04.0877 5396 SrvHsfWinac - ok
23:37:04.0924 5396 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:37:04.0940 5396 srvnet - ok
23:37:05.0002 5396 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:37:05.0049 5396 SSDPSRV - ok
23:37:05.0080 5396 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:37:05.0111 5396 SstpSvc - ok
23:37:05.0127 5396 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:37:05.0143 5396 stexstor - ok
23:37:05.0205 5396 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:37:05.0252 5396 stisvc - ok
23:37:05.0267 5396 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:37:05.0283 5396 swenum - ok
23:37:05.0330 5396 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:37:05.0392 5396 swprv - ok
23:37:05.0501 5396 SynTP (961cfac2a5318e212f459d651f28e0a4) C:\Windows\system32\DRIVERS\SynTP.sys
23:37:05.0564 5396 SynTP - ok
23:37:05.0720 5396 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:37:05.0829 5396 SysMain - ok
23:37:05.0923 5396 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:37:05.0938 5396 TabletInputService - ok
23:37:05.0985 5396 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:37:06.0047 5396 TapiSrv - ok
23:37:06.0079 5396 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:37:06.0110 5396 TBS - ok
23:37:06.0235 5396 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:37:06.0281 5396 Tcpip - ok
23:37:06.0406 5396 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:37:06.0437 5396 TCPIP6 - ok
23:37:06.0529 5396 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:37:06.0589 5396 tcpipreg - ok
23:37:06.0629 5396 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:37:06.0659 5396 TDPIPE - ok
23:37:06.0699 5396 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:37:06.0719 5396 TDTCP - ok
23:37:06.0759 5396 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:37:06.0789 5396 tdx - ok
23:37:06.0839 5396 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:37:06.0849 5396 TermDD - ok
23:37:06.0889 5396 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:37:06.0939 5396 TermService - ok
23:37:06.0969 5396 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:37:06.0999 5396 Themes - ok
23:37:07.0019 5396 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:37:07.0069 5396 THREADORDER - ok
23:37:07.0079 5396 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:37:07.0139 5396 TrkWks - ok
23:37:07.0189 5396 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:37:07.0239 5396 TrustedInstaller - ok
23:37:07.0279 5396 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:37:07.0339 5396 tssecsrv - ok
23:37:07.0389 5396 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:37:07.0419 5396 TsUsbFlt - ok
23:37:07.0479 5396 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:37:07.0539 5396 tunnel - ok
23:37:07.0579 5396 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:37:07.0589 5396 uagp35 - ok
23:37:07.0639 5396 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:37:07.0679 5396 udfs - ok
23:37:07.0709 5396 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:37:07.0729 5396 UI0Detect - ok
23:37:07.0759 5396 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:37:07.0769 5396 uliagpkx - ok
23:37:07.0809 5396 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:37:07.0819 5396 umbus - ok
23:37:07.0839 5396 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:37:07.0869 5396 UmPass - ok
23:37:08.0059 5396 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:37:08.0109 5396 UNS - ok
23:37:08.0239 5396 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:37:08.0299 5396 upnphost - ok
23:37:08.0339 5396 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:37:08.0369 5396 usbccgp - ok
23:37:08.0399 5396 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:37:08.0419 5396 usbcir - ok
23:37:08.0429 5396 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:37:08.0469 5396 usbehci - ok
23:37:08.0544 5396 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:37:08.0622 5396 usbhub - ok
23:37:08.0653 5396 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:37:08.0685 5396 usbohci - ok
23:37:08.0731 5396 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:37:08.0747 5396 usbprint - ok
23:37:08.0778 5396 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
23:37:08.0809 5396 USBSTOR - ok
23:37:08.0825 5396 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:37:08.0841 5396 usbuhci - ok
23:37:08.0887 5396 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
23:37:08.0903 5396 usbvideo - ok
23:37:08.0934 5396 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:37:08.0981 5396 UxSms - ok
23:37:09.0059 5396 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:37:09.0059 5396 VaultSvc - ok
23:37:09.0106 5396 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:37:09.0121 5396 vdrvroot - ok
23:37:09.0153 5396 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:37:09.0231 5396 vds - ok
23:37:09.0246 5396 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:37:09.0277 5396 vga - ok
23:37:09.0293 5396 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:37:09.0355 5396 VgaSave - ok
23:37:09.0402 5396 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:37:09.0418 5396 vhdmp - ok
23:37:09.0433 5396 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:37:09.0449 5396 viaide - ok
23:37:09.0465 5396 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:37:09.0480 5396 volmgr - ok
23:37:09.0511 5396 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:37:09.0543 5396 volmgrx - ok
23:37:09.0589 5396 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:37:09.0605 5396 volsnap - ok
23:37:09.0652 5396 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:37:09.0667 5396 vsmraid - ok
23:37:09.0761 5396 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:37:09.0823 5396 VSS - ok
23:37:09.0917 5396 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:37:09.0948 5396 vwifibus - ok
23:37:09.0964 5396 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:37:10.0011 5396 vwififlt - ok
23:37:10.0042 5396 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:37:10.0089 5396 W32Time - ok
23:37:10.0120 5396 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:37:10.0135 5396 WacomPen - ok
23:37:10.0245 5396 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:10.0291 5396 WANARP - ok
23:37:10.0307 5396 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:37:10.0338 5396 Wanarpv6 - ok
23:37:10.0447 5396 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:37:10.0479 5396 WatAdminSvc - ok
23:37:10.0557 5396 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:37:10.0603 5396 wbengine - ok
23:37:10.0697 5396 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:37:10.0713 5396 WbioSrvc - ok
23:37:10.0759 5396 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:37:10.0791 5396 wcncsvc - ok
23:37:10.0806 5396 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:37:10.0837 5396 WcsPlugInService - ok
23:37:10.0869 5396 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:37:10.0884 5396 Wd - ok
23:37:10.0931 5396 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:37:10.0947 5396 Wdf01000 - ok
23:37:10.0978 5396 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:37:11.0025 5396 WdiServiceHost - ok
23:37:11.0025 5396 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:37:11.0056 5396 WdiSystemHost - ok
23:37:11.0103 5396 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:37:11.0134 5396 WebClient - ok
23:37:11.0165 5396 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:37:11.0227 5396 Wecsvc - ok
23:37:11.0243 5396 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:37:11.0305 5396 wercplsupport - ok
23:37:11.0321 5396 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:37:11.0383 5396 WerSvc - ok
23:37:11.0461 5396 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:37:11.0493 5396 WfpLwf - ok
23:37:11.0508 5396 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:37:11.0508 5396 WIMMount - ok
23:37:11.0571 5396 WinDefend - ok
23:37:11.0571 5396 WinHttpAutoProxySvc - ok
23:37:11.0633 5396 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:37:11.0695 5396 Winmgmt - ok
23:37:12.0007 5396 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:37:12.0070 5396 WinRM - ok
23:37:12.0319 5396 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:37:12.0351 5396 Wlansvc - ok
23:37:12.0585 5396 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:37:12.0631 5396 wlidsvc - ok
23:37:12.0756 5396 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:37:12.0803 5396 WmiAcpi - ok
23:37:12.0881 5396 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:37:12.0912 5396 wmiApSrv - ok
23:37:12.0959 5396 WMPNetworkSvc - ok
23:37:12.0990 5396 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:37:13.0006 5396 WPCSvc - ok
23:37:13.0037 5396 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:37:13.0053 5396 WPDBusEnum - ok
23:37:13.0068 5396 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:37:13.0131 5396 ws2ifsl - ok
23:37:13.0193 5396 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
23:37:13.0224 5396 wscsvc - ok
23:37:13.0224 5396 WSearch - ok
23:37:13.0380 5396 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
23:37:13.0443 5396 wuauserv - ok
23:37:13.0833 5396 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:37:13.0911 5396 WudfPf - ok
23:37:13.0942 5396 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:37:13.0989 5396 WUDFRd - ok
23:37:14.0020 5396 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:37:14.0051 5396 wudfsvc - ok
23:37:14.0098 5396 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:37:14.0129 5396 WwanSvc - ok
23:37:14.0176 5396 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
23:37:14.0191 5396 yukonw7 - ok
23:37:14.0223 5396 MBR (0x1B8) (fbf3ddbd1d124587bad0e93d4f0db969) \Device\Harddisk0\DR0
23:37:14.0332 5396 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:37:14.0332 5396 \Device\Harddisk0\DR0 - detected TDSS File System (1)
23:37:14.0379 5396 Boot (0x1200) (9dcf43b27f1200469d517b079d1c6d88) \Device\Harddisk0\DR0\Partition0
23:37:14.0379 5396 \Device\Harddisk0\DR0\Partition0 - ok
23:37:14.0394 5396 Boot (0x1200) (5224322ae68d0d8cd49d43dff912f474) \Device\Harddisk0\DR0\Partition1
23:37:14.0394 5396 \Device\Harddisk0\DR0\Partition1 - ok
23:37:14.0425 5396 Boot (0x1200) (15983bfbcd0ddbae2eb216250d1bb4ef) \Device\Harddisk0\DR0\Partition2
23:37:14.0441 5396 \Device\Harddisk0\DR0\Partition2 - ok
23:37:14.0457 5396 Boot (0x1200) (8aeef6e26c3fd4e7296562324b6f4967) \Device\Harddisk0\DR0\Partition3
23:37:14.0457 5396 \Device\Harddisk0\DR0\Partition3 - ok
23:37:14.0457 5396 ============================================================
23:37:14.0457 5396 Scan finished
23:37:14.0457 5396 ============================================================
23:37:14.0472 5452 Detected object count: 6
23:37:14.0472 5452 Actual detected object count: 6
23:38:58.0692 5452 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:58.0692 5452 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:58.0692 5452 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:58.0692 5452 Adobe Version Cue CS2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:58.0692 5452 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:58.0692 5452 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:58.0708 5452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:58.0708 5452 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:58.0708 5452 RtVOsdService ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:58.0708 5452 RtVOsdService ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:58.0786 5452 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
23:38:58.0786 5452 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
23:38:58.0833 5452 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:38:58.0864 5452 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:38:58.0942 5452 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
23:38:58.0958 5452 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
23:38:58.0958 5452 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
23:38:58.0958 5452 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
23:38:58.0958 5452 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
23:38:58.0958 5452 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
23:38:58.0973 5452 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
23:38:58.0973 5452 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
23:38:58.0973 5452 \Device\Harddisk0\DR0\TDLFS\raqx - copied to quarantine
23:38:58.0973 5452 \Device\Harddisk0\DR0\TDLFS - deleted
23:38:58.0973 5452 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
23:39:37.0646 6944 Deinitialize success

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: schaney [Admin rights]
Mode: Scan -- Date: 05/07/2012 23:41:29

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] chrome_frame_helper.exe -- C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.168\chrome_frame_helper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.168\chrome_frame_helper.exe" --startup) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1451402489-2950640726-3651343478-1000[...]\Run : ChromeFrameHelper ("C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.168\chrome_frame_helper.exe" --startup) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] b5d23269103cdff52cf688ba9d05fd75
[BSP] a305362c2bab2636f66a676e4df2b149 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459213 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940877824 | Size: 17423 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: schaney [Admin rights]
Mode: Remove -- Date: 05/07/2012 23:42:09

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] chrome_frame_helper.exe -- C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.168\chrome_frame_helper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.168\chrome_frame_helper.exe" --startup) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] b5d23269103cdff52cf688ba9d05fd75
[BSP] a305362c2bab2636f66a676e4df2b149 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459213 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 940877824 | Size: 17423 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

RogueKiller V7.4.3 [05/04/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: schaney [Admin rights]
Mode: Shortcuts HJfix -- Date: 05/07/2012 23:44:35

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] chrome_frame_helper.exe -- C:\Users\schaney\AppData\Local\Google\Chrome\Application\18.0.1025.168\chrome_frame_helper.exe -> KILLED [TermProc]

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 3 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 117 / Fail 0
My documents: Success 1 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 48 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

OTL logfile created on: 5/7/2012 11:46:07 PM - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\schaney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 41.71% Memory free
7.60 Gb Paging File | 5.09 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 376.06 Gb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

Computer Name: SCHANEY-HP | User Name: schaney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/05 17:09:37 | 001,412,608 | ---- | M] () -- C:\Users\schaney\Desktop\Nedklaw.exe
PRC - [2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
PRC - [2012/02/28 19:07:54 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/11 17:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/25 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2005/04/04 19:58:30 | 003,502,080 | ---- | M] () -- C:\Users\schaney\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 19:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 18:00:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/22 18:00:06 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e3b2d98c11781e59f2e69bb71b8c853f\IAStorUtil.ni.dll
MOD - [2012/02/15 22:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 22:38:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 22:38:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 22:38:20 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/15 22:38:10 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 22:37:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 22:37:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 22:37:45 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 22:37:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 22:37:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 22:37:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 22:37:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 19:14:20 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/10/31 14:26:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/09/28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2005/08/22 17:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/25 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/25 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 12:00:30 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/22 16:21:07 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/25 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/03/25 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes,DefaultScope = {B856020B-2409-4015-B2B1-D092DFC7D22C}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{B856020B-2409-4015-B2B1-D092DFC7D22C}: "URL" = http://www.google.co...1I7ADRA_enUS416
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPNOT/1"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 15:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/22 10:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Extensions
[2011/11/11 14:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions
[2011/11/11 14:18:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/14 13:11:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/14 13:11:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/05/05 20:17:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aim-hqevents...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23D51591-C4EE-469F-9AF0-E4BFEA3D2CBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA67CC1E-E2E3-40CE-A725-5CB301336AE2}: DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 23:35:35 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\schaney\Desktop\tdsskiller.exe
[2012/05/06 20:40:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 20:28:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/05 20:12:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/05 18:45:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/05 18:45:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/05 18:45:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/05 18:45:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/05 18:35:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/05 18:33:15 | 004,484,911 | R--- | C] (Swearware) -- C:\Users\schaney\Desktop\ComboFix.exe
[2012/05/05 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{7EB1966C-E876-4304-8ACA-995F67209FEC}
[2012/05/05 17:49:38 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{475E1E61-4D8E-4C6A-A1D3-121BD84496D1}
[2012/05/05 17:13:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\RK_Quarantine
[2012/05/04 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{B893855C-1CB2-4273-8AA7-F31AC56C3233}
[2012/05/04 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{A0D19733-E4B4-4434-8C74-1E88C1857DC4}
[2012/05/03 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\New folder
[2012/05/03 18:53:41 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{C2884B8A-FF65-48D1-839A-323ECAF3EED2}
[2012/04/27 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{9971BED2-0A63-4F63-A0ED-BA73019EB8FB}
[2012/04/27 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{1498B0E8-114C-4A6B-83C4-F61A22154700}
[2012/04/27 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{415263AC-8841-47DA-BFB0-D19121FA111E}
[2012/04/26 17:31:13 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{D0C28078-58C2-4679-8D0B-D78449C9709F}
[2012/04/26 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{58E325EE-7FA5-4055-8DB0-EE7F764F293B}
[2012/04/26 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Roaming\Malwarebytes
[2012/04/26 13:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 13:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 13:27:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/26 13:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/26 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{3E90931D-3B4D-44B6-ADBF-EC7E979460EC}
[2012/04/26 12:00:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{E8743892-DCD6-4430-8719-ADAF2B63BBCC}
[2012/04/26 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 11:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/25 23:59:59 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{D4369161-1175-4952-8939-162E30DCB5DA}
[2012/04/25 23:59:12 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{58702679-D48A-4120-9929-582D5ACAB06C}
[2012/04/25 23:53:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/25 23:09:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/25 23:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/25 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{76E6C1F0-BB54-4444-B789-3B0721FC7DB9}
[2012/04/25 22:52:00 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{2E7AB63C-CE61-4C40-80E8-228079E707E6}
[2012/04/22 11:13:47 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{139C2302-8595-4DB0-838B-6E41127DCE3A}
[2012/04/22 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{2F2E990A-EAA0-4CB6-8965-ACE8F888EBA3}
[2012/04/22 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{291B2AC0-A21F-4667-A59C-0735A85E03E6}
[2012/04/19 23:49:46 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\ARVO 2012 computer work
[2012/04/15 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{EAC88ABB-0A8A-4EFC-8501-8197901CCCB1}
[2012/04/15 15:31:37 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{17A1511B-8860-4341-B19A-3C7F2514A513}
[2012/04/15 11:44:44 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{0F1D8ABF-FF45-4B54-9965-439C8C80277D}

========== Files - Modified Within 30 Days ==========

[2012/05/07 23:37:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 23:37:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 23:35:45 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\schaney\Desktop\tdsskiller.exe
[2012/05/07 23:30:12 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 23:29:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 23:29:25 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 21:12:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/06 21:11:24 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000UA.job
[2012/05/05 20:17:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/05 20:17:15 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForschaney.job
[2012/05/05 18:34:26 | 004,484,911 | R--- | M] (Swearware) -- C:\Users\schaney\Desktop\ComboFix.exe
[2012/05/05 17:09:37 | 001,412,608 | ---- | M] () -- C:\Users\schaney\Desktop\Nedklaw.exe
[2012/05/04 20:12:33 | 001,412,608 | ---- | M] () -- C:\Users\schaney\Desktop\winlogon.exe
[2012/05/04 20:04:53 | 255,054,248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/03 19:29:45 | 000,000,512 | ---- | M] () -- C:\Users\schaney\Desktop\MBR.dat
[2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:33:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 12:10:08 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000Core.job
[2012/04/26 11:26:23 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 11:26:23 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 11:26:23 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/19 22:30:45 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/05/05 18:45:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/05 18:45:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/05 18:45:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/05 18:45:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/05 18:45:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/05 17:08:25 | 001,412,608 | ---- | C] () -- C:\Users\schaney\Desktop\Nedklaw.exe
[2012/05/04 20:12:29 | 001,412,608 | ---- | C] () -- C:\Users\schaney\Desktop\winlogon.exe
[2012/05/03 19:29:45 | 000,000,512 | ---- | C] () -- C:\Users\schaney\Desktop\MBR.dat
[2012/04/27 14:29:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 09:59:45 | 255,054,248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 22:30:45 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 15:52:53 | 000,000,088 | ---- | C] () -- C:\Users\schaney\AppData\Roaming\usb.inf
[2011/07/18 11:49:05 | 000,004,096 | ---- | C] () -- C:\Users\schaney\AppData\Local\keyfile3.drm
[2011/03/23 11:36:35 | 000,001,854 | ---- | C] () -- C:\Users\schaney\AppData\Roaming\GhostObjGAFix.xml
[2010/12/20 18:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/30 20:20:12 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/10/22 16:20:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/10/22 16:20:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/15 17:11:45 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/15 14:42:24 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/05/14 13:27:50 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 12:16:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 12:16:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2010/12/20 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/20 15:12:20 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Opera
[2011/01/27 14:33:25 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Synergy Software
[2011/01/17 22:21:39 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Watchtower
[2011/02/10 11:41:13 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\webex
[2011/07/01 10:12:26 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Windows Live Writer
[2012/02/14 00:25:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#27
Nedklaw

Posted 08 May 2012 - 02:21 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

How is your system running? Are you experiencing any problems?
Have all of your shortcuts returned?

Step 1

If you have the paid version of Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

To disable MBAM

Open the scanner and select the Protection tab.
Remove the tick from Start protection module with Windows.
Reboot and then run OTL.

Posted Image

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL 
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[CREATERESTOREPOINT] 
[Reboot]

Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post the log that appears upon reboot in your next reply.
If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
Open OTL again and select the "Scan All Users" box.
Click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Posted Image

Run Malwarebytes' Anti-Malware.
Update Malwarebytes' Anti-Malware.
Once the program has updated, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart. (See Extra Note).
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Please run a free online scan with the ESET Online Scanner.
Note: You will need to use Internet Explorer or Mozilla Firefox for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start.
When asked, allow the ActiveX control to install.
Click Start.
Make sure that the options Remove found threats and the option Scan unwanted applications is checked.
Click Scan. (This scan can take several hours, so please be patient).
Once the scan is completed, you may close the window.
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Things I want to see in your next reply

Answers to my questions
OTL Fix Log
OTL.txt
MBAM Log
log.txt

#28
Ballerhappygirl

Posted 10 May 2012 - 06:02 AM

Member

Topic Starter
Member
19 posts

My computer is running a lot better. It no longer freezes on reboot, all of the suspicious folder on me desktop are gone, the game files are no longer what I see on my start menu, and I can see all of my desktop icons. Thank you very much! Here are the reports you requested:

by the way, when I got ready to post this, I couldn't find the OTL.txt file from the first time I ran it so I ran it again at the end of the sequence. I hope this is okay.

All processes killed
Error: Unable to interpret <:OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT] [Reboot]> in the current context!

OTL by OldTimer - Version 3.2.42.2 log created on 05082012_221218

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
schaney :: SCHANEY-HP [administrator]

5/8/2012 10:44:59 PM
mbam-log-2012-05-08 (22-44-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224442
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\schaney\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4e43dd3da94fd34fb058aaa5e0ae4e73
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-10 02:58:22
# local_time=2012-05-09 09:58:22 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 88109279 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=277685
# found=3
# cleaned=3
# scan_time=52873
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052012_171304\C_ProgramData\uEhBAYCSUUPOwa.exe Win32/TrojanDownloader.Prodatect.BL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052012_171304\C_Windows\System32\drivers\etc\hosts Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
OTL logfile created on: 5/9/2012 10:20:36 PM - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\schaney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 56.42% Memory free
7.60 Gb Paging File | 4.89 Gb Available in Paging File | 64.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.45 Gb Total Space | 375.55 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive D: | 17.01 Gb Total Space | 2.46 Gb Free Space | 14.45% Space Free | Partition Type: NTFS

Computer Name: SCHANEY-HP | User Name: schaney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
PRC - [2012/03/27 12:04:23 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/28 19:07:54 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/02/15 13:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/11 17:11:58 | 005,153,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/28 18:44:14 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/02/28 18:44:14 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/25 21:07:00 | 000,124,224 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/08/25 17:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 17:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
PRC - [2005/04/04 19:58:30 | 003,502,080 | ---- | M] () -- C:\Users\schaney\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 19:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 18:00:07 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/02/22 18:00:06 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e3b2d98c11781e59f2e69bb71b8c853f\IAStorUtil.ni.dll
MOD - [2012/02/15 22:38:40 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 22:38:28 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 22:38:22 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 22:38:20 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/15 22:38:10 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 22:37:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 22:37:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 22:37:45 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 22:37:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 22:37:29 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 22:37:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 22:37:23 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 19:14:20 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/10/31 14:26:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 15:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 15:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 15:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2005/08/22 17:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/06/24 16:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/25 21:07:00 | 000,079,504 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/02/15 13:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/21 03:28:36 | 000,140,272 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/25 21:07:00 | 000,180,968 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)
SRV - [2010/03/25 21:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2010/03/25 21:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)
SRV - [2010/03/18 14:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/18 14:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/25 17:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2005/04/04 19:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Users\schaney\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/20 12:00:30 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/22 16:21:07 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/25 21:07:00 | 000,469,400 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,120,096 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,097,576 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/03/25 21:07:00 | 000,084,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2010/03/25 21:07:00 | 000,078,896 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/09/22 20:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes,DefaultScope = {B856020B-2409-4015-B2B1-D092DFC7D22C}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{0D015608-8A45-4844-B368-269D67AC5B35}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{B856020B-2409-4015-B2B1-D092DFC7D22C}: "URL" = http://www.google.co...1I7ADRA_enUS416
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{CFD47BC0-4560-4AC2-8030-DF8A00A2301F}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\SearchScopes\{F08CFD64-AA6F-4C8D-85B1-B71B0FC1C6FE}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://g.msn.com/HPNOT/1"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\schaney\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/20 15:13:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/22 10:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Extensions
[2011/11/11 14:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions
[2011/11/11 14:18:39 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\schaney\AppData\Roaming\Mozilla\Firefox\Profiles\b421o4f1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/19 12:32:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/10/14 13:11:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/14 13:11:41 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2012/05/05 20:17:51 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Users\schaney\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1451402489-2950640726-3651343478-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://aim-hqevents...nt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23D51591-C4EE-469F-9AF0-E4BFEA3D2CBB}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA67CC1E-E2E3-40CE-A725-5CB301336AE2}: DhcpNameServer = 129.7.224.200 129.7.235.45 172.21.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/xhtml+xml; charset=utf-8 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=iso-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml; charset=utf-8 - No CLSID value found
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files (x86)\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/09 07:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/09 07:11:45 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012/05/07 23:35:35 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\schaney\Desktop\tdsskiller.exe
[2012/05/06 20:40:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 20:28:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/05 20:12:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/05 18:45:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/05 18:45:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/05 18:45:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/05 18:45:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/05 18:35:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/05 18:33:15 | 004,484,911 | R--- | C] (Swearware) -- C:\Users\schaney\Desktop\ComboFix.exe
[2012/05/05 17:50:23 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{7EB1966C-E876-4304-8ACA-995F67209FEC}
[2012/05/05 17:49:38 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{475E1E61-4D8E-4C6A-A1D3-121BD84496D1}
[2012/05/05 17:13:04 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 19:51:25 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\RK_Quarantine
[2012/05/04 19:28:53 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{B893855C-1CB2-4273-8AA7-F31AC56C3233}
[2012/05/04 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{A0D19733-E4B4-4434-8C74-1E88C1857DC4}
[2012/05/03 19:17:25 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\New folder
[2012/05/03 18:53:41 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{C2884B8A-FF65-48D1-839A-323ECAF3EED2}
[2012/04/27 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{9971BED2-0A63-4F63-A0ED-BA73019EB8FB}
[2012/04/27 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{1498B0E8-114C-4A6B-83C4-F61A22154700}
[2012/04/27 11:52:58 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{415263AC-8841-47DA-BFB0-D19121FA111E}
[2012/04/26 17:31:13 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{D0C28078-58C2-4679-8D0B-D78449C9709F}
[2012/04/26 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{58E325EE-7FA5-4055-8DB0-EE7F764F293B}
[2012/04/26 13:27:31 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Roaming\Malwarebytes
[2012/04/26 13:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 13:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 13:27:11 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/26 13:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/26 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{3E90931D-3B4D-44B6-ADBF-EC7E979460EC}
[2012/04/26 12:00:35 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{E8743892-DCD6-4430-8719-ADAF2B63BBCC}
[2012/04/26 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/26 11:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/26 11:22:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/25 23:59:59 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{D4369161-1175-4952-8939-162E30DCB5DA}
[2012/04/25 23:59:12 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{58702679-D48A-4120-9929-582D5ACAB06C}
[2012/04/25 23:53:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/04/25 23:09:24 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/25 23:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/25 22:52:11 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{76E6C1F0-BB54-4444-B789-3B0721FC7DB9}
[2012/04/25 22:52:00 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{2E7AB63C-CE61-4C40-80E8-228079E707E6}
[2012/04/22 11:13:47 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{139C2302-8595-4DB0-838B-6E41127DCE3A}
[2012/04/22 10:07:58 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{2F2E990A-EAA0-4CB6-8965-ACE8F888EBA3}
[2012/04/22 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{291B2AC0-A21F-4667-A59C-0735A85E03E6}
[2012/04/19 23:49:46 | 000,000,000 | ---D | C] -- C:\Users\schaney\Desktop\ARVO 2012 computer work
[2012/04/15 15:31:59 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{EAC88ABB-0A8A-4EFC-8501-8197901CCCB1}
[2012/04/15 15:31:37 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{17A1511B-8860-4341-B19A-3C7F2514A513}
[2012/04/15 11:44:44 | 000,000,000 | ---D | C] -- C:\Users\schaney\AppData\Local\{0F1D8ABF-FF45-4B54-9965-439C8C80277D}

========== Files - Modified Within 30 Days ==========

[2012/05/09 22:12:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/09 22:10:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000UA.job
[2012/05/09 22:00:13 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForschaney.job
[2012/05/09 21:51:21 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/09 21:51:21 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1451402489-2950640726-3651343478-1000Core.job
[2012/05/09 21:51:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/09 07:36:50 | 000,730,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 07:36:50 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 07:36:50 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/09 07:13:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 07:13:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/09 07:05:19 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/07 23:35:45 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\schaney\Desktop\tdsskiller.exe
[2012/05/05 20:17:51 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/05 18:34:26 | 004,484,911 | R--- | M] (Swearware) -- C:\Users\schaney\Desktop\ComboFix.exe
[2012/05/05 17:09:37 | 001,412,608 | ---- | M] () -- C:\Users\schaney\Desktop\Nedklaw.exe
[2012/05/04 20:04:53 | 255,054,248 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/03 19:29:45 | 000,000,512 | ---- | M] () -- C:\Users\schaney\Desktop\MBR.dat
[2012/05/03 18:53:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\schaney\Desktop\OTL.exe
[2012/05/03 16:33:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 22:30:45 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/05/05 18:45:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/05 18:45:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/05 18:45:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/05 18:45:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/05 18:45:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/05 17:08:25 | 001,412,608 | ---- | C] () -- C:\Users\schaney\Desktop\Nedklaw.exe
[2012/05/03 19:29:45 | 000,000,512 | ---- | C] () -- C:\Users\schaney\Desktop\MBR.dat
[2012/04/27 14:29:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/22 09:59:45 | 255,054,248 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 22:30:45 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/15 16:23:54 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/06 15:52:53 | 000,000,088 | ---- | C] () -- C:\Users\schaney\AppData\Roaming\usb.inf
[2011/07/18 11:49:05 | 000,004,096 | ---- | C] () -- C:\Users\schaney\AppData\Local\keyfile3.drm
[2011/03/23 11:36:35 | 000,001,854 | ---- | C] () -- C:\Users\schaney\AppData\Roaming\GhostObjGAFix.xml
[2010/12/20 18:31:52 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/11/30 20:20:12 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe
[2010/10/22 16:20:30 | 000,000,268 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/10/22 16:20:30 | 000,000,209 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/09/28 15:00:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/15 17:11:45 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/15 14:42:24 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/05/14 13:27:50 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/14 12:16:12 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/14 12:16:12 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2010/12/20 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/20 15:12:20 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Opera
[2011/01/27 14:33:25 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Synergy Software
[2011/01/17 22:21:39 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Watchtower
[2011/02/10 11:41:13 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\webex
[2011/07/01 10:12:26 | 000,000,000 | ---D | M] -- C:\Users\schaney\AppData\Roaming\Windows Live Writer
[2012/02/14 00:25:00 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

I did run it in the order described (or atleast I think I did) but I could not find the file so I ran it again an posted

#29
Nedklaw

Posted 11 May 2012 - 06:15 PM

Trusted Helper

Malware Removal
1,652 posts

Hello!

Congratulations your logs look clean! :thumbsup:

Please follow the steps below to make your computer more secure.

First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!

Combofix Uninstall

Click START.
Now type Combofix /Uninstall in the search box and press Enter. Note the space between the X and the U, it needs to be there.

Posted Image

Cleanup

Save this file to your desktop: fix.txt 665bytes 153 downloads
Run OTL.
Drag and drop fix.txt into the Custom Scans and Fixes box.
If you cannot drag and drop for some reason then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your desktop.
Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the CLEANUP button.
Say Yes to the prompt and then allow the program to reboot your computer.

Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

Click on Start.
Right-click My Computer.
Select Properties.
Click on the Automatic Updates Tab.
Place a checkmark in the circle next to Automatic (recommended) near the green shield.
Click Apply > OK.

Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

Open Adobe Reader.
On the menu bar click on Help then Check For Updates.
The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.2.202.235) and Adobe Shockwave Player (11.6.5.635) so you can view all of the latest content on websites.

Make Internet Explorer more secure

Click Start > Run.
Type Inetcpl.cpl & click OK.
Click on the Security tab.
Click Reset all zones to default level.
Make sure the Internet Zone is selected & Click Custom level.
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:

Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.

Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera

Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.

MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Google Toolbar - Get the free google toolbar to help stop pop ups.

Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:

#30
Ballerhappygirl

Posted 11 May 2012 - 10:05 PM

Member

Topic Starter
Member
19 posts

Thank you very much for all of your help and suggestions. I will definitely use your advice. This is a great service and I will reccommend it to all my friends. THANKS!!!! :thumbsup: