Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer Infected with viruses [Closed]

Started by CameronNC , Oct 12 2012 04:18 PM

This topic is locked

#1
CameronNC

Posted 12 October 2012 - 04:18 PM

Member

Member
15 posts

Symptoms include slow loading web browsers, usually freezes, wont load youtube videos + can't connect to online programs such as Steam, not sure when exactly my computer was infected but I think its more than just one infection, and internet browsers only open when repeadedly clicked. Any help would be much appreciated

- Cam

Heres The OTL Quick Scan:
-------------------------------------------------------------------------------------------------

OTL logfile created on: 10/11/2012 5:53:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Cameron\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.60 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 61.31% Memory free
7.21 Gb Paging File | 4.87 Gb Available in Paging File | 67.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.17 Gb Total Space | 370.31 Gb Free Space | 82.08% Space Free | Partition Type: NTFS
Drive D: | 14.29 Gb Total Space | 1.76 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Drive E: | 7.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 99.02 Mb Total Space | 88.89 Mb Free Space | 89.76% Space Free | Partition Type: FAT32

Computer Name: CAMERON-HP | User Name: Cameron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 17:53:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cameron\Downloads\OTL.exe
PRC - [2012/10/07 15:25:46 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/09/02 20:57:31 | 000,210,944 | ---- | M] () -- C:\ProgramData\GBox\GBox.exe
PRC - [2012/09/02 20:56:58 | 000,210,944 | ---- | M] () -- C:\ProgramData\OptimizerPro1\OptimizerPro1.exe
PRC - [2012/08/27 19:46:59 | 000,210,944 | ---- | M] () -- C:\ProgramData\WxDFast\WxDFast.exe
PRC - [2012/04/27 10:30:50 | 000,215,856 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/02/16 12:40:20 | 000,197,112 | ---- | M] (PC Utilities Pro) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/08/11 12:28:10 | 000,862,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2011/08/11 12:27:02 | 000,358,336 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2011/07/19 18:59:04 | 000,964,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/09 17:57:36 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/12/27 17:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/20 20:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/11/18 12:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

========== Modules (No Company Name) ==========

MOD - [2012/10/01 19:17:12 | 000,155,136 | ---- | M] () -- C:\ProgramData\wxDownload\506a4ea80610d.ocx
MOD - [2012/09/03 17:46:01 | 000,142,848 | ---- | M] () -- C:\ProgramData\WxDFast\bhoclass.dll
MOD - [2012/08/07 08:02:46 | 000,323,584 | ---- | M] () -- c:\Program Files (x86)\SProtector\sprotector.dll
MOD - [2011/09/16 13:34:58 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/11/18 13:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Cameron\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 12:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Cameron\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 18:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/04 12:50:26 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/04 12:44:40 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 14:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2009/11/17 19:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/07 15:25:50 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/06 11:34:21 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 18:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 17:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/29 22:55:19 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/10 23:20:26 | 000,091,864 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 00:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/04 15:01:18 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/04 12:16:48 | 000,295,424 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/15 12:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/02/09 17:58:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/20 17:20:02 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/29 05:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 19:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/11 19:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gboxapp.com/
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKCU\..\SearchScopes\{03DF8B72-8698-4A9F-8B49-E6524190F5E5}: "URL" = http://ca.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=CPNTDF
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxap...q={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/26 11:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/23 09:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/28 15:09:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/26 11:04:54 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://search.gboxapp.com/
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\fikgigbhidgoieggfoffhhdjhnljfckg\4_0\
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\laodgmcclogmkmjnamahdingmmmlfiin\1.0_0\
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\miiidmpjgdhcalinpkbhkicfbdjligaf\1.0_0\
CHR - Extension: No name found = C:\Users\Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627111256.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (wxDownload Class) - {24BA68C9-D30A-4266-4C13-5ABC8551C193} - C:\ProgramData\wxDownload\506a4ea80610d.ocx ()
O2 - BHO: (wxDfast Class) - {668CF831-02C8-5090-0F80-4527AA64A06C} - C:\ProgramData\WxDFast\bhoclass.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627111256.dll (McAfee, Inc.)
O2 - BHO: (wxDfast Class) - {90F3AAF8-B207-A574-E09D-9EB756F951C0} - C:\ProgramData\WxDFast\bhoclass.dll ()
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [McAfeeWrapperApplication] C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.176.15 64.59.177.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{608669EA-B9AD-4C93-A86E-E5BDF0B23490}: DhcpNameServer = 192.168.40.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E81DFF14-12C2-4B4A-8516-0ADBCA7589E8}: DhcpNameServer = 64.59.176.15 64.59.177.227
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\intu-tt2011 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - c:\Program Files (x86)\SProtector\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/11 15:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/30 22:13:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDownload
[2012/09/30 22:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\wxDownload
[2012/09/26 15:26:32 | 000,000,000 | ---D | C] -- C:\Users\Cameron\Documents\Child Psych
[2012/09/18 11:37:08 | 000,000,000 | ---D | C] -- C:\Users\Cameron\AppData\Local\{C79CE4EA-3B6E-47F1-87E9-98EB70B6609B}

========== Files - Modified Within 30 Days ==========

[2012/10/11 18:05:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/11 17:25:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/11 15:46:27 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/10/11 15:44:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/11 15:44:05 | 000,000,384 | -H-- | M] () -- C:\Windows\tasks\OptimizerPro1UpdaterTask{A8983079-33CA-4029-B9F8-499DE884685E}.job
[2012/10/11 15:44:05 | 000,000,348 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{51C10E4A-9CDF-4D13-923B-17691FD00E71}.job
[2012/10/11 15:44:05 | 000,000,330 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{8BED1500-C65A-4E8D-A5EF-8D6EAF5AD029}.job
[2012/10/11 15:34:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/11 15:34:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/11 15:26:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/11 15:26:11 | 2902,646,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/10 11:14:43 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCameron.job
[2012/10/09 23:53:49 | 000,002,374 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/04 21:47:16 | 001,752,796 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/04 21:47:16 | 000,678,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/04 21:47:15 | 000,005,380 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/04 21:15:04 | 000,000,221 | ---- | M] () -- C:\Users\Cameron\Desktop\Age of Chivalry.url
[2012/10/02 16:00:40 | 536,251,071 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/10/02 10:53:18 | 000,012,415 | ---- | M] () -- C:\Users\Cameron\Documents\Discussion memo 3.odt
[2012/09/30 22:13:14 | 000,001,062 | ---- | M] () -- C:\Users\Cameron\Desktop\Optimizer Pro.lnk

========== Files Created - No Company Name ==========

[2012/10/09 17:47:01 | 000,000,340 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForCameron.job
[2012/10/04 21:15:04 | 000,000,221 | ---- | C] () -- C:\Users\Cameron\Desktop\Age of Chivalry.url
[2012/10/02 10:53:16 | 000,012,415 | ---- | C] () -- C:\Users\Cameron\Documents\Discussion memo 3.odt
[2012/08/30 17:57:23 | 000,003,584 | ---- | C] () -- C:\Users\Cameron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/30 17:55:36 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\LAGARITH.DLL
[2012/08/30 17:55:34 | 000,745,016 | ---- | C] () -- C:\Windows\unins000.exe
[2012/08/30 17:55:34 | 000,042,487 | ---- | C] () -- C:\Windows\unins000.dat
[2012/01/31 04:38:11 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/26 10:49:50 | 000,207,034 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/14 15:31:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/14 15:22:02 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/11 12:09:26 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/20 17:20:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/15 16:33:32 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/10 10:48:40 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/11/20 20:24:22 | 000,025,602 | ---- | C] () -- C:\Windows\SysWow64\llsrw2k.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/01 13:31:05 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\.minecraft
[2012/03/24 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\Blio
[2012/03/24 12:04:35 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\ICAClient
[2012/08/30 17:55:35 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\OpenCandy
[2011/09/16 13:38:57 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\OpenOffice.org
[2012/09/02 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\Optimizer Pro
[2011/09/11 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\PictureMover
[2012/09/20 13:08:29 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\SoftGrid Client
[2011/09/11 15:11:03 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\Synaptics
[2012/01/31 04:39:32 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\TP
[2011/10/05 11:37:44 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\WildTangent
[2012/05/24 16:52:11 | 000,000,000 | ---D | M] -- C:\Users\Cameron\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

< End of report >

#2
gringo_pr

Posted 12 October 2012 - 06:08 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

Download Security Check by screen317 from here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller or from here
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

Gringo

#3
CameronNC

Posted 13 October 2012 - 08:29 PM

Member

Topic Starter
Member
15 posts

Thank you Gringo, heres the Rogue Killer report you asked for:

--------------------------------------------------------------------------------------

RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Cameron [Admin rights]
Mode : Remove -- Date : 10/12/2012 22:29:23

¤¤¤ Bad processes : 3 ¤¤¤
[SUSP PATH] WxDFast.exe -- C:\ProgramData\WxDFast\WxDFast.exe -> KILLED [TermProc]
[SUSP PATH] GBox.exe -- C:\ProgramData\GBox\GBox.exe -> KILLED [TermProc]
[SUSP PATH] OptimizerPro1.exe -- C:\ProgramData\OptimizerPro1\OptimizerPro1.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] WxDFastUpdaterTask{51C10E4A-9CDF-4D13-923B-17691FD00E71}.job : C:\ProgramData\WxDFast\WxDFast.exe -> DELETED
[TASK][SUSP PATH] OptimizerPro1UpdaterTask{A8983079-33CA-4029-B9F8-499DE884685E}.job : C:\ProgramData\OptimizerPro1\OptimizerPro1.exe -> DELETED
[TASK][SUSP PATH] GBoxUpdaterTask{8BED1500-C65A-4E8D-A5EF-8D6EAF5AD029}.job : C:\ProgramData\GBox\GBox.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

#4
CameronNC

Posted 13 October 2012 - 09:17 PM

Member

Topic Starter
Member
15 posts

Oh and my computer is running much better today and not having the same serious issues but my web browsers still take several clicks to open and web pages still freeze frequently.

#5
gringo_pr

Posted 13 October 2012 - 10:33 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

#6
CameronNC

Posted 14 October 2012 - 09:35 AM

Member

Topic Starter
Member
15 posts

My computer seems to be running much better now overall than it had been when I first posted, internet browsers seem to be working perfectly now as well, and they open in one click, im pretty sure all the problems I have been having have been solved but if not I will let you know

Thanks Gringo, and may I ask, do you do this for a living? Heres the combo fix log:

--------------------------------------------------------------------------------------------------
ComboFix 12-10-14.03 - Cameron 13/10/2012 11:08:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3691.2149 [GMT -7:00]
Running from: c:\users\Cameron\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\wxDfast
c:\programdata\wxDfast\background.html
c:\programdata\wxDfast\bhoclass.dll
c:\programdata\wxDfast\content.js
c:\programdata\wxDfast\laodgmcclogmkmjnamahdingmmmlfiin.crx
c:\programdata\wxDfast\miiidmpjgdhcalinpkbhkicfbdjligaf.crx
c:\programdata\wxDfast\profile.ini
c:\programdata\wxDfast\runtime.dll
c:\programdata\wxDfast\settings.ini
c:\programdata\wxDfast\uninstall.exe
c:\programdata\wxDfast\WxDFast.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-13 18:19 . 2012-10-13 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 07:11 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 07:11 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 07:11 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 07:11 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 07:08 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 07:08 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 07:08 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 07:08 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 07:06 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 07:06 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 07:06 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 07:06 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 07:06 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 07:06 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 07:06 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 07:06 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-01 05:13 . 2012-10-01 05:13 -------- d-----w- c:\programdata\wxDownload
2012-09-24 20:29 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-21 06:16 . 2012-08-24 10:24 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-09-21 06:16 . 2012-08-24 10:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-09-21 06:16 . 2012-08-24 06:53 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2012-09-21 06:16 . 2012-08-24 06:52 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2012-09-21 06:16 . 2012-08-24 10:25 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-09-21 06:16 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-21 06:16 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-07 22:25 . 2012-08-21 16:48 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-07 22:25 . 2011-09-27 00:24 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 00:53 . 2012-08-31 00:55 745016 ----a-w- c:\windows\unins000.exe
2012-08-22 18:12 . 2012-09-11 20:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-11 20:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-11 20:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-11 20:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-10 07:10 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-11 20:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-11 20:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-25 23:17 . 2012-08-31 00:55 1720832 ----a-w- c:\windows\SysWow64\VisioForge_Video_Mixer.ax
2012-07-18 18:15 . 2012-08-16 04:09 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{24BA68C9-D30A-4266-4C13-5ABC8551C193}]
2012-10-02 02:17 155136 ----a-w- c:\programdata\wxDownload\506a4ea80610d.ocx
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-05 1353080]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-01-03 81912]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-08-11 358336]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
.
c:\users\Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 250808]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-08-11 91864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-04 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-04 295424]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-10 31088]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-05-30 878184]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 22:25]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 16:48]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-21 16:48]
.
2012-10-10 c:\windows\Tasks\HPCeeScheduleForCameron.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-24 7466600]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.gboxapp.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=TJ&userid=e29eddb4-0bd1-4b8e-a668-7b3d04338cdf&searchtype=ds&q={searchTerms}
TCP: DhcpNameServer = 64.59.176.15 64.59.177.227
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files (x86)\TurboTax 2011\ic2011pp.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{668CF831-02C8-5090-0F80-4527AA64A06C} - c:\programdata\wxDfast\bhoclass.dll
BHO-{90F3AAF8-B207-A574-E09D-9EB756F951C0} - c:\programdata\wxDfast\bhoclass.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-WxDFast - c:\programdata\WxDFast\WxDFast.exe
AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-13 11:23:44
ComboFix-quarantined-files.txt 2012-10-13 18:23
.
Pre-Run: 398,911,905,792 bytes free
Post-Run: 400,332,582,912 bytes free
.
- - End Of File - - 22B01FA098F3CBD7FEFE02056A75DB16

#7
gringo_pr

Posted 14 October 2012 - 11:39 AM

Trusted Helper

Malware Removal
7,268 posts

Greetings CameronNC

More as a hobby

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

#8
CameronNC

Posted 15 October 2012 - 08:05 PM

Member

Topic Starter
Member
15 posts

Ok Ive run both of the programs you asked me too, my computers being a bit laggy atm but other than that its running well, heres the TDSSKiller report followed by the aswMBR:

------------------------------------------------------------------------------------------------------------

21:52:41.0467 3980 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:52:41.0917 3980 ============================================================
21:52:41.0917 3980 Current date / time: 2012/10/14 21:52:41.0917
21:52:41.0917 3980 SystemInfo:
21:52:41.0917 3980
21:52:41.0917 3980 OS Version: 6.1.7601 ServicePack: 1.0
21:52:41.0917 3980 Product type: Workstation
21:52:41.0917 3980 ComputerName: CAMERON-HP
21:52:41.0917 3980 UserName: Cameron
21:52:41.0917 3980 Windows directory: C:\Windows
21:52:41.0917 3980 System windows directory: C:\Windows
21:52:41.0917 3980 Running under WOW64
21:52:41.0917 3980 Processor architecture: Intel x64
21:52:41.0917 3980 Number of processors: 2
21:52:41.0917 3980 Page size: 0x1000
21:52:41.0917 3980 Boot type: Normal boot
21:52:41.0917 3980 ============================================================
21:52:42.0751 3980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:52:42.0762 3980 ============================================================
21:52:42.0762 3980 \Device\Harddisk0\DR0:
21:52:42.0762 3980 MBR partitions:
21:52:42.0762 3980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:52:42.0762 3980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38659800
21:52:42.0762 3980 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x386BD800, BlocksNum 0x1C94800
21:52:42.0762 3980 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:52:42.0762 3980 ============================================================
21:52:42.0783 3980 C: <-> \Device\Harddisk0\DR0\Partition2
21:52:42.0823 3980 D: <-> \Device\Harddisk0\DR0\Partition3
21:52:42.0833 3980 F: <-> \Device\Harddisk0\DR0\Partition4
21:52:42.0833 3980 ============================================================
21:52:42.0833 3980 Initialize success
21:52:42.0833 3980 ============================================================
21:52:44.0407 5740 ============================================================
21:52:44.0407 5740 Scan started
21:52:44.0407 5740 Mode: Manual;
21:52:44.0407 5740 ============================================================
21:52:44.0681 5740 ================ Scan system memory ========================
21:52:44.0681 5740 System memory - ok
21:52:44.0681 5740 ================ Scan services =============================
21:52:44.0906 5740 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:52:44.0910 5740 1394ohci - ok
21:52:44.0953 5740 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:52:44.0959 5740 ACPI - ok
21:52:45.0015 5740 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:52:45.0015 5740 AcpiPmi - ok
21:52:45.0107 5740 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:52:45.0107 5740 AdobeARMservice - ok
21:52:45.0319 5740 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:52:45.0329 5740 AdobeFlashPlayerUpdateSvc - ok
21:52:45.0386 5740 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:52:45.0393 5740 adp94xx - ok
21:52:45.0470 5740 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:52:45.0476 5740 adpahci - ok
21:52:45.0508 5740 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:52:45.0512 5740 adpu320 - ok
21:52:45.0552 5740 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:52:45.0555 5740 AeLookupSvc - ok
21:52:45.0643 5740 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
21:52:45.0645 5740 AERTFilters - ok
21:52:45.0705 5740 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:52:45.0714 5740 AFD - ok
21:52:45.0786 5740 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:52:45.0789 5740 agp440 - ok
21:52:45.0827 5740 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:52:45.0830 5740 ALG - ok
21:52:45.0909 5740 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:52:45.0910 5740 aliide - ok
21:52:46.0009 5740 [ F4F8D818F8BB7EAFB7B9A259D6CBFE68 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:52:46.0014 5740 AMD External Events Utility - ok
21:52:46.0050 5740 AMD FUEL Service - ok
21:52:46.0093 5740 [ DD27F6C3DE9BFE50635C721E09EDC5DD ] AMD Reservation Manager C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
21:52:46.0108 5740 AMD Reservation Manager - ok
21:52:46.0140 5740 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:52:46.0141 5740 amdide - ok
21:52:46.0177 5740 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
21:52:46.0178 5740 amdiox64 - ok
21:52:46.0235 5740 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:52:46.0236 5740 AmdK8 - ok
21:52:46.0519 5740 [ E93230B4214A90854BE7F27E61C1E8FD ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:52:46.0722 5740 amdkmdag - ok
21:52:46.0767 5740 [ 2B614A1CB27F36C5B2D96E554472A809 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:52:46.0767 5740 amdkmdap - ok
21:52:46.0797 5740 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:52:46.0797 5740 AmdPPM - ok
21:52:46.0837 5740 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:52:46.0837 5740 amdsata - ok
21:52:46.0886 5740 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:52:46.0889 5740 amdsbs - ok
21:52:46.0917 5740 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:52:46.0918 5740 amdxata - ok
21:52:46.0949 5740 [ 80A508D0C7A21BC13C01D4C671541203 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
21:52:46.0949 5740 amd_sata - ok
21:52:46.0969 5740 [ 2BE940F3A632A1A301B22B096BF221F1 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
21:52:46.0969 5740 amd_xata - ok
21:52:47.0010 5740 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:52:47.0012 5740 AppID - ok
21:52:47.0041 5740 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:52:47.0051 5740 AppIDSvc - ok
21:52:47.0071 5740 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:52:47.0071 5740 Appinfo - ok
21:52:47.0143 5740 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:52:47.0153 5740 arc - ok
21:52:47.0173 5740 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:52:47.0173 5740 arcsas - ok
21:52:47.0209 5740 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:52:47.0211 5740 AsyncMac - ok
21:52:47.0245 5740 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:52:47.0245 5740 atapi - ok
21:52:47.0315 5740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:52:47.0395 5740 AudioEndpointBuilder - ok
21:52:47.0475 5740 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:52:47.0485 5740 AudioSrv - ok
21:52:47.0525 5740 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:52:47.0535 5740 AxInstSV - ok
21:52:47.0575 5740 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:52:47.0585 5740 b06bdrv - ok
21:52:47.0615 5740 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:52:47.0625 5740 b57nd60a - ok
21:52:47.0687 5740 [ 93EE7D9C35AE7E9FFDA148D7805F1421 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:52:47.0697 5740 BBSvc - ok
21:52:47.0757 5740 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
21:52:47.0857 5740 BCM43XX - ok
21:52:47.0919 5740 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:52:47.0939 5740 BDESVC - ok
21:52:47.0979 5740 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:52:47.0989 5740 Beep - ok
21:52:48.0099 5740 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:52:48.0199 5740 BFE - ok
21:52:48.0231 5740 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
21:52:48.0321 5740 BITS - ok
21:52:48.0361 5740 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:52:48.0361 5740 blbdrive - ok
21:52:48.0412 5740 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:52:48.0417 5740 bowser - ok
21:52:48.0453 5740 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:52:48.0453 5740 BrFiltLo - ok
21:52:48.0463 5740 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:52:48.0463 5740 BrFiltUp - ok
21:52:48.0553 5740 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:52:48.0553 5740 BridgeMP - ok
21:52:48.0583 5740 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:52:48.0593 5740 Browser - ok
21:52:48.0675 5740 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:52:48.0675 5740 Brserid - ok
21:52:48.0705 5740 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:52:48.0705 5740 BrSerWdm - ok
21:52:48.0738 5740 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:52:48.0739 5740 BrUsbMdm - ok
21:52:48.0767 5740 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:52:48.0767 5740 BrUsbSer - ok
21:52:48.0807 5740 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:52:48.0807 5740 BTHMODEM - ok
21:52:48.0867 5740 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:52:48.0870 5740 bthserv - ok
21:52:48.0939 5740 catchme - ok
21:52:48.0959 5740 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:52:48.0989 5740 cdfs - ok
21:52:49.0039 5740 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:52:49.0039 5740 cdrom - ok
21:52:49.0079 5740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:52:49.0079 5740 CertPropSvc - ok
21:52:49.0127 5740 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:52:49.0129 5740 circlass - ok
21:52:49.0211 5740 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:52:49.0211 5740 CLFS - ok
21:52:49.0283 5740 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:52:49.0293 5740 clr_optimization_v2.0.50727_32 - ok
21:52:49.0343 5740 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:52:49.0343 5740 clr_optimization_v2.0.50727_64 - ok
21:52:49.0393 5740 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:52:49.0403 5740 clr_optimization_v4.0.30319_32 - ok
21:52:49.0493 5740 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:52:49.0503 5740 clr_optimization_v4.0.30319_64 - ok
21:52:49.0543 5740 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
21:52:49.0543 5740 clwvd - ok
21:52:49.0583 5740 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
21:52:49.0583 5740 CmBatt - ok
21:52:49.0603 5740 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:52:49.0603 5740 cmdide - ok
21:52:49.0655 5740 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:52:49.0655 5740 CNG - ok
21:52:49.0685 5740 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
21:52:49.0685 5740 Compbatt - ok
21:52:49.0715 5740 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:52:49.0715 5740 CompositeBus - ok
21:52:49.0735 5740 COMSysApp - ok
21:52:49.0780 5740 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:52:49.0781 5740 crcdisk - ok
21:52:49.0827 5740 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:52:49.0837 5740 CryptSvc - ok
21:52:49.0907 5740 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
21:52:49.0907 5740 ctxusbm - ok
21:52:50.0057 5740 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:52:50.0147 5740 cvhsvc - ok
21:52:50.0211 5740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:52:50.0222 5740 DcomLaunch - ok
21:52:50.0259 5740 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:52:50.0269 5740 defragsvc - ok
21:52:50.0309 5740 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:52:50.0309 5740 DfsC - ok
21:52:50.0361 5740 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:52:50.0371 5740 Dhcp - ok
21:52:50.0381 5740 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:52:50.0381 5740 discache - ok
21:52:50.0428 5740 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:52:50.0430 5740 Disk - ok
21:52:50.0453 5740 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:52:50.0453 5740 Dnscache - ok
21:52:50.0483 5740 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:52:50.0493 5740 dot3svc - ok
21:52:50.0555 5740 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:52:50.0565 5740 DPS - ok
21:52:50.0595 5740 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:52:50.0595 5740 drmkaud - ok
21:52:50.0695 5740 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:52:50.0785 5740 DXGKrnl - ok
21:52:50.0825 5740 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:52:50.0828 5740 EapHost - ok
21:52:50.0967 5740 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:52:51.0079 5740 ebdrv - ok
21:52:51.0111 5740 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:52:51.0121 5740 EFS - ok
21:52:51.0191 5740 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:52:51.0221 5740 ehRecvr - ok
21:52:51.0241 5740 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:52:51.0241 5740 ehSched - ok
21:52:51.0285 5740 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:52:51.0353 5740 elxstor - ok
21:52:51.0383 5740 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:52:51.0383 5740 ErrDev - ok
21:52:51.0465 5740 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:52:51.0475 5740 EventSystem - ok
21:52:51.0547 5740 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:52:51.0547 5740 exfat - ok
21:52:51.0629 5740 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:52:51.0629 5740 fastfat - ok
21:52:51.0679 5740 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:52:51.0759 5740 Fax - ok
21:52:51.0805 5740 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:52:51.0807 5740 fdc - ok
21:52:51.0871 5740 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:52:51.0881 5740 fdPHost - ok
21:52:51.0901 5740 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:52:51.0901 5740 FDResPub - ok
21:52:51.0921 5740 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:52:51.0931 5740 FileInfo - ok
21:52:51.0954 5740 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:52:51.0956 5740 Filetrace - ok
21:52:51.0985 5740 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:52:51.0987 5740 flpydisk - ok
21:52:52.0023 5740 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:52:52.0033 5740 FltMgr - ok
21:52:52.0205 5740 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:52:52.0295 5740 FontCache - ok
21:52:52.0350 5740 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:52:52.0351 5740 FontCache3.0.0.0 - ok
21:52:52.0367 5740 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:52:52.0367 5740 FsDepends - ok
21:52:52.0387 5740 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:52:52.0397 5740 Fs_Rec - ok
21:52:52.0429 5740 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:52:52.0429 5740 fvevol - ok
21:52:52.0479 5740 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:52:52.0479 5740 gagp30kx - ok
21:52:52.0551 5740 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
21:52:52.0561 5740 GameConsoleService - ok
21:52:52.0611 5740 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:52:52.0691 5740 gpsvc - ok
21:52:52.0791 5740 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:52:52.0791 5740 gupdate - ok
21:52:52.0801 5740 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:52:52.0801 5740 gupdatem - ok
21:52:52.0849 5740 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:52:52.0855 5740 gusvc - ok
21:52:52.0882 5740 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:52:52.0887 5740 hcw85cir - ok
21:52:52.0949 5740 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:52:52.0955 5740 HdAudAddService - ok
21:52:52.0975 5740 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:52:52.0975 5740 HDAudBus - ok
21:52:53.0005 5740 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:52:53.0005 5740 HidBatt - ok
21:52:53.0030 5740 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:52:53.0032 5740 HidBth - ok
21:52:53.0057 5740 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:52:53.0057 5740 HidIr - ok
21:52:53.0087 5740 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
21:52:53.0087 5740 hidserv - ok
21:52:53.0127 5740 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:52:53.0127 5740 HidUsb - ok
21:52:53.0199 5740 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:52:53.0209 5740 hkmsvc - ok
21:52:53.0229 5740 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:52:53.0239 5740 HomeGroupListener - ok
21:52:53.0280 5740 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:52:53.0288 5740 HomeGroupProvider - ok
21:52:53.0371 5740 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
21:52:53.0381 5740 HP Support Assistant Service - ok
21:52:53.0441 5740 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
21:52:53.0441 5740 HP Wireless Assistant Service - ok
21:52:53.0481 5740 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
21:52:53.0491 5740 HPClientSvc - ok
21:52:53.0551 5740 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
21:52:53.0551 5740 HPDrvMntSvc.exe - ok
21:52:53.0651 5740 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
21:52:53.0661 5740 hpqcxs08 - ok
21:52:53.0681 5740 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
21:52:53.0691 5740 hpqddsvc - ok
21:52:53.0791 5740 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
21:52:53.0891 5740 hpqwmiex - ok
21:52:53.0911 5740 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:52:53.0921 5740 HpSAMD - ok
21:52:53.0971 5740 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
21:52:53.0981 5740 HPSLPSVC - ok
21:52:54.0051 5740 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
21:52:54.0051 5740 HPWMISVC - ok
21:52:54.0101 5740 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:52:54.0121 5740 HTTP - ok
21:52:54.0141 5740 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:52:54.0151 5740 hwpolicy - ok
21:52:54.0221 5740 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:52:54.0221 5740 i8042prt - ok
21:52:54.0261 5740 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:52:54.0271 5740 iaStorV - ok
21:52:54.0461 5740 [ E4693409D06785477A49FB34AFAE1B92 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
21:52:54.0551 5740 IconMan_R - ok
21:52:54.0601 5740 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:52:54.0691 5740 idsvc - ok
21:52:54.0721 5740 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:52:54.0721 5740 iirsp - ok
21:52:54.0771 5740 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:52:54.0861 5740 IKEEXT - ok
21:52:55.0041 5740 [ E395D888EF6D3777134A9E09FF7582C2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:52:55.0161 5740 IntcAzAudAddService - ok
21:52:55.0191 5740 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:52:55.0191 5740 intelide - ok
21:52:55.0231 5740 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
21:52:55.0231 5740 intelppm - ok
21:52:55.0261 5740 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:52:55.0261 5740 IPBusEnum - ok
21:52:55.0291 5740 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:52:55.0301 5740 IpFilterDriver - ok
21:52:55.0381 5740 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:52:55.0411 5740 iphlpsvc - ok
21:52:55.0421 5740 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:52:55.0431 5740 IPMIDRV - ok
21:52:55.0451 5740 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:52:55.0451 5740 IPNAT - ok
21:52:55.0481 5740 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:52:55.0481 5740 IRENUM - ok
21:52:55.0511 5740 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:52:55.0511 5740 isapnp - ok
21:52:55.0561 5740 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:52:55.0561 5740 iScsiPrt - ok
21:52:55.0601 5740 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:52:55.0601 5740 kbdclass - ok
21:52:55.0641 5740 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:52:55.0641 5740 kbdhid - ok
21:52:55.0671 5740 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:52:55.0671 5740 KeyIso - ok
21:52:55.0701 5740 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:52:55.0701 5740 KSecDD - ok
21:52:55.0751 5740 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:52:55.0751 5740 KSecPkg - ok
21:52:55.0801 5740 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:52:55.0801 5740 ksthunk - ok
21:52:55.0851 5740 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:52:55.0861 5740 KtmRm - ok
21:52:55.0911 5740 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:52:55.0921 5740 LanmanServer - ok
21:52:55.0961 5740 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:52:55.0961 5740 LanmanWorkstation - ok
21:52:56.0011 5740 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:52:56.0021 5740 lltdio - ok
21:52:56.0051 5740 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:52:56.0051 5740 lltdsvc - ok
21:52:56.0071 5740 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:52:56.0081 5740 lmhosts - ok
21:52:56.0131 5740 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:52:56.0141 5740 LSI_FC - ok
21:52:56.0151 5740 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:52:56.0161 5740 LSI_SAS - ok
21:52:56.0171 5740 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:52:56.0171 5740 LSI_SAS2 - ok
21:52:56.0191 5740 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:52:56.0201 5740 LSI_SCSI - ok
21:52:56.0231 5740 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:52:56.0231 5740 luafv - ok
21:52:56.0301 5740 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:52:56.0301 5740 Mcx2Svc - ok
21:52:56.0331 5740 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:52:56.0331 5740 megasas - ok
21:52:56.0381 5740 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:52:56.0381 5740 MegaSR - ok
21:52:56.0431 5740 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:52:56.0431 5740 MMCSS - ok
21:52:56.0451 5740 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:52:56.0461 5740 Modem - ok
21:52:56.0481 5740 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:52:56.0481 5740 monitor - ok
21:52:56.0521 5740 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:52:56.0531 5740 mouclass - ok
21:52:56.0571 5740 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:52:56.0571 5740 mouhid - ok
21:52:56.0611 5740 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:52:56.0621 5740 mountmgr - ok
21:52:56.0661 5740 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:52:56.0661 5740 mpio - ok
21:52:56.0691 5740 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:52:56.0691 5740 mpsdrv - ok
21:52:56.0741 5740 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:52:56.0831 5740 MpsSvc - ok
21:52:56.0901 5740 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:52:56.0901 5740 MRxDAV - ok
21:52:56.0931 5740 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:52:56.0931 5740 mrxsmb - ok
21:52:57.0011 5740 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:52:57.0021 5740 mrxsmb10 - ok
21:52:57.0041 5740 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:52:57.0041 5740 mrxsmb20 - ok
21:52:57.0071 5740 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:52:57.0081 5740 msahci - ok
21:52:57.0111 5740 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:52:57.0121 5740 msdsm - ok
21:52:57.0201 5740 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:52:57.0201 5740 MSDTC - ok
21:52:57.0251 5740 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:52:57.0261 5740 Msfs - ok
21:52:57.0281 5740 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:52:57.0281 5740 mshidkmdf - ok
21:52:57.0311 5740 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:52:57.0311 5740 msisadrv - ok
21:52:57.0351 5740 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:52:57.0361 5740 MSiSCSI - ok
21:52:57.0371 5740 msiserver - ok
21:52:57.0411 5740 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:52:57.0411 5740 MSKSSRV - ok
21:52:57.0431 5740 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:52:57.0431 5740 MSPCLOCK - ok
21:52:57.0461 5740 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:52:57.0461 5740 MSPQM - ok
21:52:57.0551 5740 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:52:57.0561 5740 MsRPC - ok
21:52:57.0611 5740 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:52:57.0611 5740 mssmbios - ok
21:52:57.0641 5740 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:52:57.0651 5740 MSTEE - ok
21:52:57.0661 5740 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:52:57.0671 5740 MTConfig - ok
21:52:57.0701 5740 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:52:57.0701 5740 Mup - ok
21:52:57.0741 5740 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:52:57.0751 5740 napagent - ok
21:52:57.0801 5740 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:52:57.0811 5740 NativeWifiP - ok
21:52:57.0861 5740 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:52:57.0931 5740 NDIS - ok
21:52:57.0961 5740 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:52:57.0961 5740 NdisCap - ok
21:52:58.0001 5740 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:52:58.0001 5740 NdisTapi - ok
21:52:58.0021 5740 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:52:58.0021 5740 Ndisuio - ok
21:52:58.0101 5740 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:52:58.0111 5740 NdisWan - ok
21:52:58.0131 5740 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:52:58.0131 5740 NDProxy - ok
21:52:58.0181 5740 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
21:52:58.0181 5740 Net Driver HPZ12 - ok
21:52:58.0221 5740 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:52:58.0221 5740 NetBIOS - ok
21:52:58.0311 5740 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:52:58.0311 5740 NetBT - ok
21:52:58.0341 5740 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:52:58.0341 5740 Netlogon - ok
21:52:58.0381 5740 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:52:58.0391 5740 Netman - ok
21:52:58.0461 5740 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:52:58.0481 5740 netprofm - ok
21:52:58.0531 5740 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:52:58.0531 5740 NetTcpPortSharing - ok
21:52:58.0581 5740 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:52:58.0581 5740 nfrd960 - ok
21:52:58.0621 5740 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:52:58.0631 5740 NlaSvc - ok
21:52:58.0651 5740 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:52:58.0651 5740 Npfs - ok
21:52:58.0671 5740 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:52:58.0681 5740 nsi - ok
21:52:58.0691 5740 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:52:58.0691 5740 nsiproxy - ok
21:52:58.0841 5740 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:52:58.0951 5740 Ntfs - ok
21:52:58.0981 5740 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:52:58.0981 5740 Null - ok
21:52:59.0071 5740 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
21:52:59.0081 5740 NVENETFD - ok
21:52:59.0151 5740 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:52:59.0151 5740 nvraid - ok
21:52:59.0181 5740 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:52:59.0181 5740 nvstor - ok
21:52:59.0221 5740 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:52:59.0221 5740 nv_agp - ok
21:52:59.0251 5740 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:52:59.0261 5740 ohci1394 - ok
21:52:59.0301 5740 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:52:59.0301 5740 ose - ok
21:52:59.0534 5740 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:52:59.0663 5740 osppsvc - ok
21:52:59.0713 5740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:52:59.0723 5740 p2pimsvc - ok
21:52:59.0793 5740 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:52:59.0803 5740 p2psvc - ok
21:52:59.0833 5740 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:52:59.0833 5740 Parport - ok
21:52:59.0863 5740 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:52:59.0873 5740 partmgr - ok
21:52:59.0893 5740 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:52:59.0907 5740 PcaSvc - ok
21:52:59.0930 5740 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:52:59.0937 5740 pci - ok
21:52:59.0975 5740 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:52:59.0976 5740 pciide - ok
21:53:00.0015 5740 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:53:00.0015 5740 pcmcia - ok
21:53:00.0035 5740 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:53:00.0045 5740 pcw - ok
21:53:00.0125 5740 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:53:00.0205 5740 PEAUTH - ok
21:53:00.0295 5740 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:53:00.0305 5740 PerfHost - ok
21:53:00.0375 5740 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:53:00.0475 5740 pla - ok
21:53:00.0515 5740 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:53:00.0525 5740 PlugPlay - ok
21:53:00.0555 5740 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
21:53:00.0555 5740 Pml Driver HPZ12 - ok
21:53:00.0585 5740 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:53:00.0585 5740 PNRPAutoReg - ok
21:53:00.0665 5740 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:53:00.0675 5740 PNRPsvc - ok
21:53:00.0725 5740 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
21:53:00.0725 5740 Point64 - ok
21:53:00.0775 5740 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:53:00.0785 5740 PolicyAgent - ok
21:53:00.0815 5740 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:53:00.0830 5740 Power - ok
21:53:00.0857 5740 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:53:00.0857 5740 PptpMiniport - ok
21:53:00.0887 5740 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:53:00.0887 5740 Processor - ok
21:53:00.0927 5740 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:53:00.0937 5740 ProfSvc - ok
21:53:00.0957 5740 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:53:00.0957 5740 ProtectedStorage - ok
21:53:00.0997 5740 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:53:01.0007 5740 Psched - ok
21:53:01.0117 5740 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:53:01.0207 5740 ql2300 - ok
21:53:01.0247 5740 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:53:01.0247 5740 ql40xx - ok
21:53:01.0287 5740 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:53:01.0297 5740 QWAVE - ok
21:53:01.0327 5740 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:53:01.0327 5740 QWAVEdrv - ok
21:53:01.0347 5740 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:53:01.0347 5740 RasAcd - ok
21:53:01.0387 5740 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:53:01.0387 5740 RasAgileVpn - ok
21:53:01.0427 5740 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:53:01.0437 5740 RasAuto - ok
21:53:01.0447 5740 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:01.0457 5740 Rasl2tp - ok
21:53:01.0557 5740 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:53:01.0567 5740 RasMan - ok
21:53:01.0587 5740 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:01.0587 5740 RasPppoe - ok
21:53:01.0617 5740 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:53:01.0617 5740 RasSstp - ok
21:53:01.0707 5740 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:53:01.0717 5740 rdbss - ok
21:53:01.0737 5740 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
21:53:01.0737 5740 rdpbus - ok
21:53:01.0777 5740 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:01.0777 5740 RDPCDD - ok
21:53:01.0817 5740 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:53:01.0817 5740 RDPENCDD - ok
21:53:01.0837 5740 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:53:01.0837 5740 RDPREFMP - ok
21:53:01.0887 5740 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:53:01.0897 5740 RDPWD - ok
21:53:01.0947 5740 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:53:01.0947 5740 rdyboost - ok
21:53:01.0977 5740 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:53:01.0987 5740 RemoteAccess - ok
21:53:02.0007 5740 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:53:02.0017 5740 RemoteRegistry - ok
21:53:02.0057 5740 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:53:02.0057 5740 RpcEptMapper - ok
21:53:02.0097 5740 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:53:02.0107 5740 RpcLocator - ok
21:53:02.0187 5740 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
21:53:02.0197 5740 RpcSs - ok
21:53:02.0237 5740 [ 546D7F426776090B90EF5F195B6AE662 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
21:53:02.0247 5740 RSPCIESTOR - ok
21:53:02.0277 5740 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:53:02.0277 5740 rspndr - ok
21:53:02.0317 5740 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:53:02.0327 5740 RTL8167 - ok
21:53:02.0377 5740 [ 508D997A5E9F400FADE6C85251BF13DF ] RTL8192Ce C:\Windows\system32\DRIVERS\rtl8192Ce.sys
21:53:02.0477 5740 RTL8192Ce - ok
21:53:02.0497 5740 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:53:02.0497 5740 SamSs - ok
21:53:02.0537 5740 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:53:02.0537 5740 sbp2port - ok
21:53:02.0587 5740 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:53:02.0587 5740 SCardSvr - ok
21:53:02.0627 5740 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:53:02.0627 5740 scfilter - ok
21:53:02.0727 5740 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:53:02.0817 5740 Schedule - ok
21:53:02.0857 5740 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:53:02.0857 5740 SCPolicySvc - ok
21:53:02.0887 5740 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:53:02.0887 5740 sdbus - ok
21:53:02.0917 5740 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:53:02.0927 5740 SDRSVC - ok
21:53:02.0997 5740 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:53:03.0007 5740 SeaPort - ok
21:53:03.0027 5740 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:53:03.0027 5740 secdrv - ok
21:53:03.0057 5740 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:53:03.0057 5740 seclogon - ok
21:53:03.0097 5740 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
21:53:03.0107 5740 SENS - ok
21:53:03.0137 5740 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:53:03.0147 5740 SensrSvc - ok
21:53:03.0197 5740 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:53:03.0197 5740 Serenum - ok
21:53:03.0237 5740 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:53:03.0237 5740 Serial - ok
21:53:03.0277 5740 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:53:03.0277 5740 sermouse - ok
21:53:03.0337 5740 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:53:03.0347 5740 SessionEnv - ok
21:53:03.0377 5740 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:53:03.0377 5740 sffdisk - ok
21:53:03.0387 5740 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:53:03.0397 5740 sffp_mmc - ok
21:53:03.0407 5740 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:53:03.0407 5740 sffp_sd - ok
21:53:03.0437 5740 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:53:03.0437 5740 sfloppy - ok
21:53:03.0497 5740 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
21:53:03.0577 5740 Sftfs - ok
21:53:03.0627 5740 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:53:03.0637 5740 sftlist - ok
21:53:03.0707 5740 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:53:03.0707 5740 Sftplay - ok
21:53:03.0727 5740 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:53:03.0727 5740 Sftredir - ok
21:53:03.0767 5740 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
21:53:03.0767 5740 Sftvol - ok
21:53:03.0837 5740 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:53:03.0847 5740 sftvsa - ok
21:53:03.0907 5740 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:53:03.0917 5740 SharedAccess - ok
21:53:03.0957 5740 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:53:03.0957 5740 ShellHWDetection - ok
21:53:04.0007 5740 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:53:04.0007 5740 SiSRaid2 - ok
21:53:04.0037 5740 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:53:04.0037 5740 SiSRaid4 - ok
21:53:04.0077 5740 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:53:04.0077 5740 Smb - ok
21:53:04.0147 5740 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:53:04.0147 5740 SNMPTRAP - ok
21:53:04.0167 5740 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:53:04.0167 5740 spldr - ok
21:53:04.0217 5740 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:53:04.0297 5740 Spooler - ok
21:53:04.0437 5740 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:53:04.0567 5740 sppsvc - ok
21:53:04.0587 5740 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:53:04.0597 5740 sppuinotify - ok
21:53:04.0627 5740 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:53:04.0637 5740 srv - ok
21:53:04.0707 5740 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:53:04.0717 5740 srv2 - ok
21:53:04.0767 5740 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:53:04.0767 5740 SrvHsfHDA - ok
21:53:04.0867 5740 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:53:04.0957 5740 SrvHsfV92 - ok
21:53:05.0037 5740 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:53:05.0117 5740 SrvHsfWinac - ok
21:53:05.0157 5740 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:53:05.0167 5740 srvnet - ok
21:53:05.0197 5740 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:53:05.0197 5740 SSDPSRV - ok
21:53:05.0227 5740 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:53:05.0237 5740 SstpSvc - ok
21:53:05.0287 5740 Steam Client Service - ok
21:53:05.0307 5740 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:53:05.0307 5740 stexstor - ok
21:53:05.0347 5740 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:53:05.0347 5740 StillCam - ok
21:53:05.0397 5740 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:53:05.0477 5740 stisvc - ok
21:53:05.0507 5740 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:53:05.0507 5740 swenum - ok
21:53:05.0547 5740 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:53:05.0557 5740 swprv - ok
21:53:05.0627 5740 [ EC4DCA6539EB97376F1A1743D209D842 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:53:05.0737 5740 SynTP - ok
21:53:05.0907 5740 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:53:06.0007 5740 SysMain - ok
21:53:06.0047 5740 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:53:06.0047 5740 TabletInputService - ok
21:53:06.0127 5740 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:53:06.0137 5740 TapiSrv - ok
21:53:06.0157 5740 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:53:06.0157 5740 TBS - ok
21:53:06.0247 5740 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:53:06.0357 5740 Tcpip - ok
21:53:06.0497 5740 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:53:06.0507 5740 TCPIP6 - ok
21:53:06.0547 5740 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:53:06.0547 5740 tcpipreg - ok
21:53:06.0577 5740 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:53:06.0577 5740 TDPIPE - ok
21:53:06.0607 5740 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:53:06.0607 5740 TDTCP - ok
21:53:06.0637 5740 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:53:06.0637 5740 tdx - ok
21:53:06.0672 5740 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:53:06.0676 5740 TermDD - ok
21:53:06.0729 5740 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:53:06.0809 5740 TermService - ok
21:53:06.0839 5740 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:53:06.0839 5740 Themes - ok
21:53:06.0859 5740 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:53:06.0869 5740 THREADORDER - ok
21:53:06.0919 5740 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:53:06.0929 5740 TrkWks - ok
21:53:06.0979 5740 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:53:06.0979 5740 TrustedInstaller - ok
21:53:07.0019 5740 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:07.0029 5740 tssecsrv - ok
21:53:07.0049 5740 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:53:07.0049 5740 TsUsbFlt - ok
21:53:07.0069 5740 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:53:07.0069 5740 TsUsbGD - ok
21:53:07.0109 5740 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:53:07.0109 5740 tunnel - ok
21:53:07.0139 5740 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:53:07.0139 5740 uagp35 - ok
21:53:07.0169 5740 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:53:07.0179 5740 udfs - ok
21:53:07.0229 5740 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:53:07.0239 5740 UI0Detect - ok
21:53:07.0279 5740 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:53:07.0279 5740 uliagpkx - ok
21:53:07.0309 5740 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:53:07.0309 5740 umbus - ok
21:53:07.0339 5740 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:53:07.0339 5740 UmPass - ok
21:53:07.0379 5740 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:53:07.0389 5740 upnphost - ok
21:53:07.0419 5740 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:53:07.0429 5740 usbccgp - ok
21:53:07.0469 5740 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:53:07.0469 5740 usbcir - ok
21:53:07.0499 5740 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:53:07.0499 5740 usbehci - ok
21:53:07.0529 5740 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
21:53:07.0529 5740 usbfilter - ok
21:53:07.0629 5740 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:53:07.0629 5740 usbhub - ok
21:53:07.0669 5740 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
21:53:07.0679 5740 usbohci - ok
21:53:07.0701 5740 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:53:07.0701 5740 usbprint - ok
21:53:07.0721 5740 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:53:07.0721 5740 USBSTOR - ok
21:53:07.0741 5740 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:53:07.0751 5740 usbuhci - ok
21:53:07.0791 5740 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:53:07.0791 5740 usbvideo - ok
21:53:07.0821 5740 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:53:07.0831 5740 UxSms - ok
21:53:07.0851 5740 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:53:07.0851 5740 VaultSvc - ok
21:53:07.0871 5740 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:53:07.0871 5740 vdrvroot - ok
21:53:07.0971 5740 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:53:08.0041 5740 vds - ok
21:53:08.0081 5740 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:53:08.0081 5740 vga - ok
21:53:08.0121 5740 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:53:08.0121 5740 VgaSave - ok
21:53:08.0151 5740 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:53:08.0161 5740 vhdmp - ok
21:53:08.0181 5740 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:53:08.0181 5740 viaide - ok
21:53:08.0211 5740 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:53:08.0211 5740 volmgr - ok
21:53:08.0291 5740 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:53:08.0301 5740 volmgrx - ok
21:53:08.0381 5740 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:53:08.0381 5740 volsnap - ok
21:53:08.0481 5740 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:53:08.0481 5740 vsmraid - ok
21:53:08.0561 5740 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:53:08.0591 5740 VSS - ok
21:53:08.0649 5740 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:53:08.0653 5740 vwifibus - ok
21:53:08.0703 5740 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:53:08.0713 5740 vwififlt - ok
21:53:08.0785 5740 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:53:08.0795 5740 W32Time - ok
21:53:08.0835 5740 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:53:08.0845 5740 WacomPen - ok
21:53:08.0895 5740 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:53:08.0895 5740 WANARP - ok
21:53:08.0915 5740 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:53:08.0915 5740 Wanarpv6 - ok
21:53:09.0025 5740 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:53:09.0113 5740 WatAdminSvc - ok
21:53:09.0237 5740 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:53:09.0327 5740 wbengine - ok
21:53:09.0389 5740 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:53:09.0399 5740 WbioSrvc - ok
21:53:09.0478 5740 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:53:09.0489 5740 wcncsvc - ok
21:53:09.0501 5740 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:53:09.0531 5740 WcsPlugInService - ok
21:53:09.0582 5740 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:53:09.0583 5740 Wd - ok
21:53:09.0675 5740 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:53:09.0755 5740 Wdf01000 - ok
21:53:09.0785 5740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:53:09.0785 5740 WdiServiceHost - ok
21:53:09.0795 5740 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:53:09.0808 5740 WdiSystemHost - ok
21:53:09.0847 5740 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:53:09.0857 5740 WebClient - ok
21:53:09.0887 5740 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:53:09.0907 5740 Wecsvc - ok
21:53:09.0937 5740 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:53:09.0937 5740 wercplsupport - ok
21:53:09.0987 5740 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:53:09.0997 5740 WerSvc - ok
21:53:10.0047 5740 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:53:10.0057 5740 WfpLwf - ok
21:53:10.0087 5740 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:53:10.0087 5740 WIMMount - ok
21:53:10.0139 5740 WinDefend - ok
21:53:10.0169 5740 WinHttpAutoProxySvc - ok
21:53:10.0251 5740 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:53:10.0251 5740 Winmgmt - ok
21:53:10.0341 5740 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:53:10.0441 5740 WinRM - ok
21:53:10.0508 5740 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:53:10.0510 5740 WinUsb - ok
21:53:10.0553 5740 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:53:10.0643 5740 Wlansvc - ok
21:53:10.0693 5740 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:53:10.0693 5740 wlcrasvc - ok
21:53:10.0875 5740 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:53:10.0987 5740 wlidsvc - ok
21:53:11.0023 5740 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:53:11.0026 5740 WmiAcpi - ok
21:53:11.0059 5740 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:53:11.0059 5740 wmiApSrv - ok
21:53:11.0099 5740 WMPNetworkSvc - ok
21:53:11.0139 5740 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:53:11.0139 5740 WPCSvc - ok
21:53:11.0159 5740 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:53:11.0169 5740 WPDBusEnum - ok
21:53:11.0199 5740 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:53:11.0199 5740 ws2ifsl - ok
21:53:11.0229 5740 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
21:53:11.0229 5740 wscsvc - ok
21:53:11.0239 5740 WSearch - ok
21:53:11.0339 5740 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:53:11.0439 5740 wuauserv - ok
21:53:11.0459 5740 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:53:11.0469 5740 WudfPf - ok
21:53:11.0489 5740 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:53:11.0499 5740 WUDFRd - ok
21:53:11.0529 5740 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:53:11.0539 5740 wudfsvc - ok
21:53:11.0609 5740 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:53:11.0609 5740 WwanSvc - ok
21:53:11.0629 5740 ================ Scan global ===============================
21:53:11.0669 5740 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:53:11.0699 5740 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:53:11.0719 5740 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:53:11.0759 5740 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:53:11.0789 5740 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:53:11.0799 5740 [Global] - ok
21:53:11.0799 5740 ================ Scan MBR ==================================
21:53:11.0819 5740 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:53:12.0149 5740 \Device\Harddisk0\DR0 - ok
21:53:12.0159 5740 ================ Scan VBR ==================================
21:53:12.0159 5740 [ A2C6E7A8FCEDEEFE88867230C8EE334C ] \Device\Harddisk0\DR0\Partition1
21:53:12.0159 5740 \Device\Harddisk0\DR0\Partition1 - ok
21:53:12.0179 5740 [ B8272057A362F92DFA7D1E6884E35F5B ] \Device\Harddisk0\DR0\Partition2
21:53:12.0179 5740 \Device\Harddisk0\DR0\Partition2 - ok
21:53:12.0211 5740 [ FF44890ACCD90AA573F0AAF4C7F92D5A ] \Device\Harddisk0\DR0\Partition3
21:53:12.0221 5740 \Device\Harddisk0\DR0\Partition3 - ok
21:53:12.0231 5740 [ 116227E603617AC048980FA7B852F01E ] \Device\Harddisk0\DR0\Partition4
21:53:12.0241 5740 \Device\Harddisk0\DR0\Partition4 - ok
21:53:12.0241 5740 ============================================================
21:53:12.0241 5740 Scan finished
21:53:12.0241 5740 ============================================================
21:53:12.0301 4632 Detected object count: 0
21:53:12.0301 4632 Actual detected object count: 0

------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-14 21:58:20
-----------------------------
21:58:20.933 OS Version: Windows x64 6.1.7601 Service Pack 1
21:58:20.934 Number of processors: 2 586 0x100
21:58:20.984 ComputerName: CAMERON-HP UserName: Cameron
21:58:22.880 Initialize success
21:58:43.178 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
21:58:43.184 Disk 0 Vendor: TOSHIBA_ GS00 Size: 476940MB BusType: 11
21:58:43.196 Disk 0 MBR read successfully
21:58:43.196 Disk 0 MBR scan
21:58:43.206 Disk 0 Windows 7 default MBR code
21:58:43.216 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:58:43.236 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462003 MB offset 409600
21:58:43.266 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14633 MB offset 946591744
21:58:43.296 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
21:58:43.346 Disk 0 scanning C:\Windows\system32\drivers
21:58:50.190 Service scanning
21:59:17.152 Modules scanning
21:59:17.177 Disk 0 trace - called modules:
21:59:17.245 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
21:59:17.639 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004102060]
21:59:17.656 3 CLASSPNP.SYS[fffff8800191f43f] -> nt!IofCallDriver -> [0xfffffa8003c668f0]
21:59:17.674 5 amd_xata.sys[fffff8800112f900] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa8003c4a060]
21:59:17.694 Scan finished successfully
22:00:22.566 Disk 0 MBR has been saved successfully to "C:\Users\Cameron\Documents\MBR.dat"
22:00:22.579 The log file has been saved successfully to "C:\Users\Cameron\Documents\aswMBR.txt"

#9
gringo_pr

Posted 15 October 2012 - 10:20 PM

Trusted Helper

Malware Removal
7,268 posts

Greetings CameronNC

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

#10
gringo_pr

Posted 18 October 2012 - 10:01 PM

Trusted Helper

Malware Removal
7,268 posts

Hello

48 Hour bump

It has been more than 48 hours since my last post.

do you still need help with this?
do you need more time?
are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

#11
gringo_pr

Posted 21 October 2012 - 11:14 PM

Trusted Helper

Malware Removal
7,268 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.