Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Tried everything and need help - browser hijack and other problems [So


  • This topic is locked This topic is locked

#31
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please do my last step and run VRT tool. After that scan we will see what is going on. Maybe your machine is infected agin.
  • 0

Advertisements


#32
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Found a trojan virus (see VRT report log below). Hopefully this was the problem but let me know what's next.


Status: Disinfected (events: 2)
8/27/2012 5:17:16 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mx C:\Documents and Settings\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3c0ee589-7fcb7b51 High
8/27/2012 5:17:16 PM Disinfected Trojan program Trojan-Downloader.Java.Agent.mx C:\Documents and Settings\Admin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\3c0ee589-7fcb7b51/FcPred.class High

UPDATE: Just restarted my PC after running VRT. Interestingly VRT tried to install again when I logged in (I canceled install) but probably no big deal right? Other than canceling the VRT install I did nothing else. I immediately opened task manager and sat for 10 minutes watching what process were running. Two iexplorer.exe processes showed up (even though I didn't launch any programs) then went away after maybe 30-60 seconds. I launched IE and the browser redirect is still happening. I don't hear background audio (yet) but that was intermittent and probably still a problem.

Edited by ackmiller, 27 August 2012 - 08:37 PM.

  • 0

#33
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Because infection is back we need to rescan your system with couple of tools. Please bare with me and we will remove this infection for good.

Step 1

Please run TDSSKiller as you did last time and let post results here for me.

Step 2

Delete your versoin of Combofix and download new version. Run scan as you did last time and post log for me.

Step 3

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#34
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
06:48:04.0994 5392 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
06:48:05.0308 5392 ============================================================
06:48:05.0308 5392 Current date / time: 2012/08/28 06:48:05.0308
06:48:05.0308 5392 SystemInfo:
06:48:05.0308 5392
06:48:05.0308 5392 OS Version: 6.1.7601 ServicePack: 1.0
06:48:05.0308 5392 Product type: Workstation
06:48:05.0308 5392 ComputerName: ANDYS_LAPTOP
06:48:05.0308 5392 UserName: Admin
06:48:05.0308 5392 Windows directory: C:\Windows
06:48:05.0308 5392 System windows directory: C:\Windows
06:48:05.0308 5392 Running under WOW64
06:48:05.0308 5392 Processor architecture: Intel x64
06:48:05.0308 5392 Number of processors: 2
06:48:05.0308 5392 Page size: 0x1000
06:48:05.0308 5392 Boot type: Normal boot
06:48:05.0308 5392 ============================================================
06:48:05.0938 5392 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:48:05.0946 5392 ============================================================
06:48:05.0946 5392 \Device\Harddisk0\DR0:
06:48:05.0996 5392 MBR partitions:
06:48:05.0996 5392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
06:48:05.0996 5392 ============================================================
06:48:06.0014 5392 C: <-> \Device\Harddisk0\DR0\Partition1
06:48:06.0014 5392 ============================================================
06:48:06.0015 5392 Initialize success
06:48:06.0015 5392 ============================================================
06:48:07.0736 4188 ============================================================
06:48:07.0736 4188 Scan started
06:48:07.0736 4188 Mode: Manual;
06:48:07.0736 4188 ============================================================
06:48:10.0622 4188 ================ Scan system memory ========================
06:48:10.0622 4188 System memory - ok
06:48:10.0623 4188 ================ Scan services =============================
06:48:11.0044 4188 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:48:11.0050 4188 1394ohci - ok
06:48:11.0193 4188 [ E0A8525A951ADDB4655BC2068566407D ] 61883 C:\Windows\system32\DRIVERS\61883.sys
06:48:11.0198 4188 61883 - ok
06:48:11.0334 4188 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:48:11.0340 4188 ACPI - ok
06:48:11.0388 4188 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:48:11.0392 4188 AcpiPmi - ok
06:48:11.0472 4188 [ D44BCAF639E4E45307C2BC80715273D5 ] adfs C:\Windows\system32\drivers\adfs.sys
06:48:11.0475 4188 adfs - ok
06:48:11.0803 4188 [ 9444A3530C2E88B7ED96A566FF9CCC13 ] Adobe Version Cue CS4 C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
06:48:11.0843 4188 Adobe Version Cue CS4 - ok
06:48:12.0143 4188 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:48:12.0159 4188 AdobeFlashPlayerUpdateSvc - ok
06:48:12.0208 4188 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:48:12.0218 4188 adp94xx - ok
06:48:12.0384 4188 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:48:12.0409 4188 adpahci - ok
06:48:12.0448 4188 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:48:12.0451 4188 adpu320 - ok
06:48:12.0488 4188 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:48:12.0491 4188 AeLookupSvc - ok
06:48:12.0557 4188 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
06:48:12.0569 4188 AFD - ok
06:48:12.0618 4188 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:48:12.0625 4188 agp440 - ok
06:48:12.0656 4188 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:48:12.0659 4188 ALG - ok
06:48:12.0680 4188 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
06:48:12.0682 4188 aliide - ok
06:48:12.0720 4188 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
06:48:12.0722 4188 amdide - ok
06:48:12.0760 4188 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:48:12.0762 4188 AmdK8 - ok
06:48:12.0823 4188 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:48:12.0827 4188 AmdPPM - ok
06:48:12.0879 4188 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:48:12.0884 4188 amdsata - ok
06:48:12.0928 4188 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:48:12.0932 4188 amdsbs - ok
06:48:13.0010 4188 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:48:13.0011 4188 amdxata - ok
06:48:13.0061 4188 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
06:48:13.0063 4188 AppID - ok
06:48:13.0146 4188 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:48:13.0153 4188 AppIDSvc - ok
06:48:13.0181 4188 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
06:48:13.0183 4188 Appinfo - ok
06:48:13.0277 4188 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:48:13.0283 4188 Apple Mobile Device - ok
06:48:13.0356 4188 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
06:48:13.0360 4188 AppMgmt - ok
06:48:13.0425 4188 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
06:48:13.0428 4188 arc - ok
06:48:13.0479 4188 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:48:13.0481 4188 arcsas - ok
06:48:13.0535 4188 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:48:13.0537 4188 AsyncMac - ok
06:48:13.0567 4188 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
06:48:13.0568 4188 atapi - ok
06:48:13.0658 4188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:48:13.0670 4188 AudioEndpointBuilder - ok
06:48:13.0682 4188 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:48:13.0685 4188 AudioSrv - ok
06:48:13.0728 4188 [ 16FABE84916623D0607E4A975544032C ] Avc C:\Windows\system32\DRIVERS\avc.sys
06:48:13.0730 4188 Avc - ok
06:48:13.0797 4188 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:48:13.0799 4188 AxInstSV - ok
06:48:13.0860 4188 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:48:13.0868 4188 b06bdrv - ok
06:48:13.0909 4188 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:48:13.0918 4188 b57nd60a - ok
06:48:13.0952 4188 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:48:13.0955 4188 BDESVC - ok
06:48:13.0968 4188 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:48:13.0970 4188 Beep - ok
06:48:14.0110 4188 [ 20F9570285E6AC8DCC12FFC28E5A6ABD ] BeTwinProxy C:\Windows\System32\BeTwinProxyVS.dll
06:48:14.0115 4188 BeTwinProxy - ok
06:48:14.0147 4188 [ C190A4C260F9F293BE87B22E02CA1E2D ] BeTwinService C:\Windows\system32\BeTwinServiceVS.exe
06:48:14.0156 4188 BeTwinService - ok
06:48:14.0187 4188 [ 3F62575213319098BA8522EA6575B0A3 ] BeTwinSystem C:\Windows\system32\Drivers\BeTwinSystemVS.sys
06:48:14.0192 4188 BeTwinSystem - ok
06:48:14.0396 4188 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
06:48:14.0456 4188 BFE - ok
06:48:14.0602 4188 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
06:48:14.0654 4188 BITS - ok
06:48:14.0728 4188 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:48:14.0738 4188 blbdrive - ok
06:48:15.0134 4188 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:48:15.0164 4188 Bonjour Service - ok
06:48:15.0219 4188 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:48:15.0223 4188 bowser - ok
06:48:15.0321 4188 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:48:15.0325 4188 BrFiltLo - ok
06:48:15.0365 4188 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:48:15.0367 4188 BrFiltUp - ok
06:48:15.0434 4188 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
06:48:15.0436 4188 BridgeMP - ok
06:48:15.0488 4188 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
06:48:15.0492 4188 Browser - ok
06:48:15.0635 4188 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:48:15.0676 4188 Brserid - ok
06:48:15.0686 4188 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:48:15.0688 4188 BrSerWdm - ok
06:48:15.0738 4188 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:48:15.0740 4188 BrUsbMdm - ok
06:48:15.0744 4188 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:48:15.0746 4188 BrUsbSer - ok
06:48:15.0783 4188 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
06:48:15.0784 4188 BthEnum - ok
06:48:15.0822 4188 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:48:15.0824 4188 BTHMODEM - ok
06:48:15.0923 4188 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
06:48:15.0926 4188 BthPan - ok
06:48:15.0980 4188 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
06:48:15.0989 4188 BTHPORT - ok
06:48:16.0040 4188 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:48:16.0043 4188 bthserv - ok
06:48:16.0058 4188 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
06:48:16.0063 4188 BTHUSB - ok
06:48:16.0122 4188 catchme - ok
06:48:16.0180 4188 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:48:16.0191 4188 cdfs - ok
06:48:16.0279 4188 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
06:48:16.0285 4188 cdrom - ok
06:48:16.0331 4188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
06:48:16.0337 4188 CertPropSvc - ok
06:48:16.0392 4188 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:48:16.0396 4188 circlass - ok
06:48:16.0520 4188 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:48:16.0525 4188 CLFS - ok
06:48:16.0745 4188 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:48:16.0748 4188 clr_optimization_v2.0.50727_32 - ok
06:48:16.0884 4188 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:48:16.0889 4188 clr_optimization_v2.0.50727_64 - ok
06:48:16.0944 4188 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:48:16.0947 4188 CmBatt - ok
06:48:17.0002 4188 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:48:17.0005 4188 cmdide - ok
06:48:17.0062 4188 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
06:48:17.0071 4188 CNG - ok
06:48:17.0113 4188 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:48:17.0115 4188 Compbatt - ok
06:48:17.0148 4188 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:48:17.0149 4188 CompositeBus - ok
06:48:17.0158 4188 COMSysApp - ok
06:48:17.0184 4188 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:48:17.0186 4188 crcdisk - ok
06:48:17.0269 4188 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:48:17.0273 4188 CryptSvc - ok
06:48:17.0368 4188 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
06:48:17.0377 4188 CSC - ok
06:48:17.0411 4188 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
06:48:17.0439 4188 CscService - ok
06:48:17.0492 4188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:48:17.0510 4188 DcomLaunch - ok
06:48:17.0553 4188 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:48:17.0561 4188 defragsvc - ok
06:48:17.0586 4188 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:48:17.0588 4188 DfsC - ok
06:48:17.0638 4188 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
06:48:17.0647 4188 Dhcp - ok
06:48:17.0656 4188 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:48:17.0658 4188 discache - ok
06:48:17.0686 4188 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:48:17.0688 4188 Disk - ok
06:48:17.0771 4188 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:48:17.0775 4188 Dnscache - ok
06:48:17.0802 4188 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:48:17.0807 4188 dot3svc - ok
06:48:17.0856 4188 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
06:48:17.0859 4188 Dot4 - ok
06:48:17.0888 4188 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
06:48:17.0890 4188 Dot4Print - ok
06:48:17.0957 4188 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
06:48:17.0959 4188 dot4usb - ok
06:48:18.0026 4188 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
06:48:18.0030 4188 DPS - ok
06:48:18.0078 4188 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:48:18.0080 4188 drmkaud - ok
06:48:18.0121 4188 dump_wmimmc - ok
06:48:18.0160 4188 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:48:18.0187 4188 DXGKrnl - ok
06:48:18.0235 4188 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:48:18.0238 4188 EapHost - ok
06:48:18.0525 4188 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:48:18.0641 4188 ebdrv - ok
06:48:18.0700 4188 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
06:48:18.0702 4188 EFS - ok
06:48:18.0787 4188 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:48:18.0804 4188 ehRecvr - ok
06:48:18.0838 4188 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:48:18.0841 4188 ehSched - ok
06:48:19.0012 4188 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:48:19.0063 4188 elxstor - ok
06:48:19.0096 4188 [ 2327E9BC434279674DFA93977FC5F3B3 ] EMSCR C:\Windows\system32\DRIVERS\EMS7SK.sys
06:48:19.0098 4188 EMSCR - ok
06:48:19.0203 4188 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:48:19.0205 4188 ErrDev - ok
06:48:19.0270 4188 [ C58D23711057D7E643FCC8428F60F133 ] ESDCR C:\Windows\system32\DRIVERS\ESD7SK.sys
06:48:19.0272 4188 ESDCR - ok
06:48:19.0385 4188 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:48:19.0412 4188 EventSystem - ok
06:48:19.0447 4188 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:48:19.0451 4188 exfat - ok
06:48:19.0522 4188 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:48:19.0530 4188 fastfat - ok
06:48:19.0605 4188 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
06:48:19.0622 4188 Fax - ok
06:48:19.0654 4188 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:48:19.0656 4188 fdc - ok
06:48:19.0722 4188 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:48:19.0724 4188 fdPHost - ok
06:48:19.0750 4188 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:48:19.0751 4188 FDResPub - ok
06:48:19.0764 4188 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:48:19.0766 4188 FileInfo - ok
06:48:19.0861 4188 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:48:19.0864 4188 Filetrace - ok
06:48:19.0923 4188 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:48:19.0951 4188 FLEXnet Licensing Service - ok
06:48:19.0993 4188 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
06:48:20.0018 4188 FLEXnet Licensing Service 64 - ok
06:48:20.0048 4188 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:48:20.0050 4188 flpydisk - ok
06:48:20.0114 4188 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:48:20.0123 4188 FltMgr - ok
06:48:20.0174 4188 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
06:48:20.0233 4188 FontCache - ok
06:48:20.0274 4188 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:48:20.0279 4188 FsDepends - ok
06:48:20.0338 4188 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
06:48:20.0343 4188 fssfltr - ok
06:48:20.0563 4188 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
06:48:20.0620 4188 fsssvc - ok
06:48:20.0651 4188 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:48:20.0653 4188 Fs_Rec - ok
06:48:20.0738 4188 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:48:20.0744 4188 fvevol - ok
06:48:20.0841 4188 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:48:20.0843 4188 gagp30kx - ok
06:48:20.0879 4188 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:48:20.0881 4188 GEARAspiWDM - ok
06:48:21.0059 4188 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
06:48:21.0084 4188 gpsvc - ok
06:48:21.0163 4188 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:48:21.0166 4188 gupdate - ok
06:48:21.0212 4188 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:48:21.0213 4188 gupdatem - ok
06:48:21.0250 4188 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:48:21.0253 4188 hcw85cir - ok
06:48:21.0322 4188 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:48:21.0324 4188 HDAudBus - ok
06:48:21.0404 4188 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:48:21.0406 4188 HidBatt - ok
06:48:21.0448 4188 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:48:21.0450 4188 HidBth - ok
06:48:21.0475 4188 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:48:21.0477 4188 HidIr - ok
06:48:21.0547 4188 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
06:48:21.0549 4188 hidserv - ok
06:48:21.0627 4188 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:48:21.0630 4188 HidUsb - ok
06:48:21.0670 4188 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:48:21.0672 4188 hkmsvc - ok
06:48:21.0746 4188 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:48:21.0750 4188 HomeGroupListener - ok
06:48:21.0783 4188 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:48:21.0788 4188 HomeGroupProvider - ok
06:48:21.0856 4188 [ ED377B3C83FDEA8D906109A085D219BA ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
06:48:21.0881 4188 hpqcxs08 - ok
06:48:21.0918 4188 [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
06:48:21.0921 4188 hpqddsvc - ok
06:48:21.0995 4188 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:48:22.0000 4188 HpSAMD - ok
06:48:22.0051 4188 [ 1967A46A7B9A55D2630D886211D40175 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
06:48:22.0065 4188 HPSLPSVC - ok
06:48:22.0190 4188 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:48:22.0209 4188 HTTP - ok
06:48:22.0283 4188 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:48:22.0286 4188 hwpolicy - ok
06:48:22.0337 4188 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:48:22.0344 4188 i8042prt - ok
06:48:22.0521 4188 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
06:48:22.0568 4188 IAANTMON - ok
06:48:22.0675 4188 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
06:48:22.0677 4188 iaStor - ok
06:48:22.0812 4188 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:48:22.0846 4188 iaStorV - ok
06:48:22.0978 4188 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
06:48:22.0981 4188 IDriverT - ok
06:48:23.0259 4188 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:48:23.0328 4188 idsvc - ok
06:48:23.0387 4188 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:48:23.0389 4188 iirsp - ok
06:48:23.0470 4188 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
06:48:23.0485 4188 IKEEXT - ok
06:48:23.0689 4188 [ 9D81AA3E717E02DB58F86C79ABBC63CF ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:48:23.0732 4188 IntcAzAudAddService - ok
06:48:23.0774 4188 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
06:48:23.0777 4188 intelide - ok
06:48:23.0823 4188 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:48:23.0824 4188 intelppm - ok
06:48:23.0878 4188 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:48:23.0881 4188 IPBusEnum - ok
06:48:23.0976 4188 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:48:23.0993 4188 IpFilterDriver - ok
06:48:24.0134 4188 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:48:24.0171 4188 iphlpsvc - ok
06:48:24.0230 4188 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:48:24.0237 4188 IPMIDRV - ok
06:48:24.0268 4188 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:48:24.0276 4188 IPNAT - ok
06:48:24.0427 4188 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:48:24.0441 4188 iPod Service - ok
06:48:24.0503 4188 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:48:24.0508 4188 IRENUM - ok
06:48:24.0545 4188 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:48:24.0549 4188 isapnp - ok
06:48:24.0700 4188 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:48:24.0706 4188 iScsiPrt - ok
06:48:24.0789 4188 [ A05DE15CECE80427EAD47BE335367EE6 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
06:48:24.0793 4188 itecir - ok
06:48:24.0866 4188 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
06:48:24.0870 4188 kbdclass - ok
06:48:24.0893 4188 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
06:48:24.0897 4188 kbdhid - ok
06:48:24.0938 4188 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
06:48:24.0939 4188 KeyIso - ok
06:48:25.0000 4188 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:48:25.0006 4188 KSecDD - ok
06:48:25.0072 4188 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:48:25.0078 4188 KSecPkg - ok
06:48:25.0126 4188 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:48:25.0128 4188 ksthunk - ok
06:48:25.0202 4188 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:48:25.0208 4188 KtmRm - ok
06:48:25.0302 4188 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
06:48:25.0307 4188 LanmanServer - ok
06:48:25.0343 4188 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:48:25.0347 4188 LanmanWorkstation - ok
06:48:25.0351 4188 Lbd - ok
06:48:25.0562 4188 [ 3DAEB081420A871224FB6573AC5707F5 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
06:48:25.0674 4188 LeapFrog Connect Device Service - ok
06:48:25.0707 4188 [ 797289607A5EBF31353AA5EAD141F872 ] LeapFrog-USBLAN C:\Windows\system32\DRIVERS\btblan.sys
06:48:25.0709 4188 LeapFrog-USBLAN - ok
06:48:25.0730 4188 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:48:25.0732 4188 lltdio - ok
06:48:25.0800 4188 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:48:25.0808 4188 lltdsvc - ok
06:48:25.0823 4188 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:48:25.0826 4188 lmhosts - ok
06:48:25.0904 4188 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:48:25.0906 4188 LSI_FC - ok
06:48:26.0000 4188 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:48:26.0005 4188 LSI_SAS - ok
06:48:26.0009 4188 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:48:26.0011 4188 LSI_SAS2 - ok
06:48:26.0055 4188 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:48:26.0057 4188 LSI_SCSI - ok
06:48:26.0083 4188 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:48:26.0086 4188 luafv - ok
06:48:26.0193 4188 [ F8B823414A22DBF3BEC10DCAA5F93CD8 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
06:48:26.0202 4188 McciCMService - ok
06:48:26.0351 4188 [ 859E5A32485178DAECA06B52E2BB44B2 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe
06:48:26.0369 4188 McciCMService64 - ok
06:48:26.0436 4188 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:48:26.0449 4188 Mcx2Svc - ok
06:48:26.0501 4188 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:48:26.0503 4188 megasas - ok
06:48:26.0537 4188 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:48:26.0545 4188 MegaSR - ok
06:48:26.0634 4188 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:48:26.0636 4188 Microsoft Office Groove Audit Service - ok
06:48:26.0651 4188 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:48:26.0654 4188 MMCSS - ok
06:48:26.0711 4188 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:48:26.0712 4188 Modem - ok
06:48:26.0736 4188 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:48:26.0736 4188 monitor - ok
06:48:26.0759 4188 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:48:26.0761 4188 mouclass - ok
06:48:26.0781 4188 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:48:26.0783 4188 mouhid - ok
06:48:26.0864 4188 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:48:26.0868 4188 mountmgr - ok
06:48:26.0906 4188 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
06:48:26.0910 4188 mpio - ok
06:48:26.0969 4188 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:48:26.0971 4188 mpsdrv - ok
06:48:27.0028 4188 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:48:27.0054 4188 MpsSvc - ok
06:48:27.0083 4188 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\Program Files (x86)\Common Files\Motive\MREMP50.sys
06:48:27.0086 4188 MREMP50 - ok
06:48:27.0116 4188 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\Program Files (x86)\Common Files\Motive\MRESP50.sys
06:48:27.0118 4188 MRESP50 - ok
06:48:27.0209 4188 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:48:27.0213 4188 MRxDAV - ok
06:48:27.0256 4188 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:48:27.0259 4188 mrxsmb - ok
06:48:27.0358 4188 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:48:27.0380 4188 mrxsmb10 - ok
06:48:27.0398 4188 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:48:27.0401 4188 mrxsmb20 - ok
06:48:27.0455 4188 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
06:48:27.0457 4188 msahci - ok
06:48:27.0534 4188 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:48:27.0536 4188 msdsm - ok
06:48:27.0577 4188 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:48:27.0581 4188 MSDTC - ok
06:48:27.0683 4188 [ 72949A24D37A20A54B3D4D3DADBB55E9 ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
06:48:27.0686 4188 MSDV - ok
06:48:27.0773 4188 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:48:27.0775 4188 Msfs - ok
06:48:27.0814 4188 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:48:27.0815 4188 mshidkmdf - ok
06:48:27.0914 4188 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:48:27.0916 4188 msisadrv - ok
06:48:27.0959 4188 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:48:27.0962 4188 MSiSCSI - ok
06:48:27.0967 4188 msiserver - ok
06:48:28.0040 4188 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:48:28.0042 4188 MSKSSRV - ok
06:48:28.0059 4188 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:48:28.0061 4188 MSPCLOCK - ok
06:48:28.0137 4188 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:48:28.0142 4188 MSPQM - ok
06:48:28.0209 4188 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:48:28.0218 4188 MsRPC - ok
06:48:28.0245 4188 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:48:28.0246 4188 mssmbios - ok
06:48:28.0287 4188 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:48:28.0292 4188 MSTEE - ok
06:48:28.0332 4188 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:48:28.0334 4188 MTConfig - ok
06:48:28.0397 4188 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:48:28.0400 4188 Mup - ok
06:48:28.0528 4188 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
06:48:28.0570 4188 napagent - ok
06:48:28.0620 4188 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:48:28.0625 4188 NativeWifiP - ok
06:48:28.0801 4188 [ 0D01287D85B3715FA8270E8EC919B7F7 ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
06:48:28.0826 4188 NBService - ok
06:48:28.0868 4188 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
06:48:28.0902 4188 NDIS - ok
06:48:28.0941 4188 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:48:28.0946 4188 NdisCap - ok
06:48:29.0019 4188 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:48:29.0021 4188 NdisTapi - ok
06:48:29.0061 4188 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:48:29.0063 4188 Ndisuio - ok
06:48:29.0149 4188 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:48:29.0152 4188 NdisWan - ok
06:48:29.0181 4188 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:48:29.0183 4188 NDProxy - ok
06:48:29.0230 4188 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
06:48:29.0233 4188 Net Driver HPZ12 - ok
06:48:29.0275 4188 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
06:48:29.0276 4188 Netaapl - ok
06:48:29.0358 4188 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:48:29.0361 4188 NetBIOS - ok
06:48:29.0393 4188 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:48:29.0404 4188 NetBT - ok
06:48:29.0436 4188 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
06:48:29.0437 4188 Netlogon - ok
06:48:29.0540 4188 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:48:29.0573 4188 Netman - ok
06:48:29.0612 4188 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:48:29.0621 4188 netprofm - ok
06:48:30.0072 4188 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
06:48:30.0215 4188 netw5v64 - ok
06:48:30.0305 4188 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:48:30.0308 4188 nfrd960 - ok
06:48:30.0489 4188 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:48:30.0529 4188 NlaSvc - ok
06:48:30.0745 4188 [ C4EBBBD7165BE535F0BFD06B80601D91 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
06:48:30.0748 4188 NMIndexingService - ok
06:48:30.0778 4188 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:48:30.0779 4188 Npfs - ok
06:48:30.0806 4188 npggsvc - ok
06:48:30.0822 4188 NPPTNT2 - ok
06:48:30.0862 4188 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:48:30.0865 4188 nsi - ok
06:48:30.0933 4188 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:48:30.0935 4188 nsiproxy - ok
06:48:31.0000 4188 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:48:31.0076 4188 Ntfs - ok
06:48:31.0120 4188 nTuneService - ok
06:48:31.0133 4188 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:48:31.0135 4188 Null - ok
06:48:31.0508 4188 [ 325520227CC568052AE1D7AD49D90951 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:48:31.0801 4188 nvlddmkm - ok
06:48:31.0854 4188 [ 2CCB22FBCAF81D5F4E626007C2396A4D ] NVR0Dev C:\Windows\nvoclk64.sys
06:48:31.0856 4188 NVR0Dev - ok
06:48:31.0897 4188 [ C3280C07FFCE3E23E0A75806490FE09D ] NVR0FLASHDev C:\Windows\nvflsh64.sys
06:48:31.0901 4188 NVR0FLASHDev - ok
06:48:31.0994 4188 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:48:31.0997 4188 nvraid - ok
06:48:32.0056 4188 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:48:32.0060 4188 nvstor - ok
06:48:32.0180 4188 [ 4DFFB8DDBA4A0E8222E0E8D2CD590803 ] nvsvc C:\Windows\system32\nvvsvc.exe
06:48:32.0214 4188 nvsvc - ok
06:48:32.0282 4188 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:48:32.0285 4188 nv_agp - ok
06:48:32.0519 4188 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:48:32.0559 4188 odserv - ok
06:48:32.0603 4188 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:48:32.0605 4188 ohci1394 - ok
06:48:32.0696 4188 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:48:32.0699 4188 ose - ok
06:48:32.0847 4188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:48:32.0861 4188 p2pimsvc - ok
06:48:32.0920 4188 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:48:32.0938 4188 p2psvc - ok
06:48:32.0986 4188 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:48:32.0988 4188 Parport - ok
06:48:33.0036 4188 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:48:33.0039 4188 partmgr - ok
06:48:33.0112 4188 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:48:33.0116 4188 PcaSvc - ok
06:48:33.0170 4188 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
06:48:33.0174 4188 pci - ok
06:48:33.0295 4188 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
06:48:33.0297 4188 pciide - ok
06:48:33.0337 4188 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:48:33.0343 4188 pcmcia - ok
06:48:33.0406 4188 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:48:33.0409 4188 pcw - ok
06:48:33.0469 4188 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:48:33.0500 4188 PEAUTH - ok
06:48:33.0563 4188 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
06:48:33.0622 4188 PeerDistSvc - ok
06:48:34.0472 4188 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:48:34.0478 4188 PerfHost - ok
06:48:34.0646 4188 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
06:48:34.0710 4188 pla - ok
06:48:34.0752 4188 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:48:34.0761 4188 PlugPlay - ok
06:48:34.0811 4188 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:48:34.0814 4188 Pml Driver HPZ12 - ok
06:48:34.0870 4188 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:48:34.0873 4188 PNRPAutoReg - ok
06:48:34.0921 4188 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:48:34.0924 4188 PNRPsvc - ok
06:48:35.0035 4188 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:48:35.0075 4188 PolicyAgent - ok
06:48:35.0105 4188 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:48:35.0108 4188 Power - ok
06:48:35.0147 4188 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:48:35.0149 4188 PptpMiniport - ok
06:48:35.0251 4188 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:48:35.0254 4188 Processor - ok
06:48:35.0310 4188 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
06:48:35.0316 4188 ProfSvc - ok
06:48:35.0375 4188 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:48:35.0377 4188 ProtectedStorage - ok
06:48:35.0424 4188 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:48:35.0426 4188 Psched - ok
06:48:35.0454 4188 [ 901DBA98359966A62A6548596988E931 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
06:48:35.0456 4188 PxHlpa64 - ok
06:48:35.0528 4188 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:48:35.0612 4188 ql2300 - ok
06:48:35.0618 4188 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:48:35.0622 4188 ql40xx - ok
06:48:35.0698 4188 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:48:35.0710 4188 QWAVE - ok
06:48:35.0719 4188 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:48:35.0721 4188 QWAVEdrv - ok
06:48:35.0794 4188 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:48:35.0797 4188 RasAcd - ok
06:48:35.0843 4188 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:48:35.0844 4188 RasAgileVpn - ok
06:48:35.0925 4188 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:48:35.0929 4188 RasAuto - ok
06:48:35.0964 4188 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:48:35.0967 4188 Rasl2tp - ok
06:48:36.0047 4188 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
06:48:36.0089 4188 RasMan - ok
06:48:36.0117 4188 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:48:36.0119 4188 RasPppoe - ok
06:48:36.0175 4188 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:48:36.0178 4188 RasSstp - ok
06:48:36.0299 4188 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:48:36.0356 4188 rdbss - ok
06:48:36.0408 4188 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:48:36.0411 4188 rdpbus - ok
06:48:36.0415 4188 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:48:36.0416 4188 RDPCDD - ok
06:48:36.0475 4188 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
06:48:36.0479 4188 RDPDR - ok
06:48:36.0509 4188 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:48:36.0511 4188 RDPENCDD - ok
06:48:36.0564 4188 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:48:36.0566 4188 RDPREFMP - ok
06:48:36.0627 4188 [ 977EF648C56541F1D1E5CCE7B44EEA28 ] RDPSSW32 C:\Windows\System32\RDPSSW32.EXE
06:48:36.0630 4188 RDPSSW32 - ok
06:48:36.0697 4188 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:48:36.0700 4188 RdpVideoMiniport - ok
06:48:36.0724 4188 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:48:36.0728 4188 RDPWD - ok
06:48:36.0806 4188 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:48:36.0810 4188 rdyboost - ok
06:48:36.0954 4188 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:48:36.0961 4188 RemoteAccess - ok
06:48:36.0990 4188 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:48:36.0995 4188 RemoteRegistry - ok
06:48:37.0039 4188 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
06:48:37.0042 4188 RFCOMM - ok
06:48:37.0123 4188 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
06:48:37.0131 4188 RimUsb - ok
06:48:37.0187 4188 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.20\RivaTuner64.sys
06:48:37.0189 4188 RivaTuner64 - ok
06:48:37.0218 4188 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:48:37.0221 4188 RpcEptMapper - ok
06:48:37.0320 4188 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:48:37.0326 4188 RpcLocator - ok
06:48:37.0366 4188 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
06:48:37.0370 4188 RpcSs - ok
06:48:37.0412 4188 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:48:37.0416 4188 rspndr - ok
06:48:37.0507 4188 [ BC5366760098DC14EC00AE36C359F42B ] RTCore64 C:\Program Files (x86)\RMClock\RTCore64.sys
06:48:37.0512 4188 RTCore64 - ok
06:48:37.0575 4188 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
06:48:37.0579 4188 RTL8167 - ok
06:48:37.0675 4188 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
06:48:37.0677 4188 s3cap - ok
06:48:37.0708 4188 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
06:48:37.0709 4188 SamSs - ok
06:48:37.0730 4188 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:48:37.0732 4188 sbp2port - ok
06:48:37.0752 4188 SBRE - ok
06:48:37.0836 4188 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:48:37.0840 4188 SCardSvr - ok
06:48:37.0880 4188 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:48:37.0882 4188 scfilter - ok
06:48:38.0108 4188 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
06:48:38.0139 4188 Schedule - ok
06:48:38.0170 4188 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:48:38.0171 4188 SCPolicySvc - ok
06:48:38.0197 4188 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
06:48:38.0203 4188 sdbus - ok
06:48:38.0311 4188 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:48:38.0360 4188 SDRSVC - ok
06:48:38.0457 4188 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:48:38.0459 4188 secdrv - ok
06:48:38.0486 4188 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
06:48:38.0489 4188 seclogon - ok
06:48:38.0536 4188 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
06:48:38.0539 4188 SENS - ok
06:48:38.0655 4188 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:48:38.0658 4188 SensrSvc - ok
06:48:38.0682 4188 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:48:38.0683 4188 Serenum - ok
06:48:38.0739 4188 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:48:38.0741 4188 Serial - ok
06:48:38.0788 4188 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:48:38.0790 4188 sermouse - ok
06:48:38.0855 4188 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
06:48:38.0858 4188 SessionEnv - ok
06:48:38.0944 4188 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:48:38.0946 4188 sffdisk - ok
06:48:38.0969 4188 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:48:38.0971 4188 sffp_mmc - ok
06:48:39.0050 4188 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:48:39.0053 4188 sffp_sd - ok
06:48:39.0090 4188 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:48:39.0091 4188 sfloppy - ok
06:48:39.0165 4188 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:48:39.0173 4188 SharedAccess - ok
06:48:39.0190 4188 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:48:39.0199 4188 ShellHWDetection - ok
06:48:39.0224 4188 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:48:39.0226 4188 SiSRaid2 - ok
06:48:39.0301 4188 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:48:39.0306 4188 SiSRaid4 - ok
06:48:39.0311 4188 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:48:39.0313 4188 Smb - ok
06:48:39.0384 4188 [ F024FA4FD2D9490934F239812E62E559 ] smserial C:\Windows\system32\DRIVERS\smserial.sys
06:48:39.0419 4188 smserial - ok
06:48:39.0468 4188 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:48:39.0472 4188 SNMPTRAP - ok
06:48:39.0494 4188 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:48:39.0496 4188 spldr - ok
06:48:39.0675 4188 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
06:48:39.0701 4188 Spooler - ok
06:48:39.0812 4188 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
06:48:39.0899 4188 sppsvc - ok
06:48:39.0913 4188 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:48:39.0916 4188 sppuinotify - ok
06:48:39.0962 4188 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
06:48:39.0971 4188 srv - ok
06:48:39.0988 4188 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:48:39.0996 4188 srv2 - ok
06:48:40.0007 4188 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:48:40.0010 4188 srvnet - ok
06:48:40.0034 4188 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:48:40.0039 4188 SSDPSRV - ok
06:48:40.0126 4188 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:48:40.0131 4188 SstpSvc - ok
06:48:40.0167 4188 Steam Client Service - ok
06:48:40.0200 4188 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:48:40.0205 4188 stexstor - ok
06:48:40.0282 4188 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
06:48:40.0294 4188 stisvc - ok
06:48:40.0316 4188 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
06:48:40.0318 4188 storflt - ok
06:48:40.0356 4188 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
06:48:40.0358 4188 storvsc - ok
06:48:40.0446 4188 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
06:48:40.0446 4188 swenum - ok
06:48:40.0478 4188 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:48:40.0493 4188 swprv - ok
06:48:40.0513 4188 Synth3dVsc - ok
06:48:40.0573 4188 [ 8F63178D1DB81BB79270AE55ECDD8321 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
06:48:40.0583 4188 SynTP - ok
06:48:40.0653 4188 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
06:48:40.0693 4188 SysMain - ok
06:48:40.0713 4188 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:48:40.0723 4188 TabletInputService - ok
06:48:40.0753 4188 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:48:40.0763 4188 TapiSrv - ok
06:48:40.0773 4188 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:48:40.0773 4188 TBS - ok
06:48:40.0843 4188 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:48:40.0883 4188 Tcpip - ok
06:48:40.0943 4188 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:48:40.0953 4188 TCPIP6 - ok
06:48:40.0983 4188 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:48:40.0983 4188 tcpipreg - ok
06:48:41.0073 4188 [ C050F120451B08FBF79588F66BF51CCD ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
06:48:41.0073 4188 TcUsb - ok
06:48:41.0153 4188 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:48:41.0153 4188 TDPIPE - ok
06:48:41.0213 4188 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:48:41.0223 4188 TDTCP - ok
06:48:41.0243 4188 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:48:41.0253 4188 tdx - ok
06:48:41.0323 4188 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
06:48:41.0323 4188 TermDD - ok
06:48:41.0383 4188 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
06:48:41.0443 4188 TermService - ok
06:48:41.0493 4188 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:48:41.0503 4188 Themes - ok
06:48:41.0553 4188 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:48:41.0563 4188 THREADORDER - ok
06:48:41.0573 4188 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:48:41.0573 4188 TrkWks - ok
06:48:41.0653 4188 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:48:41.0663 4188 TrustedInstaller - ok
06:48:41.0703 4188 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:48:41.0703 4188 tssecsrv - ok
06:48:41.0783 4188 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:48:41.0783 4188 TsUsbFlt - ok
06:48:41.0853 4188 tsusbhub - ok
06:48:41.0893 4188 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:48:41.0903 4188 tunnel - ok
06:48:41.0993 4188 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:48:41.0993 4188 uagp35 - ok
06:48:42.0073 4188 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:48:42.0083 4188 udfs - ok
06:48:42.0093 4188 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:48:42.0093 4188 UI0Detect - ok
06:48:42.0133 4188 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:48:42.0133 4188 uliagpkx - ok
06:48:42.0183 4188 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:48:42.0193 4188 umbus - ok
06:48:42.0223 4188 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:48:42.0233 4188 UmPass - ok
06:48:42.0273 4188 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
06:48:42.0283 4188 UmRdpService - ok
06:48:42.0373 4188 UpdateCenterService - ok
06:48:42.0433 4188 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:48:42.0463 4188 upnphost - ok
06:48:42.0513 4188 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
06:48:42.0513 4188 USBAAPL64 - ok
06:48:42.0553 4188 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:48:42.0553 4188 usbaudio - ok
06:48:42.0623 4188 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:48:42.0623 4188 usbccgp - ok
06:48:42.0713 4188 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
06:48:42.0713 4188 usbcir - ok
06:48:42.0763 4188 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:48:42.0763 4188 usbehci - ok
06:48:42.0823 4188 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:48:42.0823 4188 usbhub - ok
06:48:42.0853 4188 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:48:42.0853 4188 usbohci - ok
06:48:42.0893 4188 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:48:42.0893 4188 usbprint - ok
06:48:42.0983 4188 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
06:48:42.0993 4188 usbscan - ok
06:48:43.0003 4188 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:48:43.0013 4188 USBSTOR - ok
06:48:43.0093 4188 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:48:43.0093 4188 usbuhci - ok
06:48:43.0123 4188 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
06:48:43.0133 4188 usbvideo - ok
06:48:43.0233 4188 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:48:43.0233 4188 UxSms - ok
06:48:43.0263 4188 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
06:48:43.0273 4188 VaultSvc - ok
06:48:43.0293 4188 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:48:43.0293 4188 vdrvroot - ok
06:48:43.0333 4188 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
06:48:43.0343 4188 vds - ok
06:48:43.0373 4188 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:48:43.0373 4188 vga - ok
06:48:43.0433 4188 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:48:43.0433 4188 VgaSave - ok
06:48:43.0463 4188 VGPU - ok
06:48:43.0503 4188 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:48:43.0503 4188 vhdmp - ok
06:48:43.0553 4188 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
06:48:43.0553 4188 viaide - ok
06:48:43.0623 4188 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
06:48:43.0623 4188 vmbus - ok
06:48:43.0733 4188 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
06:48:43.0733 4188 VMBusHID - ok
06:48:43.0753 4188 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:48:43.0753 4188 volmgr - ok
06:48:43.0873 4188 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:48:43.0873 4188 volmgrx - ok
06:48:43.0903 4188 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:48:43.0903 4188 volsnap - ok
06:48:43.0933 4188 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:48:43.0943 4188 vsmraid - ok
06:48:44.0043 4188 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
06:48:44.0073 4188 VSS - ok
06:48:44.0083 4188 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:48:44.0093 4188 vwifibus - ok
06:48:44.0253 4188 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:48:44.0263 4188 W32Time - ok
06:48:44.0273 4188 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:48:44.0273 4188 WacomPen - ok
06:48:44.0283 4188 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:48:44.0293 4188 WANARP - ok
06:48:44.0303 4188 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:48:44.0303 4188 Wanarpv6 - ok
06:48:44.0563 4188 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:48:44.0593 4188 WatAdminSvc - ok
06:48:44.0653 4188 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
06:48:44.0683 4188 wbengine - ok
06:48:44.0723 4188 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:48:44.0723 4188 WbioSrvc - ok
06:48:44.0753 4188 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:48:44.0763 4188 wcncsvc - ok
06:48:44.0833 4188 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:48:44.0833 4188 WcsPlugInService - ok
06:48:44.0933 4188 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:48:44.0943 4188 Wd - ok
06:48:45.0003 4188 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
06:48:45.0003 4188 WDC_SAM - ok
06:48:45.0133 4188 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:48:45.0153 4188 Wdf01000 - ok
06:48:45.0173 4188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:48:45.0173 4188 WdiServiceHost - ok
06:48:45.0233 4188 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:48:45.0233 4188 WdiSystemHost - ok
06:48:45.0273 4188 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
06:48:45.0273 4188 WebClient - ok
06:48:45.0293 4188 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:48:45.0293 4188 Wecsvc - ok
06:48:45.0393 4188 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:48:45.0403 4188 wercplsupport - ok
06:48:45.0423 4188 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:48:45.0433 4188 WerSvc - ok
06:48:45.0453 4188 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:48:45.0453 4188 WfpLwf - ok
06:48:45.0563 4188 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:48:45.0563 4188 WIMMount - ok
06:48:45.0603 4188 WinDefend - ok
06:48:45.0603 4188 WinHttpAutoProxySvc - ok
06:48:45.0783 4188 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:48:45.0783 4188 Winmgmt - ok
06:48:45.0853 4188 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
06:48:45.0923 4188 WinRM - ok
06:48:45.0983 4188 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:48:45.0983 4188 WinUsb - ok
06:48:46.0133 4188 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:48:46.0183 4188 Wlansvc - ok
06:48:46.0443 4188 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:48:46.0544 4188 wlidsvc - ok
06:48:46.0594 4188 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:48:46.0594 4188 WmiAcpi - ok
06:48:46.0654 4188 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:48:46.0654 4188 wmiApSrv - ok
06:48:46.0704 4188 WMPNetworkSvc - ok
06:48:46.0774 4188 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:48:46.0774 4188 WPCSvc - ok
06:48:46.0884 4188 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:48:46.0884 4188 WPDBusEnum - ok
06:48:46.0914 4188 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:48:46.0914 4188 ws2ifsl - ok
06:48:46.0954 4188 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
06:48:46.0954 4188 wscsvc - ok
06:48:46.0964 4188 WSearch - ok
06:48:47.0264 4188 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:48:47.0334 4188 wuauserv - ok
06:48:47.0354 4188 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:48:47.0354 4188 WudfPf - ok
06:48:47.0454 4188 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:48:47.0464 4188 WUDFRd - ok
06:48:47.0504 4188 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:48:47.0504 4188 wudfsvc - ok
06:48:47.0574 4188 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:48:47.0584 4188 WwanSvc - ok
06:48:47.0674 4188 [ 72E8F37E00DCBD7432C7824570A3A7AA ] X4HSX32 C:\Program Files (x86)\GameTap Web Player\bin\Release\X4HSX32.Sys
06:48:47.0674 4188 X4HSX32 - ok
06:48:47.0794 4188 [ 74983ADDCA2D9618512C088D856D6615 ] {95808DC4-FA4A-4C74-92FE-5B863F82066B} C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl
06:48:47.0794 4188 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok
06:48:47.0854 4188 ================ Scan global ===============================
06:48:47.0884 4188 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:48:47.0914 4188 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
06:48:47.0974 4188 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
06:48:48.0034 4188 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:48:48.0074 4188 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:48:48.0084 4188 [Global] - ok
06:48:48.0084 4188 ================ Scan MBR ==================================
06:48:48.0094 4188 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:48:50.0234 4188 \Device\Harddisk0\DR0 - ok
06:48:50.0234 4188 ================ Scan VBR ==================================
06:48:50.0244 4188 [ 34CEFF60714037E28C8B41B6AEA3C278 ] \Device\Harddisk0\DR0\Partition1
06:48:50.0244 4188 \Device\Harddisk0\DR0\Partition1 - ok
06:48:50.0244 4188 ============================================================
06:48:50.0244 4188 Scan finished
06:48:50.0244 4188 ============================================================
06:48:50.0254 5268 Detected object count: 0
06:48:50.0254 5268 Actual detected object count: 0
  • 0

#35
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ComboFix 12-08-28.01 - Admin 08/28/2012 6:59.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2619 [GMT -4:00]
Running from: c:\users\Admin\Downloads\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\fyffbaa.tmp
c:\programdata\hbsfbaa.tmp
c:\programdata\kxcfbaa.tmp
c:\programdata\lxcfbaa.tmp
c:\programdata\mapfbaa.tmp
c:\programdata\vkefbaa.tmp
c:\windows\SysWow64\winsusrm.dll
c:\windows\SysWow64\winsusrx.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 11:10 . 2012-08-28 11:10 -------- d-----w- c:\users\Katie's Account\AppData\Local\temp
2012-08-28 11:10 . 2012-08-28 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 21:08 . 2012-08-27 21:08 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-23 21:39 . 2012-08-23 21:39 -------- d-----w- c:\programdata\ThinSoft
2012-08-23 10:45 . 2012-08-23 10:45 -------- d-----w- C:\_OTL
2012-08-22 23:17 . 2012-08-22 23:17 -------- d-----w- c:\programdata\GFI Software
2012-08-22 00:31 . 2012-08-22 01:11 -------- d-----w- C:\Downloads
2012-08-22 00:20 . 2012-08-22 00:20 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2012-08-22 00:20 . 2012-08-22 01:15 -------- d-----w- c:\program files (x86)\Free Download Manager
2012-08-22 00:20 . 2012-08-22 00:32 -------- d-----w- c:\programdata\blekko toolbars
2012-08-20 10:37 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-19 23:33 . 2012-08-19 23:33 -------- d-----w- c:\users\Admin\AppData\Roaming\HPAppData
2012-08-19 14:22 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-19 14:18 . 2012-08-19 14:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-08-19 14:06 . 2012-08-22 23:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 13:57 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-19 13:57 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-19 13:57 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-19 13:57 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-19 13:57 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 13:57 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 13:56 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-08-19 13:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-19 13:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-19 13:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-19 13:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-19 13:53 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-19 13:53 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 01:24 . 2012-08-09 01:24 -------- d-----w- c:\users\Admin\AppData\Local\Skyrim
2012-08-09 01:22 . 2008-03-05 20:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-08-09 01:21 . 2006-03-31 16:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-08-09 01:21 . 2006-02-03 12:42 355536 ----a-w- c:\windows\system32\xactengine2_0.dll
2012-08-09 01:21 . 2006-02-03 12:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll
2012-08-09 01:21 . 2006-02-03 12:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2012-08-09 01:21 . 2005-05-26 19:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-09 01:21 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-08-09 01:21 . 2005-03-18 21:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-08-09 01:21 . 2005-02-05 23:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-08-08 23:39 . 2012-08-08 23:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-08-08 23:39 . 2012-08-28 01:41 -------- d-----w- c:\program files (x86)\Steam
2012-08-04 13:07 . 2012-08-04 13:07 -------- d-----w- c:\users\Administrator
2012-07-31 21:17 . 2012-07-31 21:17 -------- d-----w- c:\programdata\Battle.net
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 00:27 . 2012-05-10 23:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:27 . 2011-05-21 04:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 08:27 . 2010-06-26 12:58 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-22 06:21 . 2012-07-22 06:21 67584 ----a-w- c:\windows\system32\Rdpssw32.exe
2012-07-22 06:21 . 2012-07-22 06:21 46664 ----a-w- c:\windows\system32\BeTwinScreenSaver.exe
2012-07-22 06:21 . 2012-07-22 06:21 35640 ----a-w- c:\windows\system32\drivers\BeTwinMF.sys
2012-07-22 06:21 . 2012-07-22 06:21 35512 ----a-w- c:\windows\system32\drivers\BeTwinKF.sys
2012-07-22 06:21 . 2012-07-22 06:21 289864 ----a-w- c:\windows\system32\BeTwinServiceVS.exe
2012-07-22 06:21 . 2012-07-22 06:21 24120 ----a-w- c:\windows\system32\drivers\BeTwinVF.sys
2012-07-22 06:21 . 2012-07-22 06:21 22600 ----a-w- c:\windows\system32\drivers\BeTwinSystemVS.sys
2012-07-22 06:21 . 2012-07-22 06:21 249856 ----a-w- c:\windows\system32\Slsapi.dll
2012-07-22 06:21 . 2012-07-22 06:21 214080 ----a-w- c:\windows\system32\BeTwinProxyVS.dll
2012-07-22 06:21 . 2012-07-22 06:21 16696 ----a-w- c:\windows\system32\BeTwinDD.dll
2012-07-22 06:21 . 2012-07-22 06:21 151552 ----a-w- c:\windows\system32\SlsApiEx.dll
2012-07-03 17:46 . 2010-01-21 23:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-19 11:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 11:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 11:18 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . E107F960D82DC2780C45982ACC8C5984 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-08-23_11.28.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-08-19 15:13 . 2012-08-23 11:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
+ 2012-08-19 15:13 . 2012-08-28 10:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
- 2012-06-25 12:04 . 2012-08-23 11:25 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-06-25 12:04 . 2012-08-27 11:02 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-08-28 10:43 . 2012-08-28 10:53 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082820120829\index.dat
+ 2012-08-27 10:44 . 2012-08-28 01:53 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082720120828\index.dat
+ 2012-08-28 10:57 . 2012-08-28 10:57 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{1D64ABEF-F0FF-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 21:09 . 2012-08-24 21:11 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9A3BEAB-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 10:48 . 2012-08-28 10:51 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2AA0BE5-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:48 . 2012-08-28 10:51 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2AA0BE4-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 21:02 . 2012-08-24 21:03 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF77F005-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 20:36 . 2012-08-27 20:43 77824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EE2C604A-F086-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:51 . 2012-08-24 21:51 97280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB3B6CD2-EE35-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-27 10:49 . 2012-08-27 10:53 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6F6FCD4-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:01 . 2012-08-24 21:02 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E26BE71C-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 20:43 . 2012-08-27 20:43 20992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E212CB71-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:43 . 2012-08-27 20:43 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E212CB6F-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-23 21:38 . 2012-08-23 21:41 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DC9FCB73-ED6A-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-28 10:48 . 2012-08-28 10:51 27136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB874D21-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 21:01 . 2012-08-24 21:03 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAA45D42-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 11:03 . 2012-08-27 11:03 49664 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D8529E0F-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:03 . 2012-08-27 11:03 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D8529E0D-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:03 . 2012-08-27 11:03 77312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D8529E0B-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:47 . 2012-08-28 10:51 42496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0EAEDCB-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 10:48 . 2012-08-27 10:53 24576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDEFC2C1-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 01:44 . 2012-08-27 01:44 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8A6765C-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-23 21:37 . 2012-08-23 21:41 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5DD0BA1-ED6A-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-28 10:47 . 2012-08-28 10:51 41472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5B7554E-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 01:51 . 2012-08-27 01:54 27136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C33CCDE7-EFE9-11E1-A3A9-001060F0A7C9}.dat
+ 2012-08-27 11:02 . 2012-08-27 11:03 41472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C17047D4-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:57 . 2012-08-27 21:04 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BEA3167A-F089-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 01:44 . 2012-08-27 01:44 31744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B3754B9E-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-24 21:00 . 2012-08-24 21:02 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B06450E4-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 10:46 . 2012-08-28 10:51 41472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AEA7DBAE-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 11:02 . 2012-08-27 11:03 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADB12EAB-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:46 . 2012-08-28 10:51 46592 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC08ED41-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 10:47 . 2012-08-27 10:53 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CC19FC8-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:01 . 2012-08-27 11:03 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9C303824-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:41 . 2012-08-27 20:43 20992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{98AC5A2D-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:41 . 2012-08-27 20:43 39936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{98AC5A2C-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:46 . 2012-08-28 10:51 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{978D413D-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 02:26 . 2012-08-27 02:33 41472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CF76D6C-EFEE-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 21:09 . 2012-08-27 21:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8CC476CC-F08B-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:01 . 2012-08-27 11:03 18944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{84D5FAB5-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:45 . 2012-08-28 10:51 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8363A82D-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:45 . 2012-08-28 10:51 50688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8363A82C-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 20:40 . 2012-08-27 20:43 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76FCF6F8-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-23 21:41 . 2012-08-23 21:42 24576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CAB7B95-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 21:41 . 2012-08-23 21:41 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CAB7B93-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 21:41 . 2012-08-23 21:41 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CAB7B90-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-28 10:44 . 2012-08-28 10:51 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{53EDAEF4-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:53 45056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{528FBEDD-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:53 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{528FBEDB-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:53 43520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{528FBED9-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:53 43008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{528FBED5-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 11:10 . 2012-08-24 11:10 74752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50C82BDD-EDDC-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:57 88576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4525B611-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:51 . 2012-08-28 10:51 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4219C2FD-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 20:39 . 2012-08-27 20:43 35840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F1D6754-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BE62381-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 46080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3BE62380-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 62464 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{389DF248-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:50 31744 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{389DF244-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 02:09 . 2012-08-27 02:09 24064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34B52077-EFEC-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:43 . 2012-08-28 10:44 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3323413D-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 11:16 . 2012-08-24 20:56 26624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F66DDA8-EDDD-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-23 21:40 . 2012-08-23 21:41 35840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29F49CA5-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 21:40 . 2012-08-23 21:41 37376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29F49CA3-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-23 21:40 . 2012-08-23 21:40 50176 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{29F49CA1-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{244EA04A-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{244EA049-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 10:44 . 2012-08-27 10:44 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2054EE9C-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E3F7B43-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E3F7B42-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:49 . 2012-08-28 10:51 26624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11B0936F-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 21:02 . 2012-08-24 21:02 53248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1199779A-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-24 21:02 . 2012-08-24 21:02 57344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11997798-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 10:49 . 2012-08-28 10:51 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{02A986F4-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-06-24 13:54 . 2012-08-28 10:44 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-06-24 13:54 . 2012-08-23 11:25 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-03-27 15:40 . 2012-08-28 01:42 54524 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-28 01:42 50260 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-27 15:20 . 2012-08-28 01:42 14726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4233454332-3810385758-2920334761-1000_UserData.bin
+ 2010-03-27 07:01 . 2012-08-25 08:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-27 07:01 . 2012-08-22 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-27 07:01 . 2012-08-25 08:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-03-27 07:01 . 2012-08-22 03:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-25 08:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-22 03:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-23 21:53 99448 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-08-27 20:42 . 2012-08-28 10:57 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{BD6B52C9-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-23 21:39 . 2012-08-23 21:41 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE9894CD-ED6A-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-27 20:37 . 2012-08-27 20:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8C209E1-F086-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:36 . 2012-08-27 20:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EE2C6049-F086-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 00:18 . 2012-08-28 00:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0EE5FC3-F0A5-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:51 . 2012-08-24 21:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E00146D5-EE35-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-27 01:45 . 2012-08-27 01:45 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DD28EE30-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-27 01:51 . 2012-08-27 01:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C33CCDE6-EFE9-11E1-A3A9-001060F0A7C9}.dat
+ 2012-08-27 20:57 . 2012-08-27 20:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BEA31679-F089-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:02 . 2012-08-27 11:03 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD3A2F7D-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 01:44 . 2012-08-27 01:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B3754B9D-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-27 01:44 . 2012-08-27 01:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B088AABC-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-28 10:53 . 2012-08-28 10:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{99B8E152-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-23 21:36 . 2012-08-23 21:40 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96336B7C-ED6A-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-24 20:59 . 2012-08-24 21:02 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92165BED-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-24 20:59 . 2012-08-24 21:02 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{921634DD-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 02:26 . 2012-08-27 02:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8CF76D6B-EFEE-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 21:09 . 2012-08-27 21:09 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{816F8FE3-F08B-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:46 . 2012-08-27 10:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7BB5AF6C-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:08 . 2012-08-27 11:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7747B765-F037-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 11:18 . 2012-08-24 11:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62C962F3-EDDD-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 10:44 . 2012-08-28 10:51 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{53EDAEF3-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:44 . 2012-08-28 10:50 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{53CC5BAF-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4525B610-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:45 . 2012-08-27 10:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{420348C1-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:45 . 2012-08-27 10:45 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40198B5F-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:04 . 2012-08-24 21:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3B325C29-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-24 11:09 . 2012-08-24 11:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3653783C-EDDC-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 01:46 . 2012-08-28 01:47 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{342E364F-F0B2-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:43 . 2012-08-28 10:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3323413C-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 11:16 . 2012-08-24 11:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F66DDA7-EDDD-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-23 21:54 . 2012-08-23 21:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2E46DDE0-ED6D-11E1-AC98-001060F0A7C9}.dat
+ 2012-08-27 02:09 . 2012-08-27 02:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2A260665-EFEC-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 20:56 . 2012-08-24 20:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2540EE42-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-24 20:56 . 2012-08-24 20:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24FBE65A-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 00:20 . 2012-08-28 00:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{22AF3E4D-F0A6-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:58 . 2012-08-27 11:03 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{205AA9D3-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:44 . 2012-08-27 10:44 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2054EE9B-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:58 . 2012-08-27 11:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1715E43F-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:23 . 2012-08-27 20:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1005465B-F085-11E1-9245-001060F0A7C9}.dat
+ 2012-08-23 21:53 . 2012-08-23 21:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{08CD09EC-ED6D-11E1-AC98-001060F0A7C9}.dat
+ 2012-08-25 00:08 . 2012-08-25 00:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{01806C71-EE49-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-27 20:23 . 2012-08-27 20:23 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{014AB949-F085-11E1-9245-001060F0A7C9}.dat
+ 2012-08-25 00:08 . 2012-08-25 00:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{00CB83DC-EE49-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-28 10:56 . 2012-08-28 10:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F9C83E92-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-23 21:39 . 2012-08-23 21:41 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F62055FB-ED6A-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-24 21:01 . 2012-08-24 21:02 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF77F003-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 00:18 . 2012-08-28 00:19 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0EE5FC4-F0A5-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:51 . 2012-08-24 21:51 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E00146D7-EE35-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-27 01:45 . 2012-08-27 01:45 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD28EE31-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-27 01:52 . 2012-08-27 01:52 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D308DC21-EFE9-11E1-A3A9-001060F0A7C9}.dat
+ 2012-08-27 01:44 . 2012-08-27 01:44 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8A6765E-EFE8-11E1-A347-001060F0A7C9}.dat
+ 2012-08-24 21:07 . 2012-08-24 21:11 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B9ED5D5C-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 11:02 . 2012-08-27 11:02 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B835C79E-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:27 . 2012-08-27 20:27 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A3B2ABFF-F085-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:06 . 2012-08-24 21:06 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9866429F-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 10:46 . 2012-08-27 10:46 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77A11EB3-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:08 . 2012-08-27 11:08 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7747B766-F037-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 01:47 . 2012-08-28 01:47 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EA89568-F0B2-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 11:10 . 2012-08-24 11:10 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{42A66DA2-EDDC-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 01:46 . 2012-08-28 01:47 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4038CC4F-F0B2-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-23 21:55 . 2012-08-23 21:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E2B650F-ED6D-11E1-AC98-001060F0A7C9}.dat
+ 2012-08-23 21:54 . 2012-08-23 21:55 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E46DDE1-ED6D-11E1-AC98-001060F0A7C9}.dat
+ 2012-08-27 02:09 . 2012-08-27 02:09 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A260667-EFEC-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 20:56 . 2012-08-24 20:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2540EE43-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-24 20:56 . 2012-08-24 20:56 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24FBE65B-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 00:20 . 2012-08-28 00:20 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{22AF3E4E-F0A6-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:38 . 2012-08-27 20:38 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D4C3615-F087-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 10:51 . 2012-08-27 10:51 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D32887C-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:57 . 2012-08-28 10:57 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C9746CD-F0FF-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 10:51 . 2012-08-27 10:53 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16FF602F-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-23 21:53 . 2012-08-23 21:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08CD09ED-ED6D-11E1-AC98-001060F0A7C9}.dat
+ 2012-08-27 10:50 . 2012-08-27 10:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{063074CE-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:09 . 2012-08-24 21:11 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{028CDD30-EE30-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-25 00:08 . 2012-08-25 00:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{01806C72-EE49-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-25 00:08 . 2012-08-25 00:09 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{00CB83DD-EE49-11E1-AC54-001060F0A7C9}.dat
+ 2012-08-22 00:27 . 2012-08-23 21:59 2274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4233454332-3810385758-2920334761-500_UserData.bin
+ 2010-03-27 07:24 . 2012-08-28 01:38 3641 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-03-27 07:24 . 2012-08-23 11:10 3641 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2012-08-28 01:39 . 2012-08-28 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-23 11:11 . 2012-08-23 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-28 01:39 . 2012-08-28 01:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-23 11:11 . 2012-08-23 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-06 02:18 . 2012-08-28 10:53 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-05-06 02:18 . 2012-08-23 11:27 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-08-23 11:27 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-28 10:57 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-27 10:44 . 2012-08-27 10:44 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012082020120827\index.dat
+ 2012-08-27 11:03 . 2012-08-27 11:07 102400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E2B6605D-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:47 . 2012-08-28 10:51 129536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CFCD449C-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 11:02 . 2012-08-27 11:07 233984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD3A2F7E-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 11:02 . 2012-08-27 11:02 314368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B835C79C-F036-11E1-9245-001060F0A7C9}.dat
+ 2012-08-28 10:46 . 2012-08-28 10:51 129536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A6A224DA-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:46 . 2012-08-28 10:51 250880 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9B77E949-F0FD-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-28 10:53 . 2012-08-28 10:58 107008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{99B8E153-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-24 20:59 . 2012-08-24 21:03 105472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{921634DE-EE2E-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-24 11:18 . 2012-08-24 20:56 183296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62C962F4-EDDD-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-27 10:45 . 2012-08-27 10:46 282624 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6051E1B1-F034-11E1-9245-001060F0A7C9}.dat
+ 2012-08-23 21:41 . 2012-08-23 21:42 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CAB7B8F-ED6B-11E1-AC7B-001060F0A7C9}.dat
+ 2012-08-27 10:52 . 2012-08-27 10:53 102400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{528FBED7-F035-11E1-9245-001060F0A7C9}.dat
+ 2012-08-24 21:04 . 2012-08-24 21:11 499712 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B325C2A-EE2F-11E1-AC82-001060F0A7C9}.dat
+ 2012-08-28 10:50 . 2012-08-28 10:51 106496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{389DF246-F0FE-11E1-B29F-001060F0A7C9}.dat
+ 2012-08-27 20:23 . 2012-08-27 20:23 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{014AB94A-F085-11E1-9245-001060F0A7C9}.dat
+ 2010-03-27 14:23 . 2012-08-28 10:43 423154 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 05:12 . 2012-08-19 14:35 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-08-25 08:05 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-08-28 01:38 498836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-23 11:10 498836 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-08-19 02:30 . 2012-08-28 10:53 1490944 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\index.dat
+ 2009-07-14 04:54 . 2012-08-28 10:57 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-23 11:27 1572864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-28 10:57 2686976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-27 20:37 . 2012-08-27 20:42 1129472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F8C209E2-F086-11E1-9245-001060F0A7C9}.dat
+ 2012-08-27 20:28 . 2012-08-27 20:28 1330688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C869DC50-F085-11E1-9245-001060F0A7C9}.dat
+ 2010-10-31 18:31 . 2012-08-28 01:38 7249896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4233454332-3810385758-2920334761-1000-12288.dat
+ 2012-08-19 21:04 . 2012-08-28 01:38 2451860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 145408]
"RMClock"="c:\program files (x86)\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-08 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-17 87336]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2009-04-17 62760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-15 686792]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_69039971.lnk - c:\users\Admin\AppData\Local\Temp\_uninst_69039971.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14553474
*Deregistered* - 14553474
*Deregistered* - RTCore64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 00:27]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-06-13 5178368]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
BeTwinProxy
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-RDPClip - c:\windows\system32\rdpclip.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:92,93,ac,b9,1c,7e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ %W*%H"]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{B31CF903-CFC8-46BF-B492-A79A51B70DB9}"=hex:00,1a,70,54,38,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-28 07:13:48
ComboFix-quarantined-files.txt 2012-08-28 11:13
ComboFix2.txt 2012-08-23 11:33
ComboFix3.txt 2012-08-22 23:39
.
Pre-Run: 186,617,225,216 bytes free
Post-Run: 186,467,057,664 bytes free
.
- - End Of File - - BB74F733057AEB636A240438393C4CEB
  • 0

#36
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's replace infected files again.

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Please update your Malwarebytes and do one more Quick scan then post log here for me.

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#37
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ComboFix 12-08-28.03 - Admin 08/28/2012 20:54:50.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2465 [GMT -4:00]
Running from: c:\users\Admin\Downloads\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Downloads\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-29 01:03 . 2012-08-29 01:03 -------- d-----w- c:\users\Katie's Account\AppData\Local\temp
2012-08-29 01:03 . 2012-08-29 01:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 21:08 . 2012-08-27 21:08 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-23 21:39 . 2012-08-23 21:39 -------- d-----w- c:\programdata\ThinSoft
2012-08-23 10:45 . 2012-08-23 10:45 -------- d-----w- C:\_OTL
2012-08-22 23:17 . 2012-08-22 23:17 -------- d-----w- c:\programdata\GFI Software
2012-08-22 00:31 . 2012-08-22 01:11 -------- d-----w- C:\Downloads
2012-08-22 00:20 . 2012-08-22 00:20 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2012-08-22 00:20 . 2012-08-22 01:15 -------- d-----w- c:\program files (x86)\Free Download Manager
2012-08-22 00:20 . 2012-08-22 00:32 -------- d-----w- c:\programdata\blekko toolbars
2012-08-20 10:37 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-08-19 23:33 . 2012-08-19 23:33 -------- d-----w- c:\users\Admin\AppData\Roaming\HPAppData
2012-08-19 14:22 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-19 14:18 . 2012-08-19 14:18 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-08-19 14:06 . 2012-08-22 23:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-08-19 13:57 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-08-19 13:57 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-08-19 13:57 . 2012-04-28 05:32 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-08-19 13:57 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-08-19 13:57 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-19 13:57 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-19 13:56 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-08-19 13:53 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-19 13:53 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-19 13:53 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-19 13:53 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-19 13:53 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-19 13:53 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-09 01:24 . 2012-08-09 01:24 -------- d-----w- c:\users\Admin\AppData\Local\Skyrim
2012-08-09 01:22 . 2008-03-05 20:03 238088 ----a-w- c:\windows\SysWow64\xactengine3_0.dll
2012-08-09 01:21 . 2006-03-31 16:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
2012-08-09 01:21 . 2006-02-03 12:42 355536 ----a-w- c:\windows\system32\xactengine2_0.dll
2012-08-09 01:21 . 2006-02-03 12:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll
2012-08-09 01:21 . 2006-02-03 12:43 3830992 ----a-w- c:\windows\system32\d3dx9_29.dll
2012-08-09 01:21 . 2005-05-26 19:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-08-09 01:21 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-08-09 01:21 . 2005-03-18 21:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll
2012-08-09 01:21 . 2005-02-05 23:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll
2012-08-08 23:39 . 2012-08-08 23:39 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-08-08 23:39 . 2012-08-28 01:41 -------- d-----w- c:\program files (x86)\Steam
2012-08-04 13:07 . 2012-08-04 13:07 -------- d-----w- c:\users\Administrator
2012-07-31 21:17 . 2012-07-31 21:17 -------- d-----w- c:\programdata\Battle.net
2012-07-30 21:52 . 2012-07-30 21:52 103904 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 00:27 . 2012-05-10 23:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 00:27 . 2011-05-21 04:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 08:27 . 2010-06-26 12:58 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-22 06:21 . 2012-07-22 06:21 67584 ----a-w- c:\windows\system32\Rdpssw32.exe
2012-07-22 06:21 . 2012-07-22 06:21 46664 ----a-w- c:\windows\system32\BeTwinScreenSaver.exe
2012-07-22 06:21 . 2012-07-22 06:21 35640 ----a-w- c:\windows\system32\drivers\BeTwinMF.sys
2012-07-22 06:21 . 2012-07-22 06:21 35512 ----a-w- c:\windows\system32\drivers\BeTwinKF.sys
2012-07-22 06:21 . 2012-07-22 06:21 289864 ----a-w- c:\windows\system32\BeTwinServiceVS.exe
2012-07-22 06:21 . 2012-07-22 06:21 24120 ----a-w- c:\windows\system32\drivers\BeTwinVF.sys
2012-07-22 06:21 . 2012-07-22 06:21 22600 ----a-w- c:\windows\system32\drivers\BeTwinSystemVS.sys
2012-07-22 06:21 . 2012-07-22 06:21 249856 ----a-w- c:\windows\system32\Slsapi.dll
2012-07-22 06:21 . 2012-07-22 06:21 214080 ----a-w- c:\windows\system32\BeTwinProxyVS.dll
2012-07-22 06:21 . 2012-07-22 06:21 16696 ----a-w- c:\windows\system32\BeTwinDD.dll
2012-07-22 06:21 . 2012-07-22 06:21 151552 ----a-w- c:\windows\system32\SlsApiEx.dll
2012-07-03 17:46 . 2010-01-21 23:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-02 22:19 . 2012-06-19 11:18 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 11:18 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 11:18 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 11:18 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 11:18 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 11:18 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 11:18 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 11:18 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 11:18 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . E107F960D82DC2780C45982ACC8C5984 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot_2012-08-28_11.11.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-27 14:23 . 2012-08-29 00:45 423250 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 145408]
"RMClock"="c:\program files (x86)\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-08 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-04 75048]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2009-04-17 87336]
"LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD\Language\Language.exe" [2009-04-17 62760]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe" [2012-08-15 686792]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
_uninst_69039971.lnk - c:\users\Admin\AppData\Local\Temp\_uninst_69039971.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
[BU]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 14553474
*Deregistered* - 14553474
*Deregistered* - RTCore64
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 00:27]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-09 01:44]
.
2012-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000Core.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
2012-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4233454332-3810385758-2920334761-1000UA.job
- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-28 15:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-09-10 23:35 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-06-13 5178368]
"Skytel"="Skytel.exe" [2007-05-28 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-21 182808]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetworkService
BeTwinProxy
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebUpdater.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,
35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}"=hex:51,66,7a,6c,4c,1d,38,12,19,c7,a0,
e8,38,54,d3,01,c4,41,3b,b9,ea,bd,0b,b3
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:92,93,ac,b9,1c,7e,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,26,b6,98,61,4b,32,40,b7,a4,c3,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ %W*%H"]
"Successes"=dword:e0000000
"Failures"=dword:e0000001
"{B31CF903-CFC8-46BF-B492-A79A51B70DB9}"=hex:00,1a,70,54,38,fe
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,50,26,e1,e7,22,f5,07,4b,b0,72,09,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:15,d6,43,7a,1c,60,82,23,65,ec,ca,a9,ff,41,4d,c2,9f,d5,41,27,93,
c7,41,e7,ca,8c,18,a0,ef,8f,8e,f6,b0,94,c9,42,d2,7c,e2,a1,e5,83,17,dc,4f,da,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-28 21:06:01
ComboFix-quarantined-files.txt 2012-08-29 01:06
ComboFix2.txt 2012-08-28 11:13
ComboFix3.txt 2012-08-23 11:33
ComboFix4.txt 2012-08-22 23:39
.
Pre-Run: 186,552,074,240 bytes free
Post-Run: 188,562,309,120 bytes free
.
- - End Of File - - B5A0488194D336A00B3DE9EAABFBB32E
  • 0

#38
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: ANDYS_LAPTOP [administrator]

8/28/2012 9:07:15 PM
mbam-log-2012-08-28 (21-07-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243319
Time elapsed: 2 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#39
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Combofix failed to replace file. Let's try Avanger instead. Restart your system after this step and test if you still get redirects.

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

1. Please download The Avenger by Swandog46 to your Desktop.
  • Right click on the Avenger.zip folder and select "Extract All..."
  • Follow the prompts and extract the avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to move:
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWOW64\user32.dll

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
  • Right click on the window under Input script here:, and select Paste.
  • You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
  • Click on Execute
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice .)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
5. Please copy/paste the content of c:\avenger.txt into your reply.
  • 0

#40
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ran avenger like you asked and restarted it like it prompted me. I did not notice the black command prompt popping up like you mentioned and no avenger.txt file upon restart (I searched my entire C-drive for avenger.txt and found nothing).

I ran Avenger a second time and still no txt file.

Edited by ackmiller, 29 August 2012 - 06:09 AM.

  • 0

Advertisements


#41
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please tell me current situation. Do you still get redirected?

Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Press button named None Posted Image
  • Under the Custom Scan/Fixes box paste this in

    c:\windows\SysWOW64\user32.dll /verifysig
    c:\windows\SysWOW64\user32.dll /MD5
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

  • 0

#42
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OTL logfile created on: 8/29/2012 11:23:41 PM - Run 4
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Admin\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.25% Memory free
8.00 Gb Paging File | 6.59 Gb Available in Paging File | 82.44% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 175.66 Gb Free Space | 58.93% Space Free | Partition Type: NTFS
Drive D: | 5.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ANDYS_LAPTOP | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< c:\windows\SysWOW64\user32.dll /verifysig >
Invalid Switch: verifysig

< c:\windows\SysWOW64\user32.dll /MD5 >
[2010/11/20 08:08:57 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=E107F960D82DC2780C45982ACC8C5984 -- c:\windows\SysWOW64\user32.dll

< End of report >
  • 0

#43
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Infected system file is still on your system. We need to replace it outside your system. For this step we will need flash memory drive to place FRST64.exe and fixlist.txt on it.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.

    Replace: c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll c:\windows\SysWOW64\user32.dll

  • Right-click in the open notepad and select Paste).
  • Save it on the flashdrive as fixlist.txt

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Plug the flashdrive into the infected PC.



Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.
[/list]
  • 0

#44
ackmiller

ackmiller

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 31-08-2012
Ran by SYSTEM at 2012-08-30 20:02:51 Run:1
Running from E:\

==============================================

c:\windows\SysWOW64\user32.dll moved successfully.
c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll copied successfully to c:\windows\SysWOW64\user32.dll

==== End of Fixlog ====
  • 0

#45
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. FRST manage to replace it. How is your system now? Redirects?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP