Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer running slow making sure clean before moving to software supp

Started by 13o13 , Oct 17 2012 11:04 AM

  • This topic is locked This topic is locked

#1
13o13
Posted 17 October 2012 - 11:04 AM

13o13

    Member

  • Member
  • PipPip
  • 15 posts
Good Morning, Evening, or Night (whichever applies to you)

I am having some trouble with a custom build desktop running slow after being away for a week. When I returned, the computer just wasnt running correctly. I left it unplugged while i was away, so I really do not believe there could have been much that happened to it while I was gone. However, not long after booting it up i noticed it was running sluggish, especially when trying to launch apps. I assume this is probably software related, but i also assume software support will request that i verify that there is not malware at play before digging into it. Obviously if there were then this will be a needle in a haystack sort of issue, but if we could generate any basic logs you would normally start off with and see if you notice any signs of malware. If not, I can go to software support with your green light. if so, then we can go ahead and tackle it.

Below is my OTL log. Please let me know if you would like me to pull anything else.

Thank you very much for your time. I do appreciate it greatly. (I will be applying for GeekU as well. I started it a while back and was not able to get very far into it due to heavy time constraints)


OTL logfile created on: 10/17/2012 11:54:08 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SomeCrazyStuff\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 52.84% Memory free
23.98 Gb Paging File | 16.69 Gb Available in Paging File | 69.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 558.81 Gb Total Space | 314.65 Gb Free Space | 56.31% Space Free | Partition Type: NTFS

Computer Name: CRAZYCUSTOMPC | User Name: SomeCrazyStuff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/17 11:53:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SomeCrazyStuff\Downloads\OTL.exe
PRC - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/28 14:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 14:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/03 04:25:08 | 013,910,912 | ---- | M] (Mindjet) -- C:\Program Files (x86)\Mindjet\MindManager 10\MindManager.exe
PRC - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/11/11 19:49:56 | 004,152,536 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/04/11 16:33:08 | 000,300,336 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\wfx32.exe
PRC - [2011/04/11 16:33:08 | 000,185,648 | ---- | M] (Stardock Corporation) -- C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe
PRC - [2011/02/10 19:17:46 | 000,310,784 | ---- | M] () -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
PRC - [2011/01/31 01:37:34 | 000,150,632 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/10/29 12:09:00 | 000,139,264 | ---- | M] (amBX UK Ltd.) -- C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
PRC - [2010/04/29 15:20:10 | 001,109,632 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010/04/27 10:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010/03/25 07:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
PRC - [2009/11/05 21:32:04 | 002,717,024 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2009/10/26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/10/14 15:43:08 | 000,612,864 | -HS- | M] (amBX) -- C:\Program Files (x86)\amBX\System\amBX_Service.exe
PRC - [2009/10/13 14:41:16 | 000,412,160 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
PRC - [2009/06/08 14:34:58 | 000,660,808 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2009/06/03 15:33:14 | 000,308,552 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2009/04/03 18:17:42 | 000,447,816 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
PRC - [2009/02/13 11:08:50 | 002,559,823 | ---- | M] (amBX) -- C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
PRC - [2008/11/26 04:54:02 | 000,237,568 | ---- | M] (Diebold) -- C:\Program Files (x86)\Diebold\Agilis Power\Logger\LogWriter.exe
PRC - [2008/09/30 11:47:30 | 000,047,616 | ---- | M] (amBX) -- C:\Program Files\amBX\Effects\amBX Event Manager.exe
PRC - [2008/07/24 11:24:24 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008/03/28 16:07:24 | 000,680,216 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe
PRC - [2007/05/10 16:37:44 | 000,644,808 | ---- | M] (Stardock.net) -- C:\Program Files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Keys.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/14 23:11:11 | 000,053,248 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Temp\1022wrd.~lk\4893fspext.dll
MOD - [2012/08/29 21:58:45 | 000,442,392 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 21:58:44 | 012,237,336 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 21:58:42 | 003,997,720 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 21:57:27 | 000,526,872 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 21:57:26 | 000,104,984 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 21:57:15 | 000,144,424 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 21:57:13 | 000,266,792 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 21:57:12 | 002,480,680 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2012/08/08 04:10:16 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/08/08 04:08:21 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012/08/08 04:08:20 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/08/08 04:08:20 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/08/08 04:08:18 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/08/08 04:08:18 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/08/08 04:06:47 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012/08/08 04:06:27 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Extensibility\62d4310bee2e4d068d3e46233d4a5bbe\Extensibility.ni.dll
MOD - [2012/08/08 04:06:20 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/08/08 04:06:12 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/08/08 04:06:11 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/08/08 04:06:06 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/08/08 04:06:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/08/08 04:05:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/08/08 04:05:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/08/08 04:05:52 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/08/08 04:05:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/08/08 04:05:49 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/07/12 15:45:25 | 000,460,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Mindjet.MindManager.Interop\10.2.209.0__19247b5ea06b230f\Mindjet.MindManager.Interop.dll
MOD - [2012/07/03 04:25:42 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\AxInterop.GlgoleLib.dll
MOD - [2012/07/03 04:25:40 | 000,276,344 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\libtidyU.dll
MOD - [2012/07/03 04:25:30 | 000,553,864 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\MmWildcatBridge.dll
MOD - [2012/07/03 04:25:12 | 000,035,736 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.UsageLog.Client.dll
MOD - [2012/07/03 04:25:12 | 000,023,448 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.UsageLog.Common.dll
MOD - [2012/07/03 04:25:08 | 000,018,848 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.CheckUpdate.Client.dll
MOD - [2012/07/03 04:24:56 | 000,345,976 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\csExWB.dll
MOD - [2012/07/03 04:24:48 | 000,013,200 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\Mm8Browser.Logger.dll
MOD - [2012/07/03 04:24:28 | 001,595,248 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\glg.ocx
MOD - [2012/07/03 04:24:24 | 000,151,408 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\zlib.dll
MOD - [2012/07/03 04:23:58 | 000,051,104 | ---- | M] () -- C:\Program Files (x86)\Mindjet\MindManager 10\AxInterop.OfficeViewerMME.dll
MOD - [2011/11/11 19:49:56 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock Plus\DockShellHook.dll
MOD - [2011/11/11 19:49:56 | 000,497,368 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock Plus\StardockTray.dll
MOD - [2011/08/11 16:12:25 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock Plus\zlib.dll
MOD - [2011/08/11 16:12:24 | 000,807,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock Plus\CrashRpt.dll
MOD - [2011/05/24 12:50:05 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/31 01:37:34 | 000,150,632 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 20:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/11/04 18:57:12 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSSHooks.dll
MOD - [2010/11/04 13:15:16 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTMUI.dll
MOD - [2010/11/04 13:15:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTUI.dll
MOD - [2010/11/04 13:15:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTFC.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/07/27 15:37:16 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTTSH.dll
MOD - [2010/06/07 16:59:46 | 000,057,904 | ---- | M] () -- C:\Windows\SysWOW64\wbload.dll
MOD - [2010/02/08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010/01/22 10:30:00 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/01/22 10:29:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/01/22 10:29:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009/03/12 20:18:48 | 000,602,624 | ---- | M] () -- C:\Program Files (x86)\Everything\Everything.exe
MOD - [2008/12/10 20:04:54 | 000,253,952 | ---- | M] () -- C:\Program Files\ASUS\TurboV EVO\pngio.dll
MOD - [2008/03/30 13:32:28 | 000,422,168 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\DirectGUI.dll
MOD - [2008/03/30 13:32:28 | 000,211,736 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\IconX.dll
MOD - [2008/03/30 13:32:28 | 000,049,600 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\dx0.dll
MOD - [2008/03/28 16:07:24 | 000,680,216 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe
MOD - [2007/05/08 18:51:00 | 000,075,464 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Actions\iTunesController.dll
MOD - [2007/05/08 11:59:18 | 000,263,936 | ---- | M] () -- C:\Program Files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Actions\WMPController.dll
MOD - [2006/11/14 05:01:00 | 000,436,992 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\FPXLIB.DLL
MOD - [2006/11/14 05:01:00 | 000,252,672 | ---- | M] () -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\kgl.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/11 11:56:48 | 000,603,664 | ---- | M] (Soluto) [Auto | Running] -- C:\Program Files\Soluto\SolutoService.exe -- (SolutoService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/13 21:01:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/13 17:16:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/05 20:07:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/28 14:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/12 01:57:48 | 000,076,888 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/11 20:57:46 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/11 20:57:38 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/02/06 16:25:08 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/16 14:10:50 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2011/04/11 16:33:08 | 000,185,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe -- (WindowFX)
SRV - [2011/02/10 19:17:46 | 000,310,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe -- (amBX Saitek HAL Service)
SRV - [2011/01/19 00:40:00 | 004,225,592 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/25 07:45:38 | 000,031,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/28 08:33:02 | 000,096,896 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/10/26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/10/21 10:40:44 | 000,193,904 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2009/10/14 15:43:08 | 000,612,864 | -HS- | M] (amBX) [Auto | Running] -- C:\Program Files (x86)\amBX\System\amBX_Service.exe -- (amBX Service)
SRV - [2009/07/13 01:08:04 | 000,024,168 | ---- | M] (The Within Network, LLC) [On_Demand | Stopped] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 17:13:28 | 000,337,144 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)
SRV - [2008/11/26 04:54:02 | 000,237,568 | ---- | M] (Diebold) [Auto | Running] -- C:\Program Files (x86)\Diebold\Agilis Power\Logger\LogWriter.exe -- (LogWriter)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/03 17:05:46 | 000,052,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2012/10/03 17:05:46 | 000,024,680 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2012/09/20 14:24:02 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CD0.sys -- (SaiK0CD0)
DRV:64bit: - [2012/09/20 14:24:02 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CD0.sys -- (SaiU0CD0)
DRV:64bit: - [2012/09/11 11:51:28 | 000,054,728 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Soluto.sys -- (Soluto)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/11 20:57:39 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/05/11 09:30:08 | 000,025,920 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Said505F.sys -- (Said505F)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/12 11:18:20 | 000,024,576 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FlyUsb.sys -- (FlyUsb)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 14:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 14:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/07/25 18:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 15:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/18 15:18:50 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2011/05/18 15:18:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/05/18 15:18:50 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/05/17 22:36:02 | 000,289,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2011/04/20 15:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/10 11:07:29 | 000,176,136 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0DC5.sys -- (SaiK0DC5)
DRV:64bit: - [2011/03/04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011/03/02 18:59:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/08/10 03:38:42 | 000,174,600 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK0CFA.sys -- (SaiK0CFA)
DRV:64bit: - [2010/08/10 03:38:42 | 000,041,352 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiU0CFA.sys -- (SaiU0CFA)
DRV:64bit: - [2010/04/27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/17 03:14:02 | 000,302,632 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/02/24 23:42:38 | 000,077,832 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2010/02/24 23:42:38 | 000,029,704 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/02 13:55:18 | 000,034,472 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2009/11/02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/10/07 14:48:28 | 000,024,560 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLBStor.sys -- (CLBStor)
DRV:64bit: - [2009/10/07 14:48:26 | 000,376,304 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\CLBUDF.sys -- (CLBUDF)
DRV:64bit: - [2009/09/24 17:55:00 | 000,212,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2009/09/14 14:30:26 | 000,058,744 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2009/08/05 12:56:04 | 000,063,856 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2009/07/28 20:02:10 | 000,081,768 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2009/07/24 11:33:14 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 01:09:20 | 000,030,568 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\uxpatch.sys -- (uxpatch)
DRV:64bit: - [2009/06/19 10:00:26 | 000,094,336 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2009/06/19 09:59:32 | 000,050,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2009/06/17 12:01:04 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/04/08 14:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2007/10/28 12:22:00 | 000,340,480 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MRVW24C.sys -- (MRV6X64U)
DRV - [2011/09/16 14:10:50 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2010/01/19 16:10:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2011/05/15 13:05:34] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 00:34:48 | 000,011,832 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
DRV - [2004/12/31 10:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 1C 6E 05 FB C3 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{2845C1FB-6244-4f6b-8990-44EAD0DC630B}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: [email protected]:12.0.0.477
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33
FF - prefs.js..extensions.enabledAddons: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:5.4


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\SomeCrazyStuff\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SomeCrazyStuff\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SomeCrazyStuff\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 06:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 06:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] [2012/09/03 06:50:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/24 00:41:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 21:27:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2012/07/29 17:56:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/29 17:56:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/24 00:41:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/13 21:27:22 | 000,000,000 | ---D | M]

[2011/09/28 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Extensions
[2011/09/28 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2012/10/05 20:11:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions
[2012/10/05 20:11:58 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/08/02 01:46:17 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}
[2011/11/12 19:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Sunbird\Profiles\hv4njl7y.default\extensions
[2012/09/04 22:56:16 | 000,240,755 | ---- | M] () (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions\[email protected]
[2011/05/22 01:00:28 | 000,043,131 | ---- | M] () (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi
[2012/09/12 20:31:57 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2011/05/22 01:00:28 | 000,105,386 | ---- | M] () (No name found) -- C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.xpi
[2012/09/24 00:41:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/24 00:41:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/09/24 00:41:46 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/24 00:41:46 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]_bak
[2012/09/03 06:50:01 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/09/03 06:50:01 | 000,000,000 | ---D | M] (Kaspersky Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2012\FFEXT\[email protected]
[2012/09/24 00:41:47 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:08:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/29 02:08:23 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\SomeCrazyStuff\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Angry Birds = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: MindMeister = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdehgigffdnkjpaindemkaniebfaepjm\2.1.1_0\
CHR - Extension: YouTube = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Aviary Music Creator = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fafdknjemckbfdklihiolhgkibiedige\0.0.0.6_0\
CHR - Extension: Click to go to a random deviation! = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkjdofbbpmmgmjhbpgjonmbggbcmljdo\1.0_0\
CHR - Extension: Evernote Snipping Tool = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmhpjbejpnnaffkpmebeagdiidibjfa\1.3.7.7_0\
CHR - Extension: Virtual Keyboard = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: SparkChess = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\khgabmflimjjbclkmljlpmgaleanedem\6.0.0_0\
CHR - Extension: Cubender = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkclldejpglgoajfplpaigbbfjhgpcao\2.2_0\
CHR - Extension: TouristEye Planner = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpjpejalhlnocbhggpnokneghfenoneg\9_0\
CHR - Extension: Evernote Web = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: InvisibleHand = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.8.16_0\
CHR - Extension: Picky Wallpapers = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\odklcfojpedohplkimfdpcamkjnhanaj\1.0.0_0\
CHR - Extension: Mini Ninjas = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\oijfbknbncemokdnlboeabbcfhobechi\1.0.0.15_0\
CHR - Extension: klekr = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\opljjfbgbkjjjgdhbocfakafilegppbl\1.0.0_0\
CHR - Extension: Edgeworld = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfmpdiaehhnljpdomnggcbfofdgkmbp\1.0.1.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.7_0\
CHR - Extension: Gmail = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [amBX Daemon] C:\Program Files\amBX\Control Panel\amBXDaemon.exe (Koninklijke Philips N.V.)
O4:64bit: - HKLM..\Run: [amBX System Tray Application] C:\Program Files\amBX\Gaming FXGen\x64\amBXFxGen.exe (amBX UK Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Everything] C:\Program Files (x86)\Everything\Everything.exe ()
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [DesktopX] C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe ()
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock Keyboard Launchpad.lnk = C:\Program Files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Keys.exe (Stardock.net)
O4 - Startup: C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Send Image To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Link To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Page To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Send Text To MindManager - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://remote.taste...t.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{100FC43F-32A5-4A1A-93D6-7E60C9472227}: DhcpNameServer = 1.2.3.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{100FC43F-32A5-4A1A-93D6-7E60C9472227}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1465B92E-62DB-4B78-B86E-7B2F169EB8E9}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47BC16BD-EB5C-4315-9851-7FC2FFE54173}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A8800DB-55E0-42A5-8542-EADB213235E4}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A352A627-DF82-438D-9A28-F356F55A7489}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C13A6CD4-178E-4B5B-A40B-EC6B437F7FA7}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF0CD13B-6463-47AD-93E0-8E342C256F74}: NameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF6BFFE3-D3DB-44C3-B51C-EA1585B4FD32}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\fast64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{987b691b-9252-11e0-8449-f46d04005102}\Shell - "" = AutoRun
O33 - MountPoints2\{987b691b-9252-11e0-8449-f46d04005102}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/14 23:14:00 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Desktop\$RNG1UQ3
[2012/10/14 23:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/10/14 11:55:03 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Desktop\Process Explorer
[2012/10/14 10:54:28 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/14 10:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012/10/14 10:54:27 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Notepad++
[2012/10/14 10:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012/10/13 22:41:02 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diebold
[2012/10/13 22:40:02 | 000,000,000 | ---D | C] -- C:\Agilis
[2012/10/13 22:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mayfair Software
[2012/10/13 22:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Diebold
[2012/10/13 22:39:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diebold
[2012/10/13 22:39:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diebold
[2012/10/13 22:38:08 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Desktop\agilis logger
[2012/10/13 21:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\amBX
[2012/10/13 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\amBX
[2012/10/13 17:47:13 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Desktop\MMO_Profiles_v1_4
[2012/10/05 17:58:04 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Desktop\mmo7 profiles
[2012/10/05 17:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mad Catz
[2012/10/05 17:50:53 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\M.M.O.7 Update
[2012/10/05 14:36:12 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Local\SmartTechnology
[2012/10/05 14:35:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SmartTechnology Profiles
[2012/10/05 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartTechnology
[2012/10/05 14:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
[2012/10/05 14:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTechnology
[2012/10/05 14:28:41 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\amBX_Events
[2012/10/05 14:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\amBX_Events
[2012/10/05 14:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\media center programs
[2012/10/05 14:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funcom
[2012/10/05 14:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\amBX
[2012/10/05 14:24:30 | 000,176,136 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0DC5.sys
[2012/10/03 17:05:46 | 000,052,200 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiBus.sys
[2012/10/03 17:05:46 | 000,024,680 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiMini.sys
[2012/09/30 15:36:54 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/09/28 19:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/09/28 19:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/09/28 19:00:02 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Desktop\$RQQJMRD
[2012/09/24 00:41:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/23 16:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/09/20 14:24:02 | 000,180,544 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0CD0.sys
[2012/09/20 14:24:02 | 000,047,168 | ---- | C] (Saitek) -- C:\Windows\SysNative\drivers\SaiU0CD0.sys
[2012/09/17 20:37:33 | 000,000,000 | ---D | C] -- C:\Users\SomeCrazyStuff\Documents\C9
[2012/07/25 19:57:23 | 000,451,952 | ---- | C] (Bitsum Technologies) -- C:\Users\SomeCrazyStuff\AppData\Roaming\ProcessLassopl_rsrc_temp.dll
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/17 11:50:48 | 000,017,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 11:50:48 | 000,017,952 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 07:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/14 11:58:06 | 000,800,156 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/14 11:58:06 | 000,726,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/14 11:58:06 | 000,146,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/13 22:39:06 | 000,873,576 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/13 21:49:21 | 000,001,108 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2012/10/13 21:26:13 | 000,001,804 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
[2012/10/13 21:19:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/13 21:15:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/13 21:03:27 | 000,001,101 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2012/10/13 21:03:27 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2012/10/13 17:16:26 | 000,002,110 | ---- | M] () -- C:\Users\SomeCrazyStuff\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/10/10 21:22:44 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012/10/05 17:51:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Said505F_01009.Wdf
[2012/10/05 17:50:53 | 000,003,105 | ---- | M] () -- C:\Users\SomeCrazyStuff\Desktop\MMO7 Update Tool.lnk
[2012/10/05 17:49:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0CD0_01009.Wdf
[2012/10/05 14:24:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2012/10/04 11:34:32 | 000,001,292 | ---- | M] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/10/03 17:05:46 | 000,052,200 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiBus.sys
[2012/10/03 17:05:46 | 000,024,680 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiMini.sys
[2012/09/30 15:36:54 | 000,000,318 | ---- | M] () -- C:\Users\SomeCrazyStuff\Desktop\Curse Client.appref-ms
[2012/09/30 12:28:53 | 000,451,952 | ---- | M] (Bitsum Technologies) -- C:\Users\SomeCrazyStuff\AppData\Roaming\ProcessLassopl_rsrc_temp.dll
[2012/09/28 19:00:04 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/09/25 22:25:15 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-543706644-1416270174-1080986977-1000UA.job
[2012/09/25 22:25:15 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 22:25:15 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 22:25:15 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-543706644-1416270174-1080986977-1000Core.job
[2012/09/20 14:24:02 | 000,180,544 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiK0CD0.sys
[2012/09/20 14:24:02 | 000,047,168 | ---- | M] (Saitek) -- C:\Windows\SysNative\drivers\SaiU0CD0.sys
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/13 21:26:13 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Effects.lnk
[2012/10/13 21:25:58 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\amBX Illuminate.lnk
[2012/10/05 17:51:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Said505F_01009.Wdf
[2012/10/05 17:50:53 | 000,003,105 | ---- | C] () -- C:\Users\SomeCrazyStuff\Desktop\MMO7 Update Tool.lnk
[2012/10/05 17:49:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0CD0_01009.Wdf
[2012/10/05 14:24:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SaiK0DC5_01009.Wdf
[2012/09/30 15:36:54 | 000,000,318 | ---- | C] () -- C:\Users\SomeCrazyStuff\Desktop\Curse Client.appref-ms
[2012/09/28 19:00:02 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/08/12 01:55:41 | 000,283,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/12 01:55:39 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/12 01:55:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/01 04:54:11 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/13 09:33:18 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/02/29 23:47:52 | 004,076,546 | ---- | C] () -- C:\Users\SomeCrazyStuff\HouseHuntingNotebook.onepkg
[2012/02/11 22:09:36 | 000,003,584 | ---- | C] () -- C:\Users\SomeCrazyStuff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 14:17:53 | 000,000,498 | ---- | C] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\DELTAUserMetrics.osl
[2012/01/11 14:09:46 | 000,000,498 | ---- | C] () -- C:\Users\SomeCrazyStuff\AppData\Roaming\XP500UserMetrics.osl
[2011/12/24 10:54:05 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/24 00:03:22 | 000,006,374 | -HS- | C] () -- C:\Users\SomeCrazyStuff\AppData\Local\458ffeq4p6hr700641u
[2011/12/24 00:03:22 | 000,006,374 | -HS- | C] () -- C:\ProgramData\458ffeq4p6hr700641u
[2011/12/17 13:23:47 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/20 14:19:05 | 000,800,156 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/18 11:41:49 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/06/05 13:39:13 | 000,000,089 | ---- | C] () -- C:\Windows\PhEdit.INI
[2011/06/05 12:09:43 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/06/05 12:09:43 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/06/05 12:09:43 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/06/05 12:09:43 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/06/05 12:09:43 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/06/05 12:09:43 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/06/05 12:09:43 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/06/05 12:09:43 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/06/05 12:09:43 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/06/05 12:09:43 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/06/05 12:09:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/06/05 12:09:43 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/06/05 12:09:43 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/06/05 12:09:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/06/05 12:09:43 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/06/05 12:09:43 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/06/05 12:09:43 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/06/05 12:09:43 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/06/05 12:09:43 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/05/25 17:14:12 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/05/24 12:45:07 | 000,005,024 | ---- | C] () -- C:\Windows\SysWow64\FilterData.dat
[2011/05/18 00:06:30 | 000,007,612 | ---- | C] () -- C:\Users\SomeCrazyStuff\AppData\Local\Resmon.ResmonCfg
[2011/05/15 13:38:39 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011/05/15 13:38:39 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/05/15 13:38:34 | 000,011,832 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/05/15 13:38:34 | 000,010,216 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/05/15 13:16:45 | 000,036,843 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/05/15 13:14:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/05/15 13:14:08 | 000,026,309 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/05 14:28:41 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\amBX_Events
[2012/09/23 12:24:58 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012/08/08 01:54:09 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Empty Clip Studios
[2012/04/29 21:08:23 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\GetRightToGo
[2012/03/04 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\LolClient
[2012/10/14 11:49:11 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Notepad++
[2011/05/24 12:50:23 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\OpenOffice.org
[2012/10/13 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\ProcessLasso
[2012/05/19 13:26:50 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Rainmeter
[2011/12/21 08:10:14 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Red Kawa
[2012/02/11 22:09:23 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Research In Motion
[2012/08/28 17:50:28 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\SoftGrid Client
[2011/05/25 17:34:27 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Soluto
[2012/08/13 01:42:51 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Spore
[2011/12/17 13:38:14 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Stardock
[2012/10/14 23:14:20 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\TeraCopy
[2011/09/28 15:27:12 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\Thunderbird
[2011/06/20 14:20:30 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\TP
[2011/06/04 02:19:52 | 000,000,000 | ---D | M] -- C:\Users\SomeCrazyStuff\AppData\Roaming\XBMC

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 17 October 2012 - 09:42 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I will go thru and give it a good checkup so we can be sure it is not malware.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
13o13
Posted 17 October 2012 - 11:19 PM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Mozilla Thunderbird (16.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbam.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Kaspersky Lab Kaspersky Internet Security 2012 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

# AdwCleaner v2.005 - Logfile created 10/18/2012 at 00:10:26
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : SomeCrazyStuff - CRAZYCUSTOMPC
# Boot Mode : Normal
# Running from : C:\Users\SomeCrazyStuff\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\prefs.js

Found : user_pref("extensions.ntk.recentClosedPers", "hxxps://securebank.regions.com/balances/AccountSummary[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1379 octets] - [18/10/2012 00:10:26]

########## EOF - C:\AdwCleaner[R1].txt - [1439 octets] ##########

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SomeCrazyStuff [Admin rights]
Mode : Remove -- Date : 10/18/2012 00:13:48

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{DF0CD13B-6463-47AD-93E0-8E342C256F74} : NameServer (10.0.0.1) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{DF0CD13B-6463-47AD-93E0-8E342C256F74} : NameServer (10.0.0.1) -> NOT REMOVED, USE DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6000HLHX-01JJPV0 ATA Device +++++
--- User ---
[MBR] c3d130555be82d9e1dd514c18a116051
[BSP] b02b9e6abc5d772ba360ea8c0aba8bbb : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 572223 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#4
gringo_pr
Posted 18 October 2012 - 12:00 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
13o13
Posted 18 October 2012 - 10:59 AM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
after running Combofix I had to do another reboot. Seemed as though Combofix suppressed windows explorer as i never saw explorer load. I could open start menu by hitting windows key on keyboard but trying to run any programs resulted in an error mesage (sorry, I didnt write the message down). After a reboot, all is well. still taking a long time to open programs though, for example, I wanted to open my cound properties to connect a set of speakers and set them as primary device, its been 15 minutes and the sound properties windows has still not opened. I noticed before i started this thread that when i tried to open malwarebytes i had to click on it and come back to do the scan later on because it was taking so long to launch. however, it is not all programs doing this. I can launch google chrome with no difficulties what so ever. firefox takes forever though. so i suppose it is hit ans miss on which programs are opening correctly.

combofix log below.


ComboFix 12-10-18.03 - SomeCrazyStuff 10/18/2012 11:25:35.1.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.6589 [GMT -5:00]
Running from: c:\users\SomeCrazyStuff\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\458ffeq4p6hr700641u
c:\users\SOMECR~1\AppData\Local\Temp\1022wrd.~lk\1354fspext.dll
c:\users\SOMECR~1\AppData\Local\Temp\1022wrd.~lk\4893fspext.dll
c:\users\SomeCrazyStuff\AppData\Local\assembly\tmp
c:\users\SomeCrazyStuff\AppData\Local\Temp\1022wrd.~lk\1354fspext.dll
c:\users\SomeCrazyStuff\AppData\Local\Temp\1022wrd.~lk\4893fspext.dll
c:\users\SomeCrazyStuff\AppData\Roaming\ProcessLassopl_rsrc_temp.dll
c:\windows\SysWow64\msstdfmt.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NVSvc
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 12:30 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E0FFBA1-7D3A-41EB-A983-CA5862AF7202}\mpengine.dll
2012-10-14 16:58 . 2011-09-22 22:18 89960 ----a-w- c:\windows\SysWow64\SQSRVRES.DLL
2012-10-14 16:58 . 2011-09-22 22:18 73064 ----a-w- c:\windows\SysWow64\perf-MSSQL$MSSMLBIZ-sqlctr10.3.5500.0.dll
2012-10-14 16:54 . 2012-10-14 16:54 -------- d-----w- c:\users\UpdatusUser
2012-10-14 16:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-10-14 16:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-10-14 15:54 . 2012-10-14 16:49 -------- d-----w- c:\users\SomeCrazyStuff\AppData\Roaming\Notepad++
2012-10-14 15:54 . 2012-10-14 15:54 -------- d-----w- c:\program files (x86)\Notepad++
2012-10-14 03:41 . 2012-10-14 03:41 40960 ----a-r- c:\users\SomeCrazyStuff\AppData\Roaming\Microsoft\Installer\{EEE26161-C34F-4A62-902C-7C2FF159505F}\NewShortcut1.exe
2012-10-14 03:40 . 2012-10-14 03:40 -------- d-----w- C:\Agilis
2012-10-14 03:39 . 2012-10-14 03:39 -------- d-----w- c:\programdata\Diebold
2012-10-14 03:39 . 2012-10-14 03:39 -------- d-----w- c:\program files (x86)\Mayfair Software
2012-10-14 03:39 . 2012-10-14 03:39 -------- d-----w- c:\program files (x86)\Diebold
2012-10-14 02:25 . 2012-10-14 02:26 -------- d-----w- c:\program files\amBX
2012-10-13 21:37 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-13 21:37 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-13 21:37 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-13 21:37 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-13 21:37 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-13 21:37 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-11 02:23 . 2012-10-11 02:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 02:23 . 2012-10-11 02:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 02:23 . 2012-10-11 02:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 02:23 . 2012-10-11 02:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 02:23 . 2012-10-11 02:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 02:23 . 2012-10-11 02:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 02:23 . 2012-10-11 02:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 02:22 . 2012-10-11 02:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 02:22 . 2012-10-11 02:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 02:22 . 2012-10-11 02:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 02:22 . 2012-10-11 02:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 02:22 . 2012-10-11 02:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 02:22 . 2012-10-11 02:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-06 14:30 . 2012-10-06 14:30 -------- d-----w- c:\windows\A07B0B7BDE2C42A194889B8A4DC95BB3.TMP
2012-10-06 14:30 . 2012-10-06 14:30 -------- d-----w- c:\windows\F9D59E62845F49A28B75DDB00661673C.TMP
2012-10-05 22:50 . 2012-10-05 22:50 -------- d-----w- c:\program files (x86)\Mad Catz
2012-10-05 19:36 . 2012-10-05 19:36 -------- d-----w- c:\users\SomeCrazyStuff\AppData\Local\SmartTechnology
2012-10-05 19:35 . 2012-10-05 19:35 -------- d-----w- c:\programdata\SmartTechnology
2012-10-05 19:35 . 2012-10-05 19:35 -------- d-----w- c:\program files\SmartTechnology
2012-10-05 19:28 . 2012-10-14 02:26 -------- d-----w- c:\programdata\amBX_Events
2012-10-05 19:28 . 2012-10-05 19:28 -------- d-----w- c:\users\SomeCrazyStuff\AppData\Roaming\amBX_Events
2012-10-05 19:27 . 2012-10-05 19:27 -------- d-----w- c:\programdata\media center programs
2012-10-05 19:27 . 2012-10-05 19:27 -------- d-----w- c:\program files (x86)\Funcom
2012-10-05 19:25 . 2012-10-14 02:49 -------- d-----w- c:\program files (x86)\amBX
2012-10-05 19:24 . 2011-03-10 16:07 176136 ----a-w- c:\windows\system32\drivers\SaiK0DC5.sys
2012-10-03 22:05 . 2012-10-03 22:05 52200 ----a-w- c:\windows\system32\drivers\SaiBus.sys
2012-10-03 22:05 . 2012-10-03 22:05 24680 ----a-w- c:\windows\system32\drivers\SaiMini.sys
2012-10-02 18:15 . 2012-10-02 18:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-29 00:00 . 2012-10-14 15:31 -------- d-----w- c:\program files (x86)\World of Warcraft
2012-09-25 21:21 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 08:03 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-23 08:03 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-23 08:03 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-23 08:03 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-23 08:03 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-23 08:03 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-09-23 08:03 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-09-23 08:03 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-20 19:24 . 2012-09-20 19:24 47168 ----a-w- c:\windows\system32\drivers\SaiU0CD0.sys
2012-09-20 19:24 . 2012-09-20 19:24 180544 ----a-w- c:\windows\system32\drivers\SaiK0CD0.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-14 08:02 . 2011-05-18 23:40 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-14 02:01 . 2012-04-04 08:22 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-14 02:01 . 2011-05-18 20:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 02:23 . 2011-05-18 04:44 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 02:23 . 2011-05-18 04:43 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 02:23 . 2011-05-18 04:44 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 02:22 . 2012-02-10 03:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 02:22 . 2011-05-18 04:44 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-02 19:51 . 2011-03-04 11:05 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-04 11:05 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-04 11:05 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-04 11:05 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-04 11:05 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-04 11:05 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-09-11 16:51 . 2011-05-25 22:12 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-08-22 18:12 . 2012-09-13 01:25 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-13 01:25 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-13 01:25 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-13 01:25 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 18:01 . 2012-09-17 07:25 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 18:01 . 2011-05-22 07:28 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2011-05-22 07:28 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-13 21:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-12 07:38 . 2012-08-12 06:57 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-12 07:38 . 2012-08-12 06:55 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-12 06:57 . 2012-08-12 06:55 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-12 06:57 . 2012-08-12 06:55 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-12 03:11 . 2012-08-12 06:55 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-08-02 17:58 . 2012-09-13 01:25 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-13 01:25 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-08-22 5352288]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"DesktopX"="c:\program files (x86)\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" [2008-03-28 680216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\users\SomeCrazyStuff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-2-9 0]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stardock Keyboard Launchpad.lnk - c:\program files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Keys.exe [2011-6-6 644808]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe [2011-11-11 4152536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
amBX Effects.lnk - c:\program files\amBX\Effects\amBX Event Manager.exe [2012-10-13 47616]
amBX Illuminate.lnk - c:\program files (x86)\amBX\Illuminate\Illuminate.exe [2009-2-13 2559823]
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-11-5 2717024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 250808]
R3 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2011-11-12 24576]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 116648]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 116648]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-05-18 16008]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-03-02 174184]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCG_NT;PCG_NT;c:\users\SomeCrazyStuff\Desktop\Blue Disk\PCG_2K.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 Said505F;Said505F;c:\windows\system32\DRIVERS\Said505F.sys [2012-05-11 25920]
R3 SaiK0CFA;SaiK0CFA;c:\windows\system32\DRIVERS\SaiK0CFA.sys [2010-08-10 174600]
R3 SaiU0CFA;SaiU0CFA;c:\windows\system32\DRIVERS\SaiU0CFA.sys [2010-08-10 41352]
R3 silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2010-02-25 29704]
R3 silabser;GE Supra DisplayKey USB Cradle Driver;c:\windows\system32\DRIVERS\silabser.sys [2010-02-25 77832]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [2009-07-13 24168]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-18 1255736]
R4 LogWriter;Diebold Agilis LogWriter;c:\program files (x86)\Diebold\Agilis Power\Logger\LogWriter.exe [2008-11-26 237568]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-03-17 302632]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-09-11 54728]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\DRIVERS\CLBStor.sys [2009-10-07 24560]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 amBX Saitek HAL Service;amBX Saitek HAL Service;c:\program files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe [2011-02-11 310784]
S2 amBX Service;amBX Service;c:\program files (x86)\amBX\System\amBX_Service.exe [2009-10-14 612864]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [2009-12-28 96896]
S2 CLBUDF;CyberLink InstantBurn UDF Filesystem; [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-11 1258856]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-09-11 603664]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [2009-07-13 30568]
S2 WindowFX;Stardock WindowFX;c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe [2011-04-11 185648]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2011-05-18 289496]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-05-18 22408]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2011-05-18 30728]
S3 MRV6X64U;Marvell TOPDOG 802.11n WLAN Driver for Vista x64 (USB8x);c:\windows\system32\DRIVERS\MRVW24C.sys [2007-10-28 340480]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 SaiK0CD0;SaiK0CD0;c:\windows\system32\DRIVERS\SaiK0CD0.sys [2012-09-20 180544]
S3 SaiK0DC5;SaiK0DC5;c:\windows\system32\DRIVERS\SaiK0DC5.sys [2011-03-10 176136]
S3 SaiU0CD0;SaiU0CD0;c:\windows\system32\DRIVERS\SaiU0CD0.sys [2012-09-20 47168]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 16:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]
2012-07-03 09:22 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 02:01]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 05:53]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-20 05:53]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-543706644-1416270174-1080986977-1000Core.job
- c:\users\SomeCrazyStuff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 08:15]
.
2012-09-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-543706644-1416270174-1080986977-1000UA.job
- c:\users\SomeCrazyStuff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-03 08:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-05-20 110360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-18 10038304]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-10-03 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-10-03 158208]
"amBX System Tray Application"="c:\program files\amBX\Gaming FXGen\x64\amBXFxGen.exe" [2010-10-29 143360]
"amBX Daemon"="c:\program files\amBX\Control Panel\amBXDaemon.exe" [2011-02-11 229376]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences Pro\FencesMenu64.dll" [2011-06-08 464744]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE:
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send Image To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
IE: Send Link To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
IE: Send Page To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
IE: Send Text To MindManager - c:\program files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{100FC43F-32A5-4A1A-93D6-7E60C9472227}: NameServer = 4.2.2.5,4.2.2.6
TCP: Interfaces\{100FC43F-32A5-4A1A-93D6-7E60C9472227}\84453402E6564777F627B6: NameServer = 4.2.2.5,4.2.2.6
TCP: Interfaces\{DF0CD13B-6463-47AD-93E0-8E342C256F74}: NameServer = 10.0.0.1
FF - ProfilePath - c:\users\SomeCrazyStuff\AppData\Roaming\Mozilla\Firefox\Profiles\mt7sbh8v.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
AddRemove-Fences - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-{90140011-0062-0409-0000-0000000FF1CE} - c:\program files (x86)\Common Files\microsoft shared\virtualization handler\cvhbs.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Stardock\Object Desktop\WindowFX4\WFX32.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
c:\program files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2012-10-18 11:39:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-18 16:39
.
Pre-Run: 333,202,976,768 bytes free
Post-Run: 332,515,270,656 bytes free
.
- - End Of File - - ABE3E9491176AA1D81226E619C2A5511
  • 0

#6
gringo_pr
Posted 18 October 2012 - 11:57 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello 13o13

That is strange about some programs taking awhile to open but I don't think it is malware but I will still dig alitle deeper to be sure



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
13o13
Posted 18 October 2012 - 04:48 PM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
17:31:28.0357 8480 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
17:31:28.0726 8480 ============================================================
17:31:28.0726 8480 Current date / time: 2012/10/18 17:31:28.0726
17:31:28.0726 8480 SystemInfo:
17:31:28.0726 8480
17:31:28.0726 8480 OS Version: 6.1.7601 ServicePack: 1.0
17:31:28.0726 8480 Product type: Workstation
17:31:28.0726 8480 ComputerName: CRAZYCUSTOMPC
17:31:28.0726 8480 UserName: SomeCrazyStuff
17:31:28.0726 8480 Windows directory: C:\Windows
17:31:28.0726 8480 System windows directory: C:\Windows
17:31:28.0726 8480 Running under WOW64
17:31:28.0726 8480 Processor architecture: Intel x64
17:31:28.0726 8480 Number of processors: 12
17:31:28.0726 8480 Page size: 0x1000
17:31:28.0726 8480 Boot type: Normal boot
17:31:28.0726 8480 ============================================================
17:31:29.0433 8480 Drive \Device\Harddisk0\DR0 - Size: 0x8BBA5F6000 (558.91 Gb), SectorSize: 0x200, Cylinders: 0x11D01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:31:29.0437 8480 ============================================================
17:31:29.0437 8480 \Device\Harddisk0\DR0:
17:31:29.0437 8480 MBR partitions:
17:31:29.0437 8480 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:31:29.0437 8480 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x45D9F800
17:31:29.0437 8480 ============================================================
17:31:29.0451 8480 C: <-> \Device\Harddisk0\DR0\Partition2
17:31:29.0451 8480 ============================================================
17:31:29.0451 8480 Initialize success
17:31:29.0451 8480 ============================================================
17:31:34.0867 8668 ============================================================
17:31:34.0867 8668 Scan started
17:31:34.0867 8668 Mode: Manual;
17:31:34.0867 8668 ============================================================
17:31:36.0374 8668 ================ Scan system memory ========================
17:31:36.0374 8668 System memory - ok
17:31:36.0374 8668 ================ Scan services =============================
17:31:36.0506 8668 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:31:36.0522 8668 1394ohci - ok
17:31:36.0582 8668 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:31:36.0582 8668 ACDaemon - ok
17:31:36.0605 8668 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:31:36.0608 8668 ACPI - ok
17:31:36.0623 8668 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:31:36.0623 8668 AcpiPmi - ok
17:31:36.0655 8668 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:31:36.0655 8668 AdobeARMservice - ok
17:31:36.0748 8668 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:31:36.0749 8668 AdobeFlashPlayerUpdateSvc - ok
17:31:36.0771 8668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:31:36.0775 8668 adp94xx - ok
17:31:36.0780 8668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:31:36.0783 8668 adpahci - ok
17:31:36.0786 8668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:31:36.0788 8668 adpu320 - ok
17:31:36.0806 8668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:31:36.0807 8668 AeLookupSvc - ok
17:31:36.0834 8668 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:31:36.0838 8668 AFD - ok
17:31:36.0848 8668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:31:36.0849 8668 agp440 - ok
17:31:36.0861 8668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:31:36.0862 8668 ALG - ok
17:31:36.0872 8668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:31:36.0873 8668 aliide - ok
17:31:36.0921 8668 [ 766328EE8F5F372D66B45F4A86655E3F ] amBX Saitek HAL Service C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
17:31:36.0923 8668 amBX Saitek HAL Service - ok
17:31:36.0965 8668 [ 9D76B432DBE317A6437C8F157A67C097 ] amBX Service C:\Program Files (x86)\amBX\System\amBX_Service.exe
17:31:36.0969 8668 amBX Service - ok
17:31:36.0971 8668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:31:36.0972 8668 amdide - ok
17:31:36.0974 8668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:31:36.0975 8668 AmdK8 - ok
17:31:36.0977 8668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:31:36.0978 8668 AmdPPM - ok
17:31:36.0992 8668 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:31:36.0993 8668 amdsata - ok
17:31:37.0000 8668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:31:37.0002 8668 amdsbs - ok
17:31:37.0004 8668 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:31:37.0005 8668 amdxata - ok
17:31:37.0020 8668 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:31:37.0021 8668 AppID - ok
17:31:37.0030 8668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:31:37.0031 8668 AppIDSvc - ok
17:31:37.0044 8668 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:31:37.0045 8668 Appinfo - ok
17:31:37.0105 8668 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:31:37.0106 8668 Apple Mobile Device - ok
17:31:37.0123 8668 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:31:37.0125 8668 AppMgmt - ok
17:31:37.0128 8668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:31:37.0129 8668 arc - ok
17:31:37.0131 8668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:31:37.0132 8668 arcsas - ok
17:31:37.0148 8668 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
17:31:37.0148 8668 ArcSoftKsUFilter - ok
17:31:37.0185 8668 [ EDAA17CE771C696655B6585F7CAD2100 ] ASInsHelp C:\Windows\SysWow64\drivers\AsInsHelp64.sys
17:31:37.0186 8668 ASInsHelp - ok
17:31:37.0232 8668 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:31:37.0232 8668 AsIO - ok
17:31:37.0315 8668 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:31:37.0316 8668 aspnet_state - ok
17:31:37.0335 8668 [ 954FFBFF05B0B60EB63B52AF561436C4 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
17:31:37.0335 8668 AsSysCtrlService - ok
17:31:37.0352 8668 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
17:31:37.0352 8668 AsUpIO - ok
17:31:37.0361 8668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:31:37.0362 8668 AsyncMac - ok
17:31:37.0364 8668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:31:37.0364 8668 atapi - ok
17:31:37.0376 8668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:31:37.0382 8668 AudioEndpointBuilder - ok
17:31:37.0388 8668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:31:37.0391 8668 AudioSrv - ok
17:31:37.0425 8668 AVP - ok
17:31:37.0433 8668 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:31:37.0434 8668 AxInstSV - ok
17:31:37.0447 8668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:31:37.0451 8668 b06bdrv - ok
17:31:37.0468 8668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:31:37.0471 8668 b57nd60a - ok
17:31:37.0503 8668 [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
17:31:37.0504 8668 BcmSqlStartupSvc - ok
17:31:37.0534 8668 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
17:31:37.0536 8668 BCUService - ok
17:31:37.0542 8668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:31:37.0543 8668 BDESVC - ok
17:31:37.0553 8668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:31:37.0554 8668 Beep - ok
17:31:37.0580 8668 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:31:37.0652 8668 BFE - ok
17:31:37.0666 8668 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:31:37.0673 8668 BITS - ok
17:31:37.0688 8668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:31:37.0689 8668 blbdrive - ok
17:31:37.0732 8668 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:31:37.0733 8668 Bonjour Service - ok
17:31:37.0743 8668 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:31:37.0744 8668 bowser - ok
17:31:37.0746 8668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:31:37.0746 8668 BrFiltLo - ok
17:31:37.0749 8668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:31:37.0749 8668 BrFiltUp - ok
17:31:37.0762 8668 [ 5C2F352A4E961D72518261257AAE204B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
17:31:37.0763 8668 Bridge - ok
17:31:37.0777 8668 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:31:37.0778 8668 BridgeMP - ok
17:31:37.0786 8668 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:31:37.0787 8668 Browser - ok
17:31:37.0791 8668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:31:37.0794 8668 Brserid - ok
17:31:37.0796 8668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:31:37.0797 8668 BrSerWdm - ok
17:31:37.0799 8668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:31:37.0799 8668 BrUsbMdm - ok
17:31:37.0801 8668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:31:37.0815 8668 BrUsbSer - ok
17:31:37.0828 8668 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
17:31:37.0829 8668 BthEnum - ok
17:31:37.0831 8668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:31:37.0832 8668 BTHMODEM - ok
17:31:37.0841 8668 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
17:31:37.0842 8668 BthPan - ok
17:31:37.0860 8668 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
17:31:37.0865 8668 BTHPORT - ok
17:31:37.0867 8668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:31:37.0868 8668 bthserv - ok
17:31:37.0880 8668 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
17:31:37.0881 8668 BTHUSB - ok
17:31:37.0899 8668 catchme - ok
17:31:37.0902 8668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:31:37.0903 8668 cdfs - ok
17:31:37.0916 8668 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:31:37.0918 8668 cdrom - ok
17:31:37.0930 8668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:31:37.0931 8668 CertPropSvc - ok
17:31:37.0938 8668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:31:37.0939 8668 circlass - ok
17:31:37.0967 8668 [ 125327DF629324FAD78D9A95CCD0F425 ] CLBStor C:\Windows\system32\DRIVERS\CLBStor.sys
17:31:37.0967 8668 CLBStor - ok
17:31:37.0983 8668 [ 9C0CD75FEA24E7E0E835EEE7F14406F7 ] CLBUDF C:\Windows\system32\drivers\CLBUDF.sys
17:31:37.0984 8668 CLBUDF - ok
17:31:38.0002 8668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:31:38.0005 8668 CLFS - ok
17:31:38.0043 8668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:31:38.0063 8668 clr_optimization_v2.0.50727_32 - ok
17:31:38.0076 8668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:31:38.0077 8668 clr_optimization_v2.0.50727_64 - ok
17:31:38.0204 8668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:31:38.0219 8668 clr_optimization_v4.0.30319_32 - ok
17:31:38.0250 8668 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:31:38.0251 8668 clr_optimization_v4.0.30319_64 - ok
17:31:38.0253 8668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:31:38.0254 8668 CmBatt - ok
17:31:38.0264 8668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:31:38.0265 8668 cmdide - ok
17:31:38.0282 8668 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:31:38.0285 8668 CNG - ok
17:31:38.0288 8668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:31:38.0288 8668 Compbatt - ok
17:31:38.0306 8668 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:31:38.0307 8668 CompositeBus - ok
17:31:38.0318 8668 COMSysApp - ok
17:31:38.0346 8668 cpuz135 - ok
17:31:38.0348 8668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:31:38.0349 8668 crcdisk - ok
17:31:38.0373 8668 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:31:38.0375 8668 CryptSvc - ok
17:31:38.0397 8668 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:31:38.0401 8668 CSC - ok
17:31:38.0427 8668 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:31:38.0433 8668 CscService - ok
17:31:38.0462 8668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:31:38.0466 8668 DcomLaunch - ok
17:31:38.0478 8668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:31:38.0481 8668 defragsvc - ok
17:31:38.0492 8668 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:31:38.0493 8668 DfsC - ok
17:31:38.0515 8668 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:31:38.0518 8668 Dhcp - ok
17:31:38.0524 8668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:31:38.0525 8668 discache - ok
17:31:38.0533 8668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:31:38.0534 8668 Disk - ok
17:31:38.0554 8668 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:31:38.0556 8668 Dnscache - ok
17:31:38.0572 8668 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:31:38.0575 8668 dot3svc - ok
17:31:38.0601 8668 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
17:31:38.0603 8668 Dot4 - ok
17:31:38.0618 8668 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
17:31:38.0619 8668 Dot4Print - ok
17:31:38.0621 8668 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
17:31:38.0621 8668 dot4usb - ok
17:31:38.0633 8668 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:31:38.0635 8668 DPS - ok
17:31:38.0645 8668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:31:38.0645 8668 drmkaud - ok
17:31:38.0665 8668 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:31:38.0668 8668 DXGKrnl - ok
17:31:38.0765 8668 [ 56F127EDF97AF8295FFC0FA485F9669C ] e1yexpress C:\Windows\system32\DRIVERS\e1y62x64.sys
17:31:38.0767 8668 e1yexpress - ok
17:31:38.0782 8668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:31:38.0783 8668 EapHost - ok
17:31:38.0823 8668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:31:38.0867 8668 ebdrv - ok
17:31:38.0885 8668 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:31:38.0885 8668 EFS - ok
17:31:38.0916 8668 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:31:38.0938 8668 ehRecvr - ok
17:31:38.0945 8668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:31:38.0947 8668 ehSched - ok
17:31:38.0962 8668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:31:38.0966 8668 elxstor - ok
17:31:38.0978 8668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:31:38.0978 8668 ErrDev - ok
17:31:38.0995 8668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:31:38.0999 8668 EventSystem - ok
17:31:39.0008 8668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:31:39.0010 8668 exfat - ok
17:31:39.0018 8668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:31:39.0020 8668 fastfat - ok
17:31:39.0041 8668 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:31:39.0047 8668 Fax - ok
17:31:39.0049 8668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:31:39.0050 8668 fdc - ok
17:31:39.0060 8668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:31:39.0061 8668 fdPHost - ok
17:31:39.0071 8668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:31:39.0072 8668 FDResPub - ok
17:31:39.0079 8668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:31:39.0080 8668 FileInfo - ok
17:31:39.0088 8668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:31:39.0089 8668 Filetrace - ok
17:31:39.0091 8668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:31:39.0092 8668 flpydisk - ok
17:31:39.0102 8668 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:31:39.0105 8668 FltMgr - ok
17:31:39.0124 8668 [ 6CD6BB45BD3E0EEF6CE496BF52854FF1 ] FlyUsb C:\Windows\system32\DRIVERS\FlyUsb.sys
17:31:39.0125 8668 FlyUsb - ok
17:31:39.0150 8668 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:31:39.0160 8668 FontCache - ok
17:31:39.0196 8668 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:31:39.0196 8668 FontCache3.0.0.0 - ok
17:31:39.0199 8668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:31:39.0199 8668 FsDepends - ok
17:31:39.0284 8668 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:31:39.0284 8668 Fs_Rec - ok
17:31:39.0316 8668 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:31:39.0318 8668 fvevol - ok
17:31:39.0320 8668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:31:39.0321 8668 gagp30kx - ok
17:31:39.0344 8668 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:31:39.0344 8668 GEARAspiWDM - ok
17:31:39.0387 8668 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:31:39.0401 8668 gpsvc - ok
17:31:39.0498 8668 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:31:39.0511 8668 gupdate - ok
17:31:39.0527 8668 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:31:39.0528 8668 gupdatem - ok
17:31:39.0530 8668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:31:39.0531 8668 hcw85cir - ok
17:31:39.0544 8668 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:31:39.0547 8668 HdAudAddService - ok
17:31:39.0559 8668 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:31:39.0560 8668 HDAudBus - ok
17:31:39.0562 8668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:31:39.0563 8668 HidBatt - ok
17:31:39.0565 8668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:31:39.0566 8668 HidBth - ok
17:31:39.0568 8668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:31:39.0569 8668 HidIr - ok
17:31:39.0571 8668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:31:39.0572 8668 hidserv - ok
17:31:39.0590 8668 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:31:39.0591 8668 HidUsb - ok
17:31:39.0603 8668 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:31:39.0605 8668 hkmsvc - ok
17:31:39.0619 8668 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:31:39.0621 8668 HomeGroupListener - ok
17:31:39.0643 8668 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:31:39.0645 8668 HomeGroupProvider - ok
17:31:39.0648 8668 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:31:39.0649 8668 HpSAMD - ok
17:31:39.0676 8668 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:31:39.0682 8668 HTTP - ok
17:31:39.0691 8668 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:31:39.0691 8668 hwpolicy - ok
17:31:39.0710 8668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:31:39.0711 8668 i8042prt - ok
17:31:39.0732 8668 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:31:39.0736 8668 iaStorV - ok
17:31:39.0831 8668 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:31:39.0838 8668 idsvc - ok
17:31:39.0845 8668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:31:39.0846 8668 iirsp - ok
17:31:39.0863 8668 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:31:39.0870 8668 IKEEXT - ok
17:31:39.0915 8668 [ A3BCBD0F710580A07D1B929D787D36CE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:31:39.0922 8668 IntcAzAudAddService - ok
17:31:39.0925 8668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:31:39.0925 8668 intelide - ok
17:31:39.0931 8668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:31:39.0931 8668 intelppm - ok
17:31:39.0997 8668 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:31:39.0997 8668 IntuitUpdateServiceV4 - ok
17:31:40.0015 8668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:31:40.0017 8668 IPBusEnum - ok
17:31:40.0035 8668 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:31:40.0036 8668 IpFilterDriver - ok
17:31:40.0047 8668 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:31:40.0051 8668 iphlpsvc - ok
17:31:40.0054 8668 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:31:40.0055 8668 IPMIDRV - ok
17:31:40.0065 8668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:31:40.0066 8668 IPNAT - ok
17:31:40.0101 8668 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:31:40.0108 8668 iPod Service - ok
17:31:40.0119 8668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:31:40.0119 8668 IRENUM - ok
17:31:40.0121 8668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:31:40.0122 8668 isapnp - ok
17:31:40.0134 8668 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:31:40.0137 8668 iScsiPrt - ok
17:31:40.0143 8668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:31:40.0143 8668 kbdclass - ok
17:31:40.0149 8668 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:31:40.0150 8668 kbdhid - ok
17:31:40.0157 8668 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:31:40.0157 8668 KeyIso - ok
17:31:40.0194 8668 [ E656FE10D6D27794AFA08136685A69E8 ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
17:31:40.0198 8668 KL1 - ok
17:31:40.0201 8668 [ D865DD8B0448E3F963D68C04C532858F ] kl2 C:\Windows\system32\DRIVERS\kl2.sys
17:31:40.0202 8668 kl2 - ok
17:31:40.0231 8668 [ C7D4F357C482DD37E2B05F34093B7B0C ] KLIF C:\Windows\system32\DRIVERS\klif.sys
17:31:40.0233 8668 KLIF - ok
17:31:40.0269 8668 [ 89FB5A33D7171B6D84F5EB721D5055E1 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
17:31:40.0269 8668 KLIM6 - ok
17:31:40.0275 8668 [ 9468D07E91BA136D82415F5DFC1FE168 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
17:31:40.0275 8668 klmouflt - ok
17:31:40.0292 8668 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:31:40.0293 8668 KSecDD - ok
17:31:40.0312 8668 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:31:40.0314 8668 KSecPkg - ok
17:31:40.0316 8668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:31:40.0316 8668 ksthunk - ok
17:31:40.0329 8668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:31:40.0345 8668 KtmRm - ok
17:31:40.0360 8668 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:31:40.0362 8668 LanmanServer - ok
17:31:40.0374 8668 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:31:40.0376 8668 LanmanWorkstation - ok
17:31:40.0507 8668 [ 32F1B95C60042F3D95FC8AB43559B3B1 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
17:31:40.0577 8668 LeapFrog Connect Device Service - ok
17:31:40.0597 8668 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
17:31:40.0601 8668 LGBusEnum - ok
17:31:40.0607 8668 [ F705A641C18DF31B48B5DBDA94B425E4 ] LGPBTDD C:\Windows\system32\Drivers\LGPBTDD.sys
17:31:40.0607 8668 LGPBTDD - ok
17:31:40.0623 8668 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
17:31:40.0623 8668 LGVirHid - ok
17:31:40.0648 8668 [ 3503F257B3203F824B1567238EBE17E2 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:31:40.0649 8668 LightScribeService - ok
17:31:40.0665 8668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:31:40.0666 8668 lltdio - ok
17:31:40.0678 8668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:31:40.0681 8668 lltdsvc - ok
17:31:40.0683 8668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:31:40.0684 8668 lmhosts - ok
17:31:40.0717 8668 [ 98B0FCC176DFB711B67651BECB88C445 ] LMIGuardianSvc C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
17:31:40.0719 8668 LMIGuardianSvc - ok
17:31:40.0744 8668 [ 0317335B15FF3BDA8E10197E3434CFC0 ] LMIInfo C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
17:31:40.0744 8668 LMIInfo - ok
17:31:40.0776 8668 [ B712511029CBD68645A90A241FD6AE43 ] LMIMaint C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
17:31:40.0777 8668 LMIMaint - ok
17:31:40.0802 8668 [ 413ECDCFAD9A82804D3674C8D7EEC24E ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
17:31:40.0802 8668 lmimirr - ok
17:31:40.0816 8668 LMIRfsClientNP - ok
17:31:40.0829 8668 [ C57D3FAA50E6F395759FFB7C709BD944 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
17:31:40.0830 8668 LMIRfsDriver - ok
17:31:40.0852 8668 [ D3760BC17E1755091B7120CF32DBF56B ] LogMeIn C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
17:31:40.0854 8668 LogMeIn - ok
17:31:40.0881 8668 [ E5F847379EB7C95759CEDD856628B434 ] LogWriter C:\Program Files (x86)\Diebold\Agilis Power\Logger\LogWriter.exe
17:31:40.0884 8668 LogWriter - ok
17:31:40.0899 8668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:31:40.0900 8668 LSI_FC - ok
17:31:40.0903 8668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:31:40.0904 8668 LSI_SAS - ok
17:31:40.0906 8668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:31:40.0907 8668 LSI_SAS2 - ok
17:31:40.0920 8668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:31:40.0921 8668 LSI_SCSI - ok
17:31:40.0931 8668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:31:40.0933 8668 luafv - ok
17:31:40.0945 8668 MBAMProtector - ok
17:31:40.0985 8668 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:31:40.0988 8668 MBAMScheduler - ok
17:31:41.0008 8668 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:31:41.0057 8668 MBAMService - ok
17:31:41.0069 8668 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:31:41.0071 8668 Mcx2Svc - ok
17:31:41.0073 8668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:31:41.0073 8668 megasas - ok
17:31:41.0078 8668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:31:41.0080 8668 MegaSR - ok
17:31:41.0120 8668 Microsoft SharePoint Workspace Audit Service - ok
17:31:41.0140 8668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:31:41.0142 8668 MMCSS - ok
17:31:41.0144 8668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:31:41.0144 8668 Modem - ok
17:31:41.0164 8668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:31:41.0164 8668 monitor - ok
17:31:41.0187 8668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:31:41.0188 8668 mouclass - ok
17:31:41.0202 8668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:31:41.0203 8668 mouhid - ok
17:31:41.0211 8668 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:31:41.0212 8668 mountmgr - ok
17:31:41.0250 8668 [ 24409A2A9F0351E208E14F609340FB25 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:31:41.0251 8668 MozillaMaintenance - ok
17:31:41.0265 8668 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:31:41.0267 8668 mpio - ok
17:31:41.0274 8668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:31:41.0275 8668 mpsdrv - ok
17:31:41.0303 8668 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:31:41.0310 8668 MpsSvc - ok
17:31:41.0338 8668 [ 7E997DF71CD2DD5CF0D3D07B8D8E798C ] MRV6X64U C:\Windows\system32\DRIVERS\MRVW24C.sys
17:31:41.0341 8668 MRV6X64U - ok
17:31:41.0356 8668 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:31:41.0358 8668 MRxDAV - ok
17:31:41.0366 8668 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:31:41.0368 8668 mrxsmb - ok
17:31:41.0382 8668 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:31:41.0384 8668 mrxsmb10 - ok
17:31:41.0397 8668 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:31:41.0399 8668 mrxsmb20 - ok
17:31:41.0474 8668 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:31:41.0474 8668 msahci - ok
17:31:41.0493 8668 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:31:41.0495 8668 msdsm - ok
17:31:41.0508 8668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:31:41.0510 8668 MSDTC - ok
17:31:41.0514 8668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:31:41.0515 8668 Msfs - ok
17:31:41.0524 8668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:31:41.0525 8668 mshidkmdf - ok
17:31:41.0533 8668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:31:41.0533 8668 msisadrv - ok
17:31:41.0553 8668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:31:41.0555 8668 MSiSCSI - ok
17:31:41.0557 8668 msiserver - ok
17:31:41.0576 8668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:31:41.0577 8668 MSKSSRV - ok
17:31:41.0579 8668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:31:41.0579 8668 MSPCLOCK - ok
17:31:41.0581 8668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:31:41.0582 8668 MSPQM - ok
17:31:41.0604 8668 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:31:41.0607 8668 MsRPC - ok
17:31:41.0614 8668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:31:41.0614 8668 mssmbios - ok
17:31:41.0659 8668 MSSQL$MSSMLBIZ - ok
17:31:41.0698 8668 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
17:31:41.0699 8668 MSSQLServerADHelper100 - ok
17:31:41.0701 8668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:31:41.0702 8668 MSTEE - ok
17:31:41.0703 8668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:31:41.0704 8668 MTConfig - ok
17:31:41.0725 8668 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:31:41.0725 8668 MTsensor - ok
17:31:41.0743 8668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:31:41.0744 8668 Mup - ok
17:31:41.0760 8668 [ 77073C1AF9C0921FF18EE628049BB1A9 ] mv91xx C:\Windows\system32\DRIVERS\mv91xx.sys
17:31:41.0762 8668 mv91xx - ok
17:31:41.0779 8668 [ 091127E892A86A8376909AC1AFF59563 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
17:31:41.0780 8668 NAL - ok
17:31:41.0800 8668 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:31:41.0805 8668 napagent - ok
17:31:41.0826 8668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:31:41.0829 8668 NativeWifiP - ok
17:31:41.0855 8668 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:31:41.0862 8668 NDIS - ok
17:31:41.0880 8668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:31:41.0880 8668 NdisCap - ok
17:31:41.0897 8668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:31:41.0897 8668 NdisTapi - ok
17:31:41.0914 8668 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:31:41.0915 8668 Ndisuio - ok
17:31:41.0924 8668 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:31:41.0926 8668 NdisWan - ok
17:31:41.0938 8668 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:31:41.0939 8668 NDProxy - ok
17:31:42.0038 8668 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
17:31:42.0039 8668 Net Driver HPZ12 - ok
17:31:42.0053 8668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:31:42.0054 8668 NetBIOS - ok
17:31:42.0073 8668 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:31:42.0075 8668 NetBT - ok
17:31:42.0082 8668 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:31:42.0083 8668 Netlogon - ok
17:31:42.0107 8668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:31:42.0111 8668 Netman - ok
17:31:42.0143 8668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:42.0144 8668 NetMsmqActivator - ok
17:31:42.0147 8668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:42.0147 8668 NetPipeActivator - ok
17:31:42.0159 8668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:31:42.0164 8668 netprofm - ok
17:31:42.0167 8668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:42.0167 8668 NetTcpActivator - ok
17:31:42.0170 8668 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:31:42.0170 8668 NetTcpPortSharing - ok
17:31:42.0178 8668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:31:42.0179 8668 nfrd960 - ok
17:31:42.0190 8668 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:31:42.0193 8668 NlaSvc - ok
17:31:42.0195 8668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:31:42.0196 8668 Npfs - ok
17:31:42.0226 8668 npggsvc - ok
17:31:42.0229 8668 NPPTNT2 - ok
17:31:42.0231 8668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:31:42.0232 8668 nsi - ok
17:31:42.0244 8668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:31:42.0244 8668 nsiproxy - ok
17:31:42.0279 8668 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:31:42.0298 8668 Ntfs - ok
17:31:42.0305 8668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:31:42.0305 8668 Null - ok
17:31:42.0325 8668 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
17:31:42.0326 8668 nusb3hub - ok
17:31:42.0350 8668 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
17:31:42.0351 8668 nusb3xhc - ok
17:31:42.0378 8668 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:31:42.0381 8668 NVENETFD - ok
17:31:42.0404 8668 [ F2662FDC20518EE8A8EED4F61BA42349 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
17:31:42.0406 8668 NVHDA - ok
17:31:42.0682 8668 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:31:42.0724 8668 nvlddmkm - ok
17:31:42.0741 8668 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:31:42.0742 8668 nvraid - ok
17:31:42.0753 8668 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:31:42.0755 8668 nvstor - ok
17:31:42.0781 8668 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:31:42.0785 8668 nvUpdatusService - ok
17:31:42.0794 8668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:31:42.0810 8668 nv_agp - ok
17:31:42.0821 8668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:31:42.0822 8668 ohci1394 - ok
17:31:42.0856 8668 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:31:42.0857 8668 ose - ok
17:31:42.0951 8668 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:31:43.0008 8668 osppsvc - ok
17:31:43.0039 8668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:31:43.0041 8668 p2pimsvc - ok
17:31:43.0156 8668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:31:43.0158 8668 p2psvc - ok
17:31:43.0180 8668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:31:43.0181 8668 Parport - ok
17:31:43.0196 8668 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:31:43.0197 8668 partmgr - ok
17:31:43.0200 8668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:31:43.0203 8668 PcaSvc - ok
17:31:43.0241 8668 PCG_NT - ok
17:31:43.0245 8668 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:31:43.0246 8668 pci - ok
17:31:43.0248 8668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:31:43.0248 8668 pciide - ok
17:31:43.0252 8668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:31:43.0254 8668 pcmcia - ok
17:31:43.0256 8668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:31:43.0257 8668 pcw - ok
17:31:43.0271 8668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:31:43.0276 8668 PEAUTH - ok
17:31:43.0294 8668 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:31:43.0305 8668 PeerDistSvc - ok
17:31:43.0380 8668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:31:43.0381 8668 PerfHost - ok
17:31:43.0408 8668 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:31:43.0419 8668 pla - ok
17:31:43.0441 8668 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:31:43.0445 8668 PlugPlay - ok
17:31:43.0460 8668 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
17:31:43.0462 8668 Pml Driver HPZ12 - ok
17:31:43.0483 8668 PnkBstrA - ok
17:31:43.0490 8668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:31:43.0491 8668 PNRPAutoReg - ok
17:31:43.0501 8668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:31:43.0503 8668 PNRPsvc - ok
17:31:43.0522 8668 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:31:43.0527 8668 PolicyAgent - ok
17:31:43.0537 8668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:31:43.0539 8668 Power - ok
17:31:43.0561 8668 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:31:43.0562 8668 PptpMiniport - ok
17:31:43.0568 8668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:31:43.0570 8668 Processor - ok
17:31:43.0581 8668 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:31:43.0583 8668 ProfSvc - ok
17:31:43.0594 8668 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:31:43.0595 8668 ProtectedStorage - ok
17:31:43.0622 8668 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:31:43.0623 8668 Psched - ok
17:31:43.0655 8668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:31:43.0678 8668 ql2300 - ok
17:31:43.0688 8668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:31:43.0689 8668 ql40xx - ok
17:31:43.0693 8668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:31:43.0696 8668 QWAVE - ok
17:31:43.0698 8668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:31:43.0699 8668 QWAVEdrv - ok
17:31:43.0703 8668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:31:43.0704 8668 RasAcd - ok
17:31:43.0725 8668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:31:43.0725 8668 RasAgileVpn - ok
17:31:43.0728 8668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:31:43.0730 8668 RasAuto - ok
17:31:43.0732 8668 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:31:43.0734 8668 Rasl2tp - ok
17:31:43.0750 8668 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:31:43.0753 8668 RasMan - ok
17:31:43.0756 8668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:31:43.0757 8668 RasPppoe - ok
17:31:43.0770 8668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:31:43.0771 8668 RasSstp - ok
17:31:43.0780 8668 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:31:43.0782 8668 rdbss - ok
17:31:43.0785 8668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:31:43.0785 8668 rdpbus - ok
17:31:43.0788 8668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:31:43.0789 8668 RDPCDD - ok
17:31:43.0809 8668 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:31:43.0811 8668 RDPDR - ok
17:31:43.0818 8668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:31:43.0819 8668 RDPENCDD - ok
17:31:43.0822 8668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:31:43.0822 8668 RDPREFMP - ok
17:31:43.0844 8668 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:31:43.0844 8668 RdpVideoMiniport - ok
17:31:43.0861 8668 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:31:43.0863 8668 RDPWD - ok
17:31:43.0883 8668 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:31:43.0885 8668 rdyboost - ok
17:31:43.0894 8668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:31:43.0896 8668 RemoteAccess - ok
17:31:43.0899 8668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:31:43.0901 8668 RemoteRegistry - ok
17:31:43.0922 8668 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
17:31:43.0922 8668 Revoflt - ok
17:31:43.0934 8668 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
17:31:43.0935 8668 RFCOMM - ok
17:31:43.0946 8668 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:31:43.0947 8668 RimUsb - ok
17:31:43.0963 8668 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
17:31:43.0963 8668 RimVSerPort - ok
17:31:43.0976 8668 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
17:31:43.0976 8668 ROOTMODEM - ok
17:31:43.0984 8668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:31:43.0986 8668 RpcEptMapper - ok
17:31:44.0003 8668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:31:44.0008 8668 RpcLocator - ok
17:31:44.0029 8668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
17:31:44.0032 8668 RpcSs - ok
17:31:44.0040 8668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:31:44.0041 8668 rspndr - ok
17:31:44.0051 8668 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:31:44.0052 8668 s3cap - ok
17:31:44.0069 8668 [ 8A77306BA836F87EDDD655B5CE1B8E99 ] Said505F C:\Windows\system32\DRIVERS\Said505F.sys
17:31:44.0069 8668 Said505F - ok
17:31:44.0089 8668 [ 210B10BB663E244FD2132BCE93622E87 ] SaiK0CD0 C:\Windows\system32\DRIVERS\SaiK0CD0.sys
17:31:44.0090 8668 SaiK0CD0 - ok
17:31:44.0111 8668 [ 3ECECF1780A710C03938682EBA7D04E6 ] SaiK0CFA C:\Windows\system32\DRIVERS\SaiK0CFA.sys
17:31:44.0113 8668 SaiK0CFA - ok
17:31:44.0138 8668 [ DDC0CEE273C7BF3E66A70F776A4F6E8C ] SaiK0DC5 C:\Windows\system32\DRIVERS\SaiK0DC5.sys
17:31:44.0138 8668 SaiK0DC5 - ok
17:31:44.0152 8668 [ DD36A2F7991A9EB99C38980C75F06D14 ] SaiMini C:\Windows\system32\DRIVERS\SaiMini.sys
17:31:44.0153 8668 SaiMini - ok
17:31:44.0170 8668 [ 35B147C7118618467E5292053C23D242 ] SaiNtBus C:\Windows\system32\drivers\SaiBus.sys
17:31:44.0170 8668 SaiNtBus - ok
17:31:44.0228 8668 [ 284FA750386C67D6F8B556F90C798DAD ] SaiU0CD0 C:\Windows\system32\DRIVERS\SaiU0CD0.sys
17:31:44.0228 8668 SaiU0CD0 - ok
17:31:44.0248 8668 [ 3D2B39C046C5C720F524EE5DDC140523 ] SaiU0CFA C:\Windows\system32\DRIVERS\SaiU0CFA.sys
17:31:44.0249 8668 SaiU0CFA - ok
17:31:44.0254 8668 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:31:44.0255 8668 SamSs - ok
17:31:44.0267 8668 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:31:44.0268 8668 sbp2port - ok
17:31:44.0272 8668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:31:44.0274 8668 SCardSvr - ok
17:31:44.0295 8668 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:31:44.0295 8668 scfilter - ok
17:31:44.0320 8668 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:31:44.0330 8668 Schedule - ok
17:31:44.0354 8668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:31:44.0354 8668 SCPolicySvc - ok
17:31:44.0377 8668 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:31:44.0379 8668 SDRSVC - ok
17:31:44.0398 8668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:31:44.0399 8668 secdrv - ok
17:31:44.0408 8668 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:31:44.0409 8668 seclogon - ok
17:31:44.0412 8668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:31:44.0413 8668 SENS - ok
17:31:44.0415 8668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:31:44.0417 8668 SensrSvc - ok
17:31:44.0431 8668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:31:44.0432 8668 Serenum - ok
17:31:44.0434 8668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:31:44.0435 8668 Serial - ok
17:31:44.0443 8668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:31:44.0444 8668 sermouse - ok
17:31:44.0461 8668 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:31:44.0462 8668 SessionEnv - ok
17:31:44.0474 8668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:31:44.0475 8668 sffdisk - ok
17:31:44.0477 8668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:31:44.0502 8668 sffp_mmc - ok
17:31:44.0504 8668 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:31:44.0504 8668 sffp_sd - ok
17:31:44.0506 8668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:31:44.0507 8668 sfloppy - ok
17:31:44.0543 8668 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
17:31:44.0546 8668 Sftfs - ok
17:31:44.0578 8668 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:31:44.0601 8668 sftlist - ok
17:31:44.0615 8668 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:31:44.0617 8668 Sftplay - ok
17:31:44.0622 8668 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:31:44.0622 8668 Sftredir - ok
17:31:44.0631 8668 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
17:31:44.0632 8668 Sftvol - ok
17:31:44.0643 8668 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:31:44.0644 8668 sftvsa - ok
17:31:44.0661 8668 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:31:44.0664 8668 SharedAccess - ok
17:31:44.0809 8668 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:31:44.0814 8668 ShellHWDetection - ok
17:31:44.0825 8668 [ 568C4B94FFF08B663083C255C269FD77 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
17:31:44.0826 8668 silabenm - ok
17:31:44.0831 8668 [ 4AC31A6EE9A5F3E28822DCD52CE02D17 ] silabser C:\Windows\system32\DRIVERS\silabser.sys
17:31:44.0832 8668 silabser - ok
17:31:44.0836 8668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:31:44.0837 8668 SiSRaid2 - ok
17:31:44.0839 8668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:31:44.0841 8668 SiSRaid4 - ok
17:31:44.0857 8668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:31:44.0859 8668 Smb - ok
17:31:44.0868 8668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:31:44.0869 8668 SNMPTRAP - ok
17:31:44.0904 8668 [ F9369327409492097B0BB7CE86BD29DE ] Soluto C:\Windows\system32\DRIVERS\Soluto.sys
17:31:44.0904 8668 Soluto - ok
17:31:44.0936 8668 [ 57E4AFE38AAF4D4D864D07829B38A377 ] SolutoService C:\Program Files\Soluto\SolutoService.exe
17:31:44.0938 8668 SolutoService - ok
17:31:44.0952 8668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:31:44.0952 8668 spldr - ok
17:31:44.0971 8668 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:31:44.0973 8668 Spooler - ok
17:31:45.0036 8668 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:31:45.0075 8668 sppsvc - ok
17:31:45.0097 8668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:31:45.0098 8668 sppuinotify - ok
17:31:45.0153 8668 [ A892134C28777978ECDE8283DC57AC0F ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
17:31:45.0169 8668 SQLAgent$MSSMLBIZ - ok
17:31:45.0279 8668 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
17:31:45.0281 8668 SQLBrowser - ok
17:31:45.0330 8668 [ F92E5F93BE572B512DA3C016B675EDE0 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
17:31:45.0354 8668 SQLWriter - ok
17:31:45.0376 8668 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:31:45.0380 8668 srv - ok
17:31:45.0385 8668 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:31:45.0389 8668 srv2 - ok
17:31:45.0394 8668 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:31:45.0396 8668 srvnet - ok
17:31:45.0409 8668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:31:45.0412 8668 SSDPSRV - ok
17:31:45.0422 8668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:31:45.0424 8668 SstpSvc - ok
17:31:45.0450 8668 Steam Client Service - ok
17:31:45.0495 8668 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:31:45.0496 8668 Stereo Service - ok
17:31:45.0506 8668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:31:45.0528 8668 stexstor - ok
17:31:45.0548 8668 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:31:45.0553 8668 stisvc - ok
17:31:45.0563 8668 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:31:45.0564 8668 storflt - ok
17:31:45.0566 8668 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:31:45.0567 8668 storvsc - ok
17:31:45.0574 8668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:31:45.0575 8668 swenum - ok
17:31:45.0580 8668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:31:45.0585 8668 swprv - ok
17:31:45.0603 8668 Synth3dVsc - ok
17:31:45.0648 8668 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:31:45.0669 8668 SysMain - ok
17:31:45.0701 8668 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:31:45.0702 8668 TabletInputService - ok
17:31:45.0716 8668 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:31:45.0720 8668 TapiSrv - ok
17:31:45.0722 8668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:31:45.0724 8668 TBS - ok
17:31:45.0823 8668 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:31:45.0838 8668 Tcpip - ok
17:31:45.0870 8668 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:31:45.0876 8668 TCPIP6 - ok
17:31:45.0890 8668 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:31:45.0906 8668 tcpipreg - ok
17:31:45.0917 8668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:31:45.0918 8668 TDPIPE - ok
17:31:45.0935 8668 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:31:45.0936 8668 TDTCP - ok
17:31:45.0955 8668 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:31:45.0957 8668 tdx - ok
17:31:45.0963 8668 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:31:45.0964 8668 TermDD - ok
17:31:45.0991 8668 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:31:45.0998 8668 TermService - ok
17:31:46.0008 8668 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:31:46.0009 8668 Themes - ok
17:31:46.0024 8668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:31:46.0025 8668 THREADORDER - ok
17:31:46.0067 8668 [ B578F7E7914E7D9EB161032A613DE3BD ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:31:46.0068 8668 TOSHIBA Bluetooth Service - ok
17:31:46.0092 8668 [ 8021F63311797085949FA387F7C83583 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
17:31:46.0093 8668 tosporte - ok
17:31:46.0117 8668 [ 1B09357180034639E62CF745E77AC66E ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
17:31:46.0118 8668 tosrfbd - ok
17:31:46.0125 8668 [ 62512B5277D88600F8BD4B7AEC43569D ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
17:31:46.0126 8668 tosrfbnp - ok
17:31:46.0132 8668 [ C523A9186C39D65CC9ADEBB2E1B93CCD ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
17:31:46.0133 8668 Tosrfcom - ok
17:31:46.0146 8668 [ 451B8C1815C6CC39650AF916C2A382CD ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:31:46.0146 8668 Tosrfhid - ok
17:31:46.0155 8668 [ B6FDC3C76FFE9C5171EEA9C37EA367C2 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
17:31:46.0156 8668 tosrfnds - ok
17:31:46.0158 8668 [ E1E045240C1184FA6628F3C7E7FF85D8 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
17:31:46.0159 8668 TosRfSnd - ok
17:31:46.0183 8668 [ FC88BAF46FF87D2BC80F8B0F0322D84A ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
17:31:46.0183 8668 Tosrfusb - ok
17:31:46.0186 8668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:31:46.0188 8668 TrkWks - ok
17:31:46.0210 8668 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:31:46.0211 8668 TrustedInstaller - ok
17:31:46.0227 8668 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:31:46.0227 8668 tssecsrv - ok
17:31:46.0245 8668 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:31:46.0246 8668 TsUsbFlt - ok
17:31:46.0248 8668 tsusbhub - ok
17:31:46.0341 8668 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:31:46.0342 8668 tunnel - ok
17:31:46.0345 8668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:31:46.0346 8668 uagp35 - ok
17:31:46.0375 8668 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
17:31:46.0375 8668 uCamMonitor - ok
17:31:46.0387 8668 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:31:46.0424 8668 udfs - ok
17:31:46.0428 8668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:31:46.0430 8668 UI0Detect - ok
17:31:46.0432 8668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:31:46.0433 8668 uliagpkx - ok
17:31:46.0459 8668 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:31:46.0459 8668 umbus - ok
17:31:46.0461 8668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:31:46.0462 8668 UmPass - ok
17:31:46.0466 8668 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:31:46.0468 8668 UmRdpService - ok
17:31:46.0500 8668 [ 8F387A1CC015A3F5020700C657A0FC85 ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
17:31:46.0501 8668 UnsignedThemes - ok
17:31:46.0507 8668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:31:46.0511 8668 upnphost - ok
17:31:46.0520 8668 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:31:46.0521 8668 USBAAPL64 - ok
17:31:46.0529 8668 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:31:46.0531 8668 usbaudio - ok
17:31:46.0549 8668 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:31:46.0550 8668 usbccgp - ok
17:31:46.0572 8668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:31:46.0573 8668 usbcir - ok
17:31:46.0589 8668 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:31:46.0590 8668 usbehci - ok
17:31:46.0604 8668 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:31:46.0607 8668 usbhub - ok
17:31:46.0613 8668 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:31:46.0614 8668 usbohci - ok
17:31:46.0618 8668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:31:46.0619 8668 usbprint - ok
17:31:46.0624 8668 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:31:46.0625 8668 usbscan - ok
17:31:46.0635 8668 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:31:46.0637 8668 USBSTOR - ok
17:31:46.0647 8668 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:31:46.0648 8668 usbuhci - ok
17:31:46.0663 8668 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:31:46.0665 8668 usbvideo - ok
17:31:46.0684 8668 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
17:31:46.0684 8668 usb_rndisx - ok
17:31:46.0713 8668 [ 297EE9C666FC8BB96A232DB0DDBA1E49 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys
17:31:46.0713 8668 uxpatch - ok
17:31:46.0722 8668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:31:46.0723 8668 UxSms - ok
17:31:46.0732 8668 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:31:46.0733 8668 VaultSvc - ok
17:31:46.0735 8668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:31:46.0736 8668 vdrvroot - ok
17:31:46.0755 8668 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:31:46.0760 8668 vds - ok
17:31:46.0762 8668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:31:46.0763 8668 vga - ok
17:31:46.0769 8668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:31:46.0770 8668 VgaSave - ok
17:31:46.0771 8668 VGPU - ok
17:31:46.0782 8668 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:31:46.0784 8668 vhdmp - ok
17:31:46.0786 8668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:31:46.0786 8668 viaide - ok
17:31:46.0817 8668 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:31:46.0819 8668 vmbus - ok
17:31:46.0821 8668 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:31:46.0822 8668 VMBusHID - ok
17:31:46.0827 8668 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:31:46.0828 8668 volmgr - ok
17:31:46.0842 8668 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:31:46.0845 8668 volmgrx - ok
17:31:46.0856 8668 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:31:46.0859 8668 volsnap - ok
17:31:46.0878 8668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:31:46.0879 8668 vsmraid - ok
17:31:46.0899 8668 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:31:46.0912 8668 VSS - ok
17:31:46.0915 8668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:31:46.0915 8668 vwifibus - ok
17:31:46.0991 8668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:31:46.0995 8668 W32Time - ok
17:31:47.0003 8668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:31:47.0003 8668 WacomPen - ok
17:31:47.0025 8668 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:31:47.0026 8668 WANARP - ok
17:31:47.0034 8668 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:31:47.0034 8668 Wanarpv6 - ok
17:31:47.0064 8668 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:31:47.0103 8668 WatAdminSvc - ok
17:31:47.0126 8668 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:31:47.0138 8668 wbengine - ok
17:31:47.0142 8668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:31:47.0145 8668 WbioSrvc - ok
17:31:47.0157 8668 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:31:47.0161 8668 wcncsvc - ok
17:31:47.0163 8668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:31:47.0165 8668 WcsPlugInService - ok
17:31:47.0167 8668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:31:47.0167 8668 Wd - ok
17:31:47.0183 8668 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:31:47.0188 8668 Wdf01000 - ok
17:31:47.0190 8668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:31:47.0192 8668 WdiServiceHost - ok
17:31:47.0194 8668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:31:47.0195 8668 WdiSystemHost - ok
17:31:47.0211 8668 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:31:47.0214 8668 WebClient - ok
17:31:47.0218 8668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:31:47.0221 8668 Wecsvc - ok
17:31:47.0223 8668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:31:47.0225 8668 wercplsupport - ok
17:31:47.0233 8668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:31:47.0234 8668 WerSvc - ok
17:31:47.0244 8668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:31:47.0245 8668 WfpLwf - ok
17:31:47.0251 8668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:31:47.0252 8668 WIMMount - ok
17:31:47.0265 8668 WinDefend - ok
17:31:47.0319 8668 [ 97C7F30787A30CFA760B0247631A5463 ] WindowBlinds C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe
17:31:47.0320 8668 WindowBlinds - ok
17:31:47.0360 8668 [ F8265DC5B3F30879030F12FEFE113F45 ] WindowFX C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe
17:31:47.0360 8668 WindowFX - ok
17:31:47.0364 8668 WinHttpAutoProxySvc - ok
17:31:47.0415 8668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:31:47.0418 8668 Winmgmt - ok
17:31:47.0451 8668 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:31:47.0475 8668 WinRM - ok
17:31:47.0502 8668 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:31:47.0503 8668 WinUsb - ok
17:31:47.0511 8668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:31:47.0519 8668 Wlansvc - ok
17:31:47.0586 8668 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:31:47.0593 8668 wlidsvc - ok
17:31:47.0611 8668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:31:47.0612 8668 WmiAcpi - ok
17:31:47.0631 8668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:31:47.0640 8668 wmiApSrv - ok
17:31:47.0648 8668 WMPNetworkSvc - ok
17:31:47.0652 8668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:31:47.0654 8668 WPCSvc - ok
17:31:47.0661 8668 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:31:47.0663 8668 WPDBusEnum - ok
17:31:47.0665 8668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:31:47.0666 8668 ws2ifsl - ok
17:31:47.0668 8668 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:31:47.0670 8668 wscsvc - ok
17:31:47.0672 8668 WSearch - ok
17:31:47.0723 8668 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:31:47.0760 8668 wuauserv - ok
17:31:47.0790 8668 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:31:47.0792 8668 WudfPf - ok
17:31:47.0819 8668 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:31:47.0820 8668 WUDFRd - ok
17:31:47.0838 8668 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:31:47.0839 8668 wudfsvc - ok
17:31:47.0843 8668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:31:47.0846 8668 WwanSvc - ok
17:31:47.0876 8668 [ 38F55D07B1D3391065C40EC065F984E2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
17:31:47.0877 8668 xusb21 - ok
17:31:47.0917 8668 ================ Scan global ===============================
17:31:47.0932 8668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:31:47.0945 8668 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:31:47.0950 8668 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:31:47.0967 8668 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:31:47.0986 8668 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:31:47.0988 8668 [Global] - ok
17:31:47.0988 8668 ================ Scan MBR ==================================
17:31:47.0997 8668 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:31:48.0189 8668 \Device\Harddisk0\DR0 - ok
17:31:48.0189 8668 ================ Scan VBR ==================================
17:31:48.0191 8668 [ 11D05DF439CEB16CDF67760CEAE7C5F1 ] \Device\Harddisk0\DR0\Partition1
17:31:48.0192 8668 \Device\Harddisk0\DR0\Partition1 - ok
17:31:48.0222 8668 [ B1D839D5571A335776EE2C7FCF4E861E ] \Device\Harddisk0\DR0\Partition2
17:31:48.0223 8668 \Device\Harddisk0\DR0\Partition2 - ok
17:31:48.0223 8668 ============================================================
17:31:48.0223 8668 Scan finished
17:31:48.0223 8668 ============================================================
17:31:48.0228 7864 Detected object count: 0
17:31:48.0228 7864 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-18 17:33:13
-----------------------------
17:33:13.183 OS Version: Windows x64 6.1.7601 Service Pack 1
17:33:13.183 Number of processors: 12 586 0x2C02
17:33:13.183 ComputerName: CRAZYCUSTOMPC UserName:
17:33:14.514 Initialize success
17:33:53.455 AVAST engine defs: 12101802
17:33:57.778 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
17:33:57.779 Disk 0 Vendor: WDC_WD6000HLHX-01JJPV0 04.05G04 Size: 572325MB BusType: 3
17:33:57.794 Disk 0 MBR read successfully
17:33:57.795 Disk 0 MBR scan
17:33:57.798 Disk 0 Windows 7 default MBR code
17:33:57.801 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:33:57.809 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 572223 MB offset 206848
17:33:57.818 Disk 0 scanning C:\Windows\system32\drivers
17:34:07.131 Service scanning
17:34:23.887 Modules scanning
17:34:23.891 Disk 0 trace - called modules:
17:34:23.903 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:34:23.906 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae10790]
17:34:23.909 3 CLASSPNP.SYS[fffff8800186f43f] -> nt!IofCallDriver -> [0xfffffa800ac00520]
17:34:23.911 5 ACPI.sys[fffff88000f0c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800abf2060]
17:34:25.175 AVAST engine scan C:\Windows
17:34:27.675 AVAST engine scan C:\Windows\system32
17:36:33.375 AVAST engine scan C:\Windows\system32\drivers
17:36:43.701 AVAST engine scan C:\Users\SomeCrazyStuff
17:41:13.935 AVAST engine scan C:\ProgramData
17:42:47.570 Scan finished successfully
17:43:50.152 Disk 0 MBR has been saved successfully to "C:\Users\SomeCrazyStuff\Desktop\MBR.dat"
17:43:50.155 The log file has been saved successfully to "C:\Users\SomeCrazyStuff\Desktop\aswMBR.txt"
  • 0

#8
gringo_pr
Posted 18 October 2012 - 05:55 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#9
13o13
Posted 19 October 2012 - 10:50 AM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
applications still drag when launching. I had a thought that it may be a USB hub that I believe is going out, but I unplugged it and still have slow launches. I am wondering if it about time to move to software support. your thoughts?

ComboFix 12-10-19.01 - SomeCrazyStuff 10/19/2012 11:24:23.2.12 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.12279.6056 [GMT -5:00]
Running from: C:\Users\SomeCrazyStuff\Desktop\ComboFix.exe
Command switches used :: C:\Users\SomeCrazyStuff\Desktop\UDBD\CFScript.txt
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\SOMECR~1\AppData\Local\Temp\101Awrd.~lk\2567fspext.dll
C:\Users\SOMECR~1\AppData\Local\Temp\101Awrd.~lk\4902fspext.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\101Awrd.~lk\2567fspext.dll
C:\Users\SomeCrazyStuff\AppData\Local\Temp\101Awrd.~lk\4902fspext.dll


((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
  • 0

#10
gringo_pr
Posted 19 October 2012 - 10:59 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I still have some more things to do so give it a couple more posts

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

Advertisements

#11
13o13
Posted 19 October 2012 - 11:08 AM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Age of Conan - Hyborian Adventures
Agilis Configuration Utility
Agilis Log Viewer
Agilis Power Logger
AI Suite
amBX Illuminate 1.0.2
amBX Saitek HAL 1.0.0
amBX System 1.1.4.0
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ASUSUpdate
AviSynth 2.5
Bigasoft Audio Converter 3.5.2.4281
BlackBerry Desktop Software 7.0
Blacklight: Retribution
Browser Configuration Utility
Business Contact Manager for Microsoft Outlook 2010
Button Manager
C9
Curse Client
CyberLink BD Advisor 2.0
CyberLink Blu-ray Disc Suite
CyberLink InstantBurn
CyberLink LabelPrint
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDVD 9
CyberLink PowerProducer
D3DX10
Dark Souls: Prepare to Die Edition
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DELTA Advanced Sound Editor
DeskScapes
DesktopX
Diablo III
Diebold Technical Publications
Dota 2
Evernote v. 4.5.7
Everything 1.2.1.371
EVGA Precision 2.0.2
Fences
Fences Pro
ffdshow [rev 2527] [2008-12-19]
Flyff
Google Chrome
Google Earth Plug-in
Google Update Helper
HP Deskjet 2050 J510 series Help
HP Photo Creations
HP Webcam User's Guide
IconDeveloper
Java Auto Updater
Java™ 6 Update 33
Kaspersky Internet Security 2012
Keyboard Launchpad
LeapFrog Connect
LeapFrog Tag Junior Plugin
LightScribe System Software
LogMeIn
M.M.O.7 Update Tool
Malwarebytes Anti-Malware version 1.65.0.1400
marvell 91xx driver
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
Mindjet MindManager 2012
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 16.0.1 (x86 en-US)
MSVCRT
MyTomTom 3.1.0.530
NCsoft Launcher
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
ObjectDock Plus
OpenOffice.org 3.3
Pando Media Booster
PC Probe II
PHOTOfunSTUDIO 5.0
Process Lasso
PunkBuster Services
QuickTime
Rainlendar2 (remove only)
Rainmeter
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Resource Hacker Version 3.6.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Sid Meier's Civilization V
SkinStudio 7
Sniper Elite V2
SoundPackager
Spec Ops: The Line
Spore
Spore: Creepy & Cute Parts Pack
Spore: Galactic Adventures
SpywareBlaster 4.6
Sql Server Customer Experience Improvement Program
Square Enix Secure Launcher
Star Wars: The Old Republic
Steam
Symphony
Theme Manager
Tiles
Tom Clancy's H.A.W.X. 2
Tower Wars
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wlaiper
TurboTax 2011 wmsiper
TurboTax 2011 wrapper
TurboV EVO
Tweak7
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
Videora iPhone 3GS Converter 6
Visual Studio C++ 10.0 Runtime
WindowBlinds
WindowFX
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WModem Driver Installer
World of Warcraft
XBMC
XP500 Advanced Sound Editor
  • 0

#12
13o13
Posted 19 October 2012 - 11:10 AM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I am running late getting back to work from lunch break. I apologize but any further reports will have to come later tonight. Hopefully I will be available again at about 1700Central. Thanks for your help and the quick replies!
  • 0

#13
gringo_pr
Posted 19 October 2012 - 11:19 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 33 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#14
13o13
Posted 20 October 2012 - 01:51 PM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:48:13 PM, on 10/20/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\EVGA Precision\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\amBX\Gaming FXGen\win32\amBXFxGen.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe
C:\Program Files\amBX\Effects\amBX Event Manager.exe
C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Keys.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files (x86)\Everything\Everything.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\SomeCrazyStuff\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DesktopX] "C:\Program Files (x86)\Stardock\Object Desktop\DesktopX\DesktopX Builder.exe" -noui
O4 - HKUS\S-1-5-21-543706644-1416270174-1080986977-1009\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-543706644-1416270174-1080986977-1009\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Stardock Keyboard Launchpad.lnk = C:\Program Files (x86)\Stardock\Object Desktop\Keyboard Launchpad\Keys.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock Plus\ObjectDock.exe
O4 - Global Startup: amBX Effects.lnk = C:\Program Files\amBX\Effects\amBX Event Manager.exe
O4 - Global Startup: amBX Illuminate.lnk = C:\Program Files (x86)\amBX\Illuminate\Illuminate.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send Image To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/201
O8 - Extra context menu item: Send Link To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/203
O8 - Extra context menu item: Send Page To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/204
O8 - Extra context menu item: Send Text To MindManager - res://C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll/202
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://remote.taste...t.com/XTSAC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{100FC43F-32A5-4A1A-93D6-7E60C9472227}: NameServer = 4.2.2.5,4.2.2.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0CD13B-6463-47AD-93E0-8E342C256F74}: NameServer = 10.0.0.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: amBX Saitek HAL Service - Unknown owner - C:\Program Files (x86)\amBX\amBX Saitek HAL\amBX_HAL_x86.exe
O23 - Service: amBX Service - amBX - C:\Program Files (x86)\amBX\System\amBX_Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe
O23 - Service: Stardock WindowFX (WindowFX) - Stardock Corporation - C:\Program Files (x86)\Stardock\Object Desktop\WindowFX4\WindowFXSRV.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18061 bytes



Malwarebytes Anti-Malware (PRO) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SomeCrazyStuff :: CRAZYCUSTOMPC [administrator]

Protection: Disabled

10/20/2012 2:50:44 PM
mbam-log-2012-10-20 (14-50-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253888
Time elapsed: 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#15
13o13
Posted 20 October 2012 - 01:53 PM

13o13

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
applications are somewhat more responsive. Malwarebytes launched much more quickly than before. Actually, It is launching almost instantly. Did one of those scans clean up something?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP