Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspision of Malware/Trojan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suspision of Malware/Trojan

Unread postby maximusdowns » August 11th, 2012, 2:38 am

Gary,

Please find below the print out of the OTL Txt log:

OTL logfile created on: 8/10/2012 11:25:37 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Max Downs\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

13.99 Gb Total Physical Memory | 11.79 Gb Available Physical Memory | 84.28% Memory free
27.98 Gb Paging File | 25.42 Gb Available in Paging File | 90.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 391.57 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.28 Gb Total Space | 29.62 Gb Free Space | 3.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 63.50 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive H: | 3.73 Gb Total Space | 3.51 Gb Free Space | 94.08% Space Free | Partition Type: FAT32

Computer Name: MAXDOWNS-PC | User Name: Max Downs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 23:15:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Max Downs\Desktop\OTL.exe
PRC - [2012/07/11 19:56:27 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/11 19:56:26 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/10 17:44:06 | 001,919,504 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
PRC - [2012/01/03 13:34:16 | 000,502,288 | ---- | M] (MSI) -- C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
PRC - [2011/12/23 13:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
PRC - [2011/12/23 13:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files (x86)\Iminent\Iminent.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/03/22 11:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/03/22 01:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/29 21:20:28 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2010/11/20 05:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/15 04:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010/05/14 15:24:24 | 000,517,440 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-552 revA\wirelesscm.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/11 19:56:27 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/11 19:56:26 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/06/14 19:27:36 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/14 18:47:27 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\498d2033c60fe5b777cf923b71b25972\System.Configuration.Install.ni.dll
MOD - [2012/06/14 18:47:21 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/14 18:47:20 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/14 18:47:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/14 18:46:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 18:46:54 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/14 18:46:51 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/12 16:04:40 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/12 14:02:55 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/12 14:02:54 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/12 14:02:52 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/12 14:02:51 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/11 21:56:03 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 21:55:51 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/11 21:55:50 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/11 21:55:50 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/11 21:55:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 21:55:16 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 21:55:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 21:55:12 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 21:55:08 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/12/23 13:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files (x86)\Iminent\System.Data.SQLite.dll
MOD - [2011/12/23 13:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Workflow.dll
MOD - [2011/12/23 13:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Windows.dll
MOD - [2011/12/23 13:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Mediator.ActivePlayers.dll
MOD - [2011/12/23 13:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Services.dll
MOD - [2011/12/23 13:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files (x86)\Iminent\Iminent.Booster.UI.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/03 20:42:03 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/03/21 11:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 11:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/10/07 16:58:10 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-552 revA\WlanDll.dll
MOD - [2009/09/08 18:04:32 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-552 revA\WLanWps.dll
MOD - [2009/06/10 14:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 10:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/17 06:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/02/09 14:46:18 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\U2VSvr.exe -- (U2VSvr)
SRV - [2012/08/03 00:02:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 10:25:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/11 19:56:27 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/03 13:34:20 | 000,138,768 | ---- | M] (MSI) [Auto | Running] -- C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe -- (MSI_SuperCharger)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/03/22 01:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010/11/29 21:20:28 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2010/11/15 04:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 16:28:30 | 002,782,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/26 19:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe -- (jswpsapi)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/06/11 11:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 09:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 05:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/04/13 15:04:38 | 000,052,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/05 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/21 11:13:24 | 001,601,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 17:42:30 | 000,023,040 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\T1PExGrp64.sys -- (T1PExGrp64)
DRV:64bit: - [2009/05/12 17:42:12 | 000,024,576 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\T1PMrGrp64.sys -- (T1PMrGrp64)
DRV:64bit: - [2009/05/12 17:41:44 | 000,103,168 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\t1pusb64.sys -- (t1pusb64)
DRV:64bit: - [2008/05/15 03:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV - [2010/10/22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2010/05/10 10:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2010/01/18 10:36:44 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys -- (NTIOLib_1_0_3)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/09 15:45:24 | 000,103,168 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\T1PUsb64.sys -- (t1pusb64)
DRV - [2009/04/09 15:45:14 | 000,022,528 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\T1PExGrp64.sys -- (T1PExGrp64)
DRV - [2009/04/09 15:45:04 | 000,024,576 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\T1PMrGrp64.sys -- (T1PMrGrp64)
DRV - [2008/05/15 03:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 8A 28 F9 99 54 CC 01 [binary data]
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes\{5641D1DC-7C45-46bc-85D7-B4681CAA2275}: "URL" = http://www.google.com/cse?cx=partner-pu ... 6076927&q={searchTerms}
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B946786C-E8C1-4074-BCD4-0CAB22073B46}&mid=b7525e83495f47d686d76c65cfc15c26-af7af8604392ce02feb84d4bbca2db2778b7d175&lang=en&ds=AVG&pr=fr&d=2011-09-20 00:28:41&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes\{DA4F04F8-EF2D-404d-8257-790A48BEA76E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=MMBROWSV
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "Bing"
FF - prefs.js..browser.search.order.1: "Bing"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20110910&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Max Downs\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Max Downs\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 17:38:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/08/13 21:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/03/25 20:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/03/25 20:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 19:56:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012/03/15 18:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012/03/15 18:22:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012/03/15 18:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 10:25:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 16:08:01 | 000,000,000 | ---D | M]

[2011/03/24 13:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Extensions
[2012/06/21 20:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions
[2012/05/21 17:32:06 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2012/05/19 12:22:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/04/28 19:59:23 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012/06/21 20:25:11 | 000,000,000 | ---D | M] (LavaFox V2-Purple) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\zigboom555@aol.com
[2012/06/17 10:02:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/20 10:25:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/11 19:56:26 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/17 10:02:22 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012/06/17 10:02:22 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGACDF&install_date=20110910
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s,
CHR - homepage: http://www.msn.com/?pc=Z128&install_date=20110910
CHR - Extension: AT_MEcko = C:\Users\Max Downs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbdglekpmmdlmdfogflhiponnndbokpk\2_0\
CHR - Extension: DivX HiQ = C:\Users\Max Downs\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: AVG Safe Search = C:\Users\Max Downs\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Max Downs\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/08/10 23:19:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Util] C:\Windows\SysNative\Util.exe ()
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe (MSI)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - Startup: C:\Users\Max Downs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02C1A0CD-0C1A-46FB-84C3-00C04C26B9BB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DCCB539-FE89-42D4-85E8-DEB80F8A3978}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/02 14:42:35 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 23:23:51 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\Documents\OTL
[2012/08/10 23:17:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/10 23:15:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Max Downs\Desktop\OTL.exe
[2012/08/10 17:16:15 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\Documents\ESET
[2012/08/10 12:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/10 12:05:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Max Downs\Desktop\esetsmartinstaller_enu.exe
[2012/08/10 11:59:15 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\Documents\MBAM
[2012/08/10 11:49:14 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\AppData\Roaming\Malwarebytes
[2012/08/10 11:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/10 11:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/10 11:49:10 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/10 11:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/09 16:42:20 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Max Downs\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/09 14:20:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/09 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\AppData\Roaming\Ytuvb
[2012/08/09 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\AppData\Roaming\Hina
[2012/08/09 14:11:48 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\AppData\Roaming\Fomi
[2012/08/09 10:49:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/09 10:21:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/09 10:21:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/09 10:21:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/09 10:20:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/09 10:20:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/09 10:18:59 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Max Downs\Desktop\ComboFix.exe
[2012/08/08 17:57:54 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/04 13:01:30 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\Documents\DDS
[2012/08/03 12:29:02 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/08/03 12:29:02 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2012/08/03 11:57:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/28 12:38:08 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\AppData\Roaming\Dyid
[2012/07/24 18:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/16 16:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/07/16 16:07:47 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/12 03:00:56 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:00:56 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:00:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:00:55 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:00:55 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:00:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:00:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:00:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:00:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:00:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:00:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:00:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/12 03:00:53 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

========== Files - Modified Within 30 Days ==========

[2012/08/10 23:28:46 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 23:28:46 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 23:21:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 23:20:54 | 2677,362,686 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 23:19:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/10 23:15:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Max Downs\Desktop\OTL.exe
[2012/08/10 23:11:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1589778325-2484264928-3345457988-1000UA.job
[2012/08/10 22:56:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/10 19:11:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1589778325-2484264928-3345457988-1000Core.job
[2012/08/10 17:45:15 | 103,556,711 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/10 12:11:37 | 000,002,476 | ---- | M] () -- C:\Users\Max Downs\Desktop\Google Chrome.lnk
[2012/08/10 12:05:31 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Max Downs\Desktop\esetsmartinstaller_enu.exe
[2012/08/10 11:49:12 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 16:42:22 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Max Downs\Desktop\mbam-setup-1.62.0.1300.exe
[2012/08/09 10:19:07 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Max Downs\Desktop\ComboFix.exe
[2012/08/05 18:04:03 | 000,440,477 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/03 00:02:04 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 00:02:04 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/31 10:39:48 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/07/24 18:14:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/16 16:08:02 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/12 03:20:25 | 000,294,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/08/10 11:49:12 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 10:21:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/09 10:21:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/09 10:21:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/09 10:21:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/09 10:21:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/31 10:38:48 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/07/24 18:14:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/16 16:08:02 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/16 16:08:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/04/05 18:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/05 18:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/03/15 18:23:42 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/20 00:20:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/01/20 00:20:59 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/01/20 00:20:59 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/01/20 00:20:59 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/01/20 00:20:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/01/20 00:20:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/01/20 00:20:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/01/20 00:20:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/01/20 00:20:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/01/20 00:20:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/01/20 00:20:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/01/20 00:20:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/01/20 00:20:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/01/20 00:20:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/01/20 00:20:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/01/20 00:20:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/24 18:25:31 | 000,430,080 | ---- | C] () -- C:\Windows\SysWow64\UDLL.dll
[2011/03/24 18:25:31 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\t1psvr.dll
[2011/03/24 18:25:31 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\t1psvr.exe
[2011/03/24 18:25:31 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\T1PDisp.exe
[2011/03/24 18:25:31 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\mctudll.dll
[2011/03/24 18:25:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\T1PSvrUtil.exe
[2011/03/22 18:11:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/09/20 00:27:51 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\AVG2012
[2012/07/28 12:38:22 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Dyid
[2012/08/09 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Fomi
[2012/08/09 14:11:48 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Hina
[2012/04/28 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Iminent
[2011/03/24 13:25:21 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Leadertech
[2012/04/28 19:53:31 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\OpenCandy
[2011/04/03 20:43:49 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\OpenOffice.org
[2012/03/15 18:21:36 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Splashtop
[2012/08/07 01:26:29 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\uTorrent
[2012/08/09 14:12:09 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Ytuvb
[2012/06/02 15:17:29 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Very respectfully,
Max
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm
Advertisement
Register to Remove

Re: Suspision of Malware/Trojan

Unread postby maximusdowns » August 11th, 2012, 2:39 am

Gary,

Please find the print out of the Extra.txt:

OTL Extras logfile created on: 8/10/2012 11:25:37 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Max Downs\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

13.99 Gb Total Physical Memory | 11.79 Gb Available Physical Memory | 84.28% Memory free
27.98 Gb Paging File | 25.42 Gb Available in Paging File | 90.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 391.57 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
Drive D: | 7.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 931.28 Gb Total Space | 29.62 Gb Free Space | 3.18% Space Free | Partition Type: FAT32
Drive G: | 931.51 Gb Total Space | 63.50 Gb Free Space | 6.82% Space Free | Partition Type: NTFS
Drive H: | 3.73 Gb Total Space | 3.51 Gb Free Space | 94.08% Space Free | Partition Type: FAT32

Computer Name: MAXDOWNS-PC | User Name: Max Downs | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{D66D2DB6-1980-459B-8933-48E03BD79D04}C:\program files (x86)\iminent\iminent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iminent\iminent.exe |
"UDP Query User{BCCB8188-DBE8-4B1E-9AD0-171150896992}C:\program files (x86)\iminent\iminent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iminent\iminent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{BABA4667-CF82-B330-A8E5-6E8A09B2D911}" = AMD Accelerated Video Transcoding
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish
"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional
"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek
"{46ED7863-473A-403D-9BAB-45E88A71F678}_is1" = ControlCenter
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD8E034-E0F4-4509-A753-467A8E854CD8}" = Iminent
"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish
"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-552
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.0159
"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai
"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch
"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian
"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian
"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish
"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard
"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English
"{FC54FD8D-789C-406D-BB88-F7C4421B7E83}_is1" = VideoGenie
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX Setup
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"IMBoosterARP" = Iminent
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"OpenAL" = OpenAL
"StarCraft II" = StarCraft II
"StartNow Toolbar" = StartNow Toolbar
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1589778325-2484264928-3345457988-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2012 11:21:33 PM | Computer Name = MaxDowns-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 998

Error - 8/9/2012 11:21:34 PM | Computer Name = MaxDowns-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/9/2012 11:21:34 PM | Computer Name = MaxDowns-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012

Error - 8/9/2012 11:21:34 PM | Computer Name = MaxDowns-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012

Error - 8/10/2012 3:05:50 PM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Max Downs\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/10/2012 3:06:57 PM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Max Downs\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/10/2012 3:07:11 PM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Max Downs\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/10/2012 3:07:11 PM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Max Downs\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/10/2012 8:17:16 PM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/11/2012 1:08:57 AM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/11/2012 1:10:12 AM | Computer Name = MaxDowns-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Users\max downs\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 8/9/2012 1:46:23 PM | Computer Name = MaxDowns-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 8/9/2012 4:55:13 PM | Computer Name = MaxDowns-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 8/9/2012 7:52:28 PM | Computer Name = MaxDowns-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.

Error - 8/10/2012 3:44:35 PM | Computer Name = MaxDowns-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 8/10/2012 5:17:16 PM | Computer Name = MaxDowns-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 8/10/2012 8:14:27 PM | Computer Name = MaxDowns-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{02C1A0CD-0C1A-46FB-84C3-00C04C26B9BB}
because another computer on the network has the same name. The server could not
start.

Error - 8/10/2012 8:45:21 PM | Computer Name = MaxDowns-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 8/11/2012 1:56:43 AM | Computer Name = MaxDowns-PC | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 8/11/2012 2:17:24 AM | Computer Name = MaxDowns-PC | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/11/2012 2:22:41 AM | Computer Name = MaxDowns-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgwd service.


< End of report >

Very respectfully,
Max
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Suspision of Malware/Trojan

Unread postby Gary R » August 11th, 2012, 10:46 am

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java(TM) 6 Update 22
Java(TM) 6 Update 32


Old versions of java can be used to compromise your computer.

Reboot your computer once they are both uninstalled

Now download and install JDK 7 Update 5 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1589778325-2484264928-3345457988-1000\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
[2012/04/28 19:59:23 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchTheWeb.xml
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O4 - HKLM..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe (Iminent)
O4 - HKLM..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe (Iminent)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_32)
[2012/07/28 12:38:08 | 000,000,000 | ---D | C] -- C:\Users\Max Downs\AppData\Roaming\Dyid
[2012/08/07 01:26:29 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\uTorrent
[2012/08/09 14:12:09 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Ytuvb
[2012/07/28 12:38:22 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Dyid
[2012/08/09 14:11:57 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Fomi
[2012/08/09 14:11:48 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Hina
[2012/04/28 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\Max Downs\AppData\Roaming\Iminent

:Files
C:\program files (x86)\iminent

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{D66D2DB6-1980-459B-8933-48E03BD79D04}C:\program files (x86)\iminent\iminent.exe"=-
"UDP Query User{BCCB8188-DBE8-4B1E-9AD0-171150896992}C:\program files (x86)\iminent\iminent.exe"=-

:Commands
[createrestorepoint]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • Latest OTL fix log
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Suspision of Malware/Trojan

Unread postby maximusdowns » August 11th, 2012, 1:41 pm

Gary,

Please see below the print out of the latest OTL Fix log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1589778325-2484264928-3345457988-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6 folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Mozilla\Firefox\Profiles\mcw9fu8j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchTheWeb.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.
C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent deleted successfully.
C:\Program Files (x86)\Iminent\Iminent.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger deleted successfully.
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Max Downs\AppData\Roaming\Dyid folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\uTorrent folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Ytuvb folder moved successfully.
Folder C:\Users\Max Downs\AppData\Roaming\Dyid\ not found.
C:\Users\Max Downs\AppData\Roaming\Fomi folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Hina folder moved successfully.
Folder move failed. C:\Users\Max Downs\AppData\Roaming\Iminent\Mediator\Datas scheduled to be moved on reboot.
Folder move failed. C:\Users\Max Downs\AppData\Roaming\Iminent\Mediator scheduled to be moved on reboot.
Folder move failed. C:\Users\Max Downs\AppData\Roaming\Iminent scheduled to be moved on reboot.
========== FILES ==========
C:\program files (x86)\Iminent\webbooster@iminent.com\defaults\preferences folder moved successfully.
C:\program files (x86)\Iminent\webbooster@iminent.com\defaults folder moved successfully.
C:\program files (x86)\Iminent\webbooster@iminent.com\components_20 folder moved successfully.
C:\program files (x86)\Iminent\webbooster@iminent.com\components folder moved successfully.
C:\program files (x86)\Iminent\webbooster@iminent.com\chrome\content folder moved successfully.
C:\program files (x86)\Iminent\webbooster@iminent.com\chrome folder moved successfully.
C:\program files (x86)\Iminent\webbooster@iminent.com folder moved successfully.
C:\program files (x86)\Iminent\tr folder moved successfully.
C:\program files (x86)\Iminent\ro folder moved successfully.
C:\program files (x86)\Iminent\it folder moved successfully.
C:\program files (x86)\Iminent\inst folder moved successfully.
C:\program files (x86)\Iminent\fr folder moved successfully.
C:\program files (x86)\Iminent\es folder moved successfully.
Folder move failed. C:\program files (x86)\Iminent\en scheduled to be moved on reboot.
C:\program files (x86)\Iminent\de folder moved successfully.
Folder move failed. C:\program files (x86)\Iminent scheduled to be moved on reboot.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D66D2DB6-1980-459B-8933-48E03BD79D04}C:\program files (x86)\iminent\iminent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BCCB8188-DBE8-4B1E-9AD0-171150896992}C:\program files (x86)\iminent\iminent.exe deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08112012_102715

Files\Folders moved on Reboot...
C:\Users\Max Downs\AppData\Roaming\Iminent\Mediator\Datas folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Iminent\Mediator folder moved successfully.
C:\Users\Max Downs\AppData\Roaming\Iminent folder moved successfully.
C:\program files (x86)\Iminent\en folder moved successfully.
C:\program files (x86)\Iminent folder moved successfully.

PendingFileRenameOperations files...
File C:\Users\Max Downs\AppData\Roaming\Iminent\Mediator\Datas not found!
File C:\Users\Max Downs\AppData\Roaming\Iminent\Mediator not found!
File C:\Users\Max Downs\AppData\Roaming\Iminent not found!
File C:\program files (x86)\Iminent\en not found!
File C:\program files (x86)\Iminent not found!

Registry entries deleted on Reboot...

My computer is no longer showing any of the symptoms that brought me here.

Very respectfully,
Max
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Suspision of Malware/Trojan

Unread postby Gary R » August 11th, 2012, 2:41 pm

OK, I want to run one last check before we finish ....

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • IF IT FINDS ANYTHING, DO NOT TRY TO FIX IT AT THIS POINT
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Suspision of Malware/Trojan

Unread postby maximusdowns » August 11th, 2012, 10:41 pm

Gary,

Please find below the print out off the TDSS Killer log:

19:37:01.0111 3168 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:37:01.0719 3168 ============================================================
19:37:01.0719 3168 Current date / time: 2012/08/11 19:37:01.0719
19:37:01.0719 3168 SystemInfo:
19:37:01.0719 3168
19:37:01.0719 3168 OS Version: 6.1.7601 ServicePack: 1.0
19:37:01.0719 3168 Product type: Workstation
19:37:01.0719 3168 ComputerName: MAXDOWNS-PC
19:37:01.0719 3168 UserName: Max Downs
19:37:01.0719 3168 Windows directory: C:\Windows
19:37:01.0719 3168 System windows directory: C:\Windows
19:37:01.0719 3168 Running under WOW64
19:37:01.0719 3168 Processor architecture: Intel x64
19:37:01.0719 3168 Number of processors: 8
19:37:01.0719 3168 Page size: 0x1000
19:37:01.0719 3168 Boot type: Normal boot
19:37:01.0719 3168 ============================================================
19:37:02.0818 3168 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:37:02.0825 3168 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:02.0828 3168 ============================================================
19:37:02.0828 3168 \Device\Harddisk0\DR0:
19:37:02.0828 3168 MBR partitions:
19:37:02.0828 3168 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:37:02.0828 3168 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
19:37:02.0828 3168 \Device\Harddisk1\DR1:
19:37:02.0829 3168 MBR partitions:
19:37:02.0829 3168 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x468, BlocksNum 0x777B98
19:37:02.0829 3168 ============================================================
19:37:02.0850 3168 C: <-> \Device\Harddisk0\DR0\Partition1
19:37:02.0850 3168 ============================================================
19:37:02.0850 3168 Initialize success
19:37:02.0850 3168 ============================================================
19:37:19.0821 5668 ============================================================
19:37:19.0821 5668 Scan started
19:37:19.0821 5668 Mode: Manual;
19:37:19.0821 5668 ============================================================
19:37:20.0601 5668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:37:20.0601 5668 1394ohci - ok
19:37:20.0632 5668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:37:20.0632 5668 ACPI - ok
19:37:20.0648 5668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:37:20.0663 5668 AcpiPmi - ok
19:37:20.0741 5668 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:37:20.0741 5668 AdobeARMservice - ok
19:37:20.0850 5668 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:37:20.0850 5668 AdobeFlashPlayerUpdateSvc - ok
19:37:20.0913 5668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:37:20.0913 5668 adp94xx - ok
19:37:20.0960 5668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:37:20.0960 5668 adpahci - ok
19:37:20.0975 5668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:37:20.0975 5668 adpu320 - ok
19:37:20.0991 5668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:37:20.0991 5668 AeLookupSvc - ok
19:37:21.0053 5668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:37:21.0053 5668 AFD - ok
19:37:21.0084 5668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:37:21.0100 5668 agp440 - ok
19:37:21.0116 5668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:37:21.0116 5668 ALG - ok
19:37:21.0131 5668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:37:21.0131 5668 aliide - ok
19:37:21.0194 5668 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe
19:37:21.0194 5668 AMD External Events Utility - ok
19:37:21.0194 5668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:37:21.0209 5668 amdide - ok
19:37:21.0240 5668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:37:21.0240 5668 AmdK8 - ok
19:37:21.0708 5668 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys
19:37:21.0818 5668 amdkmdag - ok
19:37:21.0942 5668 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys
19:37:21.0942 5668 amdkmdap - ok
19:37:21.0974 5668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:37:21.0974 5668 AmdPPM - ok
19:37:22.0005 5668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:37:22.0005 5668 amdsata - ok
19:37:22.0036 5668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:37:22.0036 5668 amdsbs - ok
19:37:22.0052 5668 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:37:22.0052 5668 amdxata - ok
19:37:22.0098 5668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:37:22.0098 5668 AppID - ok
19:37:22.0114 5668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:37:22.0114 5668 AppIDSvc - ok
19:37:22.0145 5668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:37:22.0145 5668 Appinfo - ok
19:37:22.0223 5668 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:37:22.0223 5668 Apple Mobile Device - ok
19:37:22.0301 5668 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
19:37:22.0301 5668 AppMgmt - ok
19:37:22.0332 5668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:37:22.0332 5668 arc - ok
19:37:22.0348 5668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:37:22.0348 5668 arcsas - ok
19:37:22.0379 5668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:22.0379 5668 AsyncMac - ok
19:37:22.0395 5668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:37:22.0395 5668 atapi - ok
19:37:22.0504 5668 athr (a1b725acd44984a7e181455babc20168) C:\Windows\system32\DRIVERS\athrx.sys
19:37:22.0520 5668 athr - ok
19:37:22.0629 5668 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
19:37:22.0629 5668 AtiHDAudioService - ok
19:37:22.0691 5668 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
19:37:22.0691 5668 AtiHdmiService - ok
19:37:22.0785 5668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:37:22.0785 5668 AudioEndpointBuilder - ok
19:37:22.0800 5668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:37:22.0800 5668 AudioSrv - ok
19:37:22.0956 5668 AVG Security Toolbar Service (080d4fe1435401a370f122614ea514cd) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
19:37:22.0972 5668 AVG Security Toolbar Service - ok
19:37:23.0206 5668 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:37:23.0237 5668 AVGIDSAgent - ok
19:37:23.0346 5668 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:37:23.0346 5668 AVGIDSDriver - ok
19:37:23.0378 5668 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:37:23.0378 5668 AVGIDSEH - ok
19:37:23.0393 5668 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:37:23.0393 5668 AVGIDSFilter - ok
19:37:23.0440 5668 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
19:37:23.0440 5668 Avgldx64 - ok
19:37:23.0456 5668 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:37:23.0456 5668 Avgmfx64 - ok
19:37:23.0487 5668 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:37:23.0487 5668 Avgrkx64 - ok
19:37:23.0534 5668 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
19:37:23.0549 5668 Avgtdia - ok
19:37:23.0612 5668 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:37:23.0612 5668 avgwd - ok
19:37:23.0658 5668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:37:23.0658 5668 AxInstSV - ok
19:37:23.0705 5668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:37:23.0721 5668 b06bdrv - ok
19:37:23.0752 5668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:37:23.0752 5668 b57nd60a - ok
19:37:23.0783 5668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:37:23.0783 5668 BDESVC - ok
19:37:23.0799 5668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:37:23.0799 5668 Beep - ok
19:37:23.0877 5668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:37:23.0877 5668 BFE - ok
19:37:23.0908 5668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:23.0924 5668 blbdrive - ok
19:37:24.0048 5668 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:37:24.0048 5668 Bonjour Service - ok
19:37:24.0111 5668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:37:24.0111 5668 bowser - ok
19:37:24.0126 5668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:37:24.0126 5668 BrFiltLo - ok
19:37:24.0142 5668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:37:24.0142 5668 BrFiltUp - ok
19:37:24.0173 5668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:37:24.0173 5668 BridgeMP - ok
19:37:24.0220 5668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:37:24.0220 5668 Browser - ok
19:37:24.0251 5668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:37:24.0251 5668 Brserid - ok
19:37:24.0267 5668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:24.0267 5668 BrSerWdm - ok
19:37:24.0267 5668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:24.0267 5668 BrUsbMdm - ok
19:37:24.0282 5668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:24.0282 5668 BrUsbSer - ok
19:37:24.0298 5668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:37:24.0298 5668 BTHMODEM - ok
19:37:24.0314 5668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:37:24.0329 5668 bthserv - ok
19:37:24.0329 5668 catchme - ok
19:37:24.0376 5668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:24.0376 5668 cdfs - ok
19:37:24.0423 5668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:37:24.0423 5668 cdrom - ok
19:37:24.0454 5668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:37:24.0454 5668 CertPropSvc - ok
19:37:24.0470 5668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:37:24.0470 5668 circlass - ok
19:37:24.0501 5668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:37:24.0516 5668 CLFS - ok
19:37:24.0579 5668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:37:24.0579 5668 clr_optimization_v2.0.50727_32 - ok
19:37:24.0610 5668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:37:24.0610 5668 clr_optimization_v2.0.50727_64 - ok
19:37:24.0688 5668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:37:24.0688 5668 clr_optimization_v4.0.30319_32 - ok
19:37:24.0719 5668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:37:24.0719 5668 clr_optimization_v4.0.30319_64 - ok
19:37:24.0750 5668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:37:24.0750 5668 CmBatt - ok
19:37:24.0782 5668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:37:24.0782 5668 cmdide - ok
19:37:24.0844 5668 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
19:37:24.0844 5668 CNG - ok
19:37:24.0860 5668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:37:24.0860 5668 Compbatt - ok
19:37:24.0875 5668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:37:24.0875 5668 CompositeBus - ok
19:37:24.0875 5668 COMSysApp - ok
19:37:24.0891 5668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:37:24.0891 5668 crcdisk - ok
19:37:24.0953 5668 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
19:37:24.0953 5668 CryptSvc - ok
19:37:25.0016 5668 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:37:25.0016 5668 CSC - ok
19:37:25.0062 5668 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
19:37:25.0062 5668 CscService - ok
19:37:25.0140 5668 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
19:37:25.0140 5668 dc3d - ok
19:37:25.0187 5668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:37:25.0203 5668 DcomLaunch - ok
19:37:25.0234 5668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:37:25.0234 5668 defragsvc - ok
19:37:25.0265 5668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:37:25.0265 5668 DfsC - ok
19:37:25.0312 5668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:37:25.0328 5668 Dhcp - ok
19:37:25.0343 5668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:37:25.0343 5668 discache - ok
19:37:25.0359 5668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:37:25.0359 5668 Disk - ok
19:37:25.0406 5668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:37:25.0406 5668 Dnscache - ok
19:37:25.0452 5668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:37:25.0452 5668 dot3svc - ok
19:37:25.0499 5668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:37:25.0499 5668 DPS - ok
19:37:25.0530 5668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:37:25.0530 5668 drmkaud - ok
19:37:25.0608 5668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:25.0624 5668 DXGKrnl - ok
19:37:25.0655 5668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:37:25.0655 5668 EapHost - ok
19:37:25.0796 5668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:37:25.0811 5668 ebdrv - ok
19:37:25.0905 5668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:37:25.0920 5668 EFS - ok
19:37:25.0998 5668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:37:25.0998 5668 ehRecvr - ok
19:37:26.0030 5668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:37:26.0030 5668 ehSched - ok
19:37:26.0108 5668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:37:26.0108 5668 elxstor - ok
19:37:26.0186 5668 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
19:37:26.0186 5668 EPSON_PM_RPCV4_01 - ok
19:37:26.0217 5668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:37:26.0217 5668 ErrDev - ok
19:37:26.0264 5668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:37:26.0279 5668 EventSystem - ok
19:37:26.0295 5668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:37:26.0295 5668 exfat - ok
19:37:26.0310 5668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:37:26.0310 5668 fastfat - ok
19:37:26.0388 5668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:37:26.0388 5668 Fax - ok
19:37:26.0420 5668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:37:26.0420 5668 fdc - ok
19:37:26.0420 5668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:37:26.0435 5668 fdPHost - ok
19:37:26.0435 5668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:37:26.0435 5668 FDResPub - ok
19:37:26.0466 5668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:37:26.0466 5668 FileInfo - ok
19:37:26.0482 5668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:37:26.0482 5668 Filetrace - ok
19:37:26.0482 5668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:26.0482 5668 flpydisk - ok
19:37:26.0529 5668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:37:26.0529 5668 FltMgr - ok
19:37:26.0622 5668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:37:26.0622 5668 FontCache - ok
19:37:26.0716 5668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:37:26.0716 5668 FontCache3.0.0.0 - ok
19:37:26.0747 5668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:37:26.0747 5668 FsDepends - ok
19:37:26.0794 5668 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:26.0794 5668 Fs_Rec - ok
19:37:26.0841 5668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:37:26.0841 5668 fvevol - ok
19:37:26.0856 5668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:37:26.0856 5668 gagp30kx - ok
19:37:26.0888 5668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:26.0888 5668 GEARAspiWDM - ok
19:37:26.0934 5668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:37:26.0950 5668 gpsvc - ok
19:37:26.0966 5668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:37:26.0966 5668 hcw85cir - ok
19:37:27.0012 5668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:37:27.0012 5668 HdAudAddService - ok
19:37:27.0044 5668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:37:27.0044 5668 HDAudBus - ok
19:37:27.0059 5668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:37:27.0059 5668 HidBatt - ok
19:37:27.0075 5668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:37:27.0075 5668 HidBth - ok
19:37:27.0090 5668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:37:27.0106 5668 HidIr - ok
19:37:27.0122 5668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:37:27.0122 5668 hidserv - ok
19:37:27.0168 5668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:27.0168 5668 HidUsb - ok
19:37:27.0200 5668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:37:27.0200 5668 hkmsvc - ok
19:37:27.0246 5668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:37:27.0246 5668 HomeGroupListener - ok
19:37:27.0293 5668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:37:27.0293 5668 HomeGroupProvider - ok
19:37:27.0324 5668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:37:27.0324 5668 HpSAMD - ok
19:37:27.0387 5668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:37:27.0402 5668 HTTP - ok
19:37:27.0449 5668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:37:27.0449 5668 hwpolicy - ok
19:37:27.0449 5668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:37:27.0449 5668 i8042prt - ok
19:37:27.0512 5668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:37:27.0512 5668 iaStorV - ok
19:37:27.0636 5668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:37:27.0636 5668 idsvc - ok
19:37:27.0668 5668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:37:27.0668 5668 iirsp - ok
19:37:27.0746 5668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:37:27.0746 5668 IKEEXT - ok
19:37:27.0995 5668 IntcAzAudAddService (059dddedbe5701dc3b779d32798108ac) C:\Windows\system32\drivers\RTKVHD64.sys
19:37:28.0011 5668 IntcAzAudAddService - ok
19:37:28.0120 5668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:37:28.0120 5668 intelide - ok
19:37:28.0151 5668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:28.0151 5668 intelppm - ok
19:37:28.0182 5668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:37:28.0182 5668 IPBusEnum - ok
19:37:28.0214 5668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:28.0214 5668 IpFilterDriver - ok
19:37:28.0276 5668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:37:28.0276 5668 iphlpsvc - ok
19:37:28.0292 5668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:37:28.0292 5668 IPMIDRV - ok
19:37:28.0323 5668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:37:28.0323 5668 IPNAT - ok
19:37:28.0448 5668 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
19:37:28.0448 5668 iPod Service - ok
19:37:28.0479 5668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:37:28.0479 5668 IRENUM - ok
19:37:28.0526 5668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:37:28.0526 5668 isapnp - ok
19:37:28.0557 5668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:37:28.0557 5668 iScsiPrt - ok
19:37:28.0635 5668 jswpsapi (cd9f4e53da79ed4cd7562604fe9523a6) C:\Program Files (x86)\D-Link\DWA-552 revA\jswpsapi.exe
19:37:28.0635 5668 jswpsapi - ok
19:37:28.0650 5668 JSWPSLWF (5be640e88814b77a9e84b4549b5dcc2c) C:\Windows\system32\DRIVERS\jswpslwfx.sys
19:37:28.0650 5668 JSWPSLWF - ok
19:37:28.0666 5668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:28.0666 5668 kbdclass - ok
19:37:28.0682 5668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:28.0682 5668 kbdhid - ok
19:37:28.0728 5668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:28.0728 5668 KeyIso - ok
19:37:28.0760 5668 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
19:37:28.0760 5668 KSecDD - ok
19:37:28.0775 5668 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
19:37:28.0775 5668 KSecPkg - ok
19:37:28.0806 5668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:37:28.0806 5668 ksthunk - ok
19:37:28.0838 5668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:37:28.0853 5668 KtmRm - ok
19:37:28.0900 5668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:37:28.0900 5668 LanmanServer - ok
19:37:28.0947 5668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:37:28.0947 5668 LanmanWorkstation - ok
19:37:28.0978 5668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:28.0978 5668 lltdio - ok
19:37:29.0009 5668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:37:29.0025 5668 lltdsvc - ok
19:37:29.0040 5668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:37:29.0040 5668 lmhosts - ok
19:37:29.0072 5668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:37:29.0072 5668 LSI_FC - ok
19:37:29.0087 5668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:37:29.0087 5668 LSI_SAS - ok
19:37:29.0103 5668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:37:29.0103 5668 LSI_SAS2 - ok
19:37:29.0118 5668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:37:29.0118 5668 LSI_SCSI - ok
19:37:29.0134 5668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:37:29.0134 5668 luafv - ok
19:37:29.0196 5668 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:37:29.0196 5668 MBAMProtector - ok
19:37:29.0290 5668 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:37:29.0306 5668 MBAMService - ok
19:37:29.0337 5668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:37:29.0337 5668 Mcx2Svc - ok
19:37:29.0352 5668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:37:29.0352 5668 megasas - ok
19:37:29.0384 5668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:37:29.0384 5668 MegaSR - ok
19:37:29.0415 5668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:37:29.0415 5668 MMCSS - ok
19:37:29.0430 5668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:37:29.0430 5668 Modem - ok
19:37:29.0462 5668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:37:29.0462 5668 monitor - ok
19:37:29.0462 5668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:29.0462 5668 mouclass - ok
19:37:29.0493 5668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:29.0493 5668 mouhid - ok
19:37:29.0524 5668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:37:29.0524 5668 mountmgr - ok
19:37:29.0633 5668 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:37:29.0633 5668 MozillaMaintenance - ok
19:37:29.0664 5668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:37:29.0664 5668 mpio - ok
19:37:29.0696 5668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:37:29.0696 5668 mpsdrv - ok
19:37:29.0774 5668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:37:29.0789 5668 MpsSvc - ok
19:37:29.0820 5668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:37:29.0820 5668 MRxDAV - ok
19:37:29.0867 5668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:29.0867 5668 mrxsmb - ok
19:37:29.0914 5668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:29.0914 5668 mrxsmb10 - ok
19:37:29.0930 5668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:29.0930 5668 mrxsmb20 - ok
19:37:29.0961 5668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:37:29.0961 5668 msahci - ok
19:37:29.0992 5668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:37:29.0992 5668 msdsm - ok
19:37:30.0023 5668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:37:30.0023 5668 MSDTC - ok
19:37:30.0039 5668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:37:30.0054 5668 Msfs - ok
19:37:30.0054 5668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:37:30.0070 5668 mshidkmdf - ok
19:37:30.0070 5668 MSICDSetup - ok
19:37:30.0086 5668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:37:30.0086 5668 msisadrv - ok
19:37:30.0117 5668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:37:30.0117 5668 MSiSCSI - ok
19:37:30.0117 5668 msiserver - ok
19:37:30.0164 5668 MSI_MSIBIOS_010507 - ok
19:37:30.0226 5668 MSI_SuperCharger (c72adf8436182e12b1b7e04390ce4c5b) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
19:37:30.0226 5668 MSI_SuperCharger - ok
19:37:30.0242 5668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:30.0242 5668 MSKSSRV - ok
19:37:30.0273 5668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:30.0288 5668 MSPCLOCK - ok
19:37:30.0320 5668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:37:30.0320 5668 MSPQM - ok
19:37:30.0366 5668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:37:30.0366 5668 MsRPC - ok
19:37:30.0398 5668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:37:30.0398 5668 mssmbios - ok
19:37:30.0413 5668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:37:30.0413 5668 MSTEE - ok
19:37:30.0429 5668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:37:30.0429 5668 MTConfig - ok
19:37:30.0444 5668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:37:30.0444 5668 Mup - ok
19:37:30.0491 5668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:37:30.0507 5668 napagent - ok
19:37:30.0554 5668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:30.0569 5668 NativeWifiP - ok
19:37:30.0632 5668 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:37:30.0632 5668 NDIS - ok
19:37:30.0647 5668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:30.0647 5668 NdisCap - ok
19:37:30.0678 5668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:30.0678 5668 NdisTapi - ok
19:37:30.0710 5668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:30.0710 5668 Ndisuio - ok
19:37:30.0741 5668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:30.0741 5668 NdisWan - ok
19:37:30.0772 5668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:37:30.0772 5668 NDProxy - ok
19:37:30.0803 5668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:37:30.0803 5668 NetBIOS - ok
19:37:30.0850 5668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:37:30.0850 5668 NetBT - ok
19:37:30.0881 5668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:30.0881 5668 Netlogon - ok
19:37:30.0928 5668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:37:30.0928 5668 Netman - ok
19:37:30.0959 5668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:37:30.0959 5668 netprofm - ok
19:37:31.0022 5668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:31.0022 5668 NetTcpPortSharing - ok
19:37:31.0053 5668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:37:31.0053 5668 nfrd960 - ok
19:37:31.0380 5668 NIHardwareService (503c365aa11a0e42a110a6c20632a1e8) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
19:37:31.0427 5668 NIHardwareService - ok
19:37:31.0536 5668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:37:31.0552 5668 NlaSvc - ok
19:37:31.0568 5668 NOBU - ok
19:37:31.0599 5668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:37:31.0599 5668 Npfs - ok
19:37:31.0614 5668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:37:31.0614 5668 nsi - ok
19:37:31.0630 5668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:37:31.0630 5668 nsiproxy - ok
19:37:31.0739 5668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:37:31.0755 5668 Ntfs - ok
19:37:31.0802 5668 NTIOLib_1_0_3 (3f39f013168428c8e505a7b9e6cba8a2) C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys
19:37:31.0802 5668 NTIOLib_1_0_3 - ok
19:37:31.0817 5668 NTIOLib_1_0_4 - ok
19:37:31.0926 5668 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:37:31.0926 5668 NuidFltr - ok
19:37:31.0942 5668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:37:31.0958 5668 Null - ok
19:37:31.0989 5668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:37:31.0989 5668 nvraid - ok
19:37:32.0004 5668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:37:32.0004 5668 nvstor - ok
19:37:32.0051 5668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:37:32.0051 5668 nv_agp - ok
19:37:32.0067 5668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:37:32.0067 5668 ohci1394 - ok
19:37:32.0098 5668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:37:32.0114 5668 p2pimsvc - ok
19:37:32.0145 5668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:37:32.0145 5668 p2psvc - ok
19:37:32.0160 5668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:37:32.0176 5668 Parport - ok
19:37:32.0207 5668 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:37:32.0207 5668 partmgr - ok
19:37:32.0223 5668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:37:32.0223 5668 PcaSvc - ok
19:37:32.0238 5668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:37:32.0238 5668 pci - ok
19:37:32.0270 5668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:37:32.0270 5668 pciide - ok
19:37:32.0301 5668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:37:32.0301 5668 pcmcia - ok
19:37:32.0316 5668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:37:32.0316 5668 pcw - ok
19:37:32.0348 5668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:37:32.0363 5668 PEAUTH - ok
19:37:32.0457 5668 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
19:37:32.0472 5668 PeerDistSvc - ok
19:37:32.0535 5668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:37:32.0535 5668 PerfHost - ok
19:37:32.0675 5668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:37:32.0691 5668 pla - ok
19:37:32.0769 5668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:37:32.0769 5668 PlugPlay - ok
19:37:32.0800 5668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:37:32.0800 5668 PNRPAutoReg - ok
19:37:32.0831 5668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:37:32.0831 5668 PNRPsvc - ok
19:37:32.0894 5668 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
19:37:32.0894 5668 Point64 - ok
19:37:32.0940 5668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:37:32.0956 5668 PolicyAgent - ok
19:37:33.0003 5668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:37:33.0003 5668 Power - ok
19:37:33.0050 5668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:37:33.0050 5668 PptpMiniport - ok
19:37:33.0065 5668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:37:33.0065 5668 Processor - ok
19:37:33.0096 5668 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
19:37:33.0112 5668 ProfSvc - ok
19:37:33.0143 5668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:33.0143 5668 ProtectedStorage - ok
19:37:33.0190 5668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:37:33.0190 5668 Psched - ok
19:37:33.0268 5668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:37:33.0284 5668 ql2300 - ok
19:37:33.0377 5668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:37:33.0377 5668 ql40xx - ok
19:37:33.0408 5668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:37:33.0424 5668 QWAVE - ok
19:37:33.0440 5668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:37:33.0440 5668 QWAVEdrv - ok
19:37:33.0440 5668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:37:33.0440 5668 RasAcd - ok
19:37:33.0471 5668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:37:33.0471 5668 RasAgileVpn - ok
19:37:33.0502 5668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:37:33.0502 5668 RasAuto - ok
19:37:33.0533 5668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:33.0533 5668 Rasl2tp - ok
19:37:33.0580 5668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:37:33.0580 5668 RasMan - ok
19:37:33.0596 5668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:33.0596 5668 RasPppoe - ok
19:37:33.0611 5668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:37:33.0611 5668 RasSstp - ok
19:37:33.0658 5668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:37:33.0658 5668 rdbss - ok
19:37:33.0674 5668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:37:33.0674 5668 rdpbus - ok
19:37:33.0689 5668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:33.0689 5668 RDPCDD - ok
19:37:33.0736 5668 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:37:33.0736 5668 RDPDR - ok
19:37:33.0752 5668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:37:33.0752 5668 RDPENCDD - ok
19:37:33.0767 5668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:37:33.0767 5668 RDPREFMP - ok
19:37:33.0798 5668 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
19:37:33.0798 5668 RDPWD - ok
19:37:33.0845 5668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:37:33.0845 5668 rdyboost - ok
19:37:33.0861 5668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:37:33.0876 5668 RemoteAccess - ok
19:37:33.0892 5668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:37:33.0892 5668 RemoteRegistry - ok
19:37:33.0923 5668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:37:33.0923 5668 RpcEptMapper - ok
19:37:33.0923 5668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:37:33.0939 5668 RpcLocator - ok
19:37:33.0986 5668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:37:34.0001 5668 RpcSs - ok
19:37:34.0017 5668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:37:34.0017 5668 rspndr - ok
19:37:34.0095 5668 RTL8167 (39a719875f572241c585a629ee62eb14) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:37:34.0095 5668 RTL8167 - ok
19:37:34.0126 5668 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:37:34.0126 5668 s3cap - ok
19:37:34.0157 5668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:34.0157 5668 SamSs - ok
19:37:34.0188 5668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:37:34.0188 5668 sbp2port - ok
19:37:34.0220 5668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:37:34.0220 5668 SCardSvr - ok
19:37:34.0313 5668 SCBackService (8475e746eb72d04f1015e6f091f50e09) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
19:37:34.0313 5668 SCBackService - ok
19:37:34.0344 5668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:37:34.0344 5668 scfilter - ok
19:37:34.0438 5668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:37:34.0454 5668 Schedule - ok
19:37:34.0469 5668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:37:34.0485 5668 SCPolicySvc - ok
19:37:34.0500 5668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:37:34.0500 5668 SDRSVC - ok
19:37:34.0547 5668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:37:34.0547 5668 secdrv - ok
19:37:34.0578 5668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:37:34.0578 5668 seclogon - ok
19:37:34.0610 5668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:37:34.0610 5668 SENS - ok
19:37:34.0625 5668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:37:34.0625 5668 SensrSvc - ok
19:37:34.0641 5668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:37:34.0641 5668 Serenum - ok
19:37:34.0672 5668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:37:34.0672 5668 Serial - ok
19:37:34.0703 5668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:37:34.0703 5668 sermouse - ok
19:37:34.0734 5668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:37:34.0734 5668 SessionEnv - ok
19:37:34.0750 5668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:37:34.0750 5668 sffdisk - ok
19:37:34.0766 5668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:37:34.0766 5668 sffp_mmc - ok
19:37:34.0781 5668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:37:34.0781 5668 sffp_sd - ok
19:37:34.0812 5668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:37:34.0812 5668 sfloppy - ok
19:37:34.0859 5668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:37:34.0875 5668 SharedAccess - ok
19:37:34.0922 5668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:37:34.0922 5668 ShellHWDetection - ok
19:37:34.0953 5668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:37:34.0953 5668 SiSRaid2 - ok
19:37:34.0953 5668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:37:34.0953 5668 SiSRaid4 - ok
19:37:34.0968 5668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:37:34.0984 5668 Smb - ok
19:37:35.0015 5668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:37:35.0015 5668 SNMPTRAP - ok
19:37:35.0031 5668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:37:35.0031 5668 spldr - ok
19:37:35.0093 5668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:37:35.0109 5668 Spooler - ok
19:37:35.0296 5668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:37:35.0343 5668 sppsvc - ok
19:37:35.0405 5668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:37:35.0405 5668 sppuinotify - ok
19:37:35.0483 5668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:37:35.0483 5668 srv - ok
19:37:35.0514 5668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:37:35.0514 5668 srv2 - ok
19:37:35.0530 5668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:37:35.0530 5668 srvnet - ok
19:37:35.0577 5668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:37:35.0577 5668 SSDPSRV - ok
19:37:35.0577 5668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:37:35.0577 5668 SstpSvc - ok
19:37:35.0592 5668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:37:35.0592 5668 stexstor - ok
19:37:35.0670 5668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:37:35.0670 5668 stisvc - ok
19:37:35.0717 5668 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:37:35.0717 5668 storflt - ok
19:37:35.0733 5668 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
19:37:35.0733 5668 StorSvc - ok
19:37:35.0748 5668 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:37:35.0748 5668 storvsc - ok
19:37:35.0764 5668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:37:35.0764 5668 swenum - ok
19:37:35.0795 5668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:37:35.0795 5668 swprv - ok
19:37:35.0920 5668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:37:35.0936 5668 SysMain - ok
19:37:36.0045 5668 T1PExGrp64 (bcfbf5cd183735baa0a3742e2bbdfbd7) C:\Windows\system32\DRIVERS\T1PExGrp64.sys
19:37:36.0045 5668 T1PExGrp64 - ok
19:37:36.0060 5668 T1PMrGrp64 (8c34c267506af720918fab08b9ec9d12) C:\Windows\system32\DRIVERS\T1PMrGrp64.sys
19:37:36.0060 5668 T1PMrGrp64 - ok
19:37:36.0076 5668 t1pusb64 (299a7dd762d0af2e2fd4334b27d06bcb) C:\Windows\system32\drivers\t1pusb64.sys
19:37:36.0076 5668 t1pusb64 - ok
19:37:36.0107 5668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:37:36.0107 5668 TabletInputService - ok
19:37:36.0138 5668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:37:36.0138 5668 TapiSrv - ok
19:37:36.0170 5668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:37:36.0170 5668 TBS - ok
19:37:36.0294 5668 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:37:36.0310 5668 Tcpip - ok
19:37:36.0482 5668 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:37:36.0482 5668 TCPIP6 - ok
19:37:36.0544 5668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:37:36.0544 5668 tcpipreg - ok
19:37:36.0560 5668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:37:36.0560 5668 TDPIPE - ok
19:37:36.0591 5668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:37:36.0591 5668 TDTCP - ok
19:37:36.0638 5668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:37:36.0638 5668 tdx - ok
19:37:36.0669 5668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:37:36.0669 5668 TermDD - ok
19:37:36.0716 5668 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:37:36.0716 5668 TermService - ok
19:37:36.0731 5668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:37:36.0731 5668 Themes - ok
19:37:36.0762 5668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:37:36.0762 5668 THREADORDER - ok
19:37:36.0778 5668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:37:36.0778 5668 TrkWks - ok
19:37:36.0825 5668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:37:36.0825 5668 TrustedInstaller - ok
19:37:36.0856 5668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:36.0856 5668 tssecsrv - ok
19:37:36.0903 5668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:37:36.0903 5668 TsUsbFlt - ok
19:37:36.0950 5668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:37:36.0950 5668 tunnel - ok
19:37:36.0996 5668 U2VSvr (44ad06513fcf9e4599463162c19d3d57) C:\Windows\system32\U2VSvr.exe
19:37:36.0996 5668 U2VSvr - ok
19:37:37.0028 5668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:37:37.0028 5668 uagp35 - ok
19:37:37.0074 5668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:37:37.0074 5668 udfs - ok
19:37:37.0106 5668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:37:37.0106 5668 UI0Detect - ok
19:37:37.0152 5668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:37:37.0152 5668 uliagpkx - ok
19:37:37.0168 5668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:37:37.0168 5668 umbus - ok
19:37:37.0168 5668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:37:37.0168 5668 UmPass - ok
19:37:37.0215 5668 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
19:37:37.0215 5668 UmRdpService - ok
19:37:37.0246 5668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:37:37.0262 5668 upnphost - ok
19:37:37.0293 5668 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
19:37:37.0293 5668 USBAAPL64 - ok
19:37:37.0340 5668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:37.0340 5668 usbccgp - ok
19:37:37.0355 5668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:37:37.0355 5668 usbcir - ok
19:37:37.0371 5668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:37:37.0386 5668 usbehci - ok
19:37:37.0418 5668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:37:37.0433 5668 usbhub - ok
19:37:37.0433 5668 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
19:37:37.0433 5668 usbohci - ok
19:37:37.0449 5668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:37:37.0449 5668 usbprint - ok
19:37:37.0464 5668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:37:37.0464 5668 usbscan - ok
19:37:37.0496 5668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:37.0496 5668 USBSTOR - ok
19:37:37.0511 5668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
19:37:37.0511 5668 usbuhci - ok
19:37:37.0542 5668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:37:37.0542 5668 UxSms - ok
19:37:37.0589 5668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:37:37.0589 5668 VaultSvc - ok
19:37:37.0620 5668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:37:37.0620 5668 vdrvroot - ok
19:37:37.0683 5668 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:37:37.0683 5668 vds - ok
19:37:37.0714 5668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:37.0714 5668 vga - ok
19:37:37.0730 5668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:37:37.0730 5668 VgaSave - ok
19:37:37.0745 5668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:37:37.0745 5668 vhdmp - ok
19:37:37.0761 5668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:37:37.0761 5668 viaide - ok
19:37:37.0792 5668 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:37:37.0792 5668 vmbus - ok
19:37:37.0792 5668 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:37:37.0792 5668 VMBusHID - ok
19:37:37.0823 5668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:37:37.0823 5668 volmgr - ok
19:37:37.0870 5668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:37:37.0870 5668 volmgrx - ok
19:37:37.0917 5668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:37:37.0917 5668 volsnap - ok
19:37:37.0948 5668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:37:37.0948 5668 vsmraid - ok
19:37:38.0088 5668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:37:38.0104 5668 VSS - ok
19:37:38.0260 5668 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
19:37:38.0276 5668 vToolbarUpdater11.2.0 - ok
19:37:38.0385 5668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:37:38.0385 5668 vwifibus - ok
19:37:38.0416 5668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:37:38.0416 5668 vwififlt - ok
19:37:38.0447 5668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:37:38.0463 5668 W32Time - ok
19:37:38.0463 5668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:37:38.0463 5668 WacomPen - ok
19:37:38.0510 5668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:38.0510 5668 WANARP - ok
19:37:38.0510 5668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:37:38.0510 5668 Wanarpv6 - ok
19:37:38.0603 5668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:37:38.0619 5668 WatAdminSvc - ok
19:37:38.0728 5668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:37:38.0728 5668 wbengine - ok
19:37:38.0822 5668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:37:38.0822 5668 WbioSrvc - ok
19:37:38.0884 5668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:37:38.0884 5668 wcncsvc - ok
19:37:38.0900 5668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:37:38.0900 5668 WcsPlugInService - ok
19:37:38.0978 5668 WCUService_STC_FF (dbf0d60ba1fb075a25884b65071b1b82) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
19:37:38.0993 5668 WCUService_STC_FF - ok
19:37:39.0024 5668 WCUService_STC_IE (147c60622cb53e901efd8bb6d44a4c46) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
19:37:39.0040 5668 WCUService_STC_IE - ok
19:37:39.0071 5668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:37:39.0071 5668 Wd - ok
19:37:39.0118 5668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:37:39.0118 5668 Wdf01000 - ok
19:37:39.0134 5668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:37:39.0134 5668 WdiServiceHost - ok
19:37:39.0134 5668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:37:39.0149 5668 WdiSystemHost - ok
19:37:39.0180 5668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:37:39.0196 5668 WebClient - ok
19:37:39.0212 5668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:37:39.0227 5668 Wecsvc - ok
19:37:39.0243 5668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:37:39.0243 5668 wercplsupport - ok
19:37:39.0258 5668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:37:39.0258 5668 WerSvc - ok
19:37:39.0305 5668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:37:39.0305 5668 WfpLwf - ok
19:37:39.0321 5668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:37:39.0321 5668 WIMMount - ok
19:37:39.0352 5668 WinDefend - ok
19:37:39.0352 5668 WinHttpAutoProxySvc - ok
19:37:39.0399 5668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:37:39.0399 5668 Winmgmt - ok
19:37:39.0508 5668 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:37:39.0539 5668 WinRM - ok
19:37:39.0664 5668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:37:39.0664 5668 WinUsb - ok
19:37:39.0726 5668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:37:39.0742 5668 Wlansvc - ok
19:37:39.0742 5668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:37:39.0758 5668 WmiAcpi - ok
19:37:39.0804 5668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:37:39.0804 5668 wmiApSrv - ok
19:37:39.0820 5668 WMPNetworkSvc - ok
19:37:39.0836 5668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:37:39.0836 5668 WPCSvc - ok
19:37:39.0867 5668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:37:39.0882 5668 WPDBusEnum - ok
19:37:39.0898 5668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:37:39.0898 5668 ws2ifsl - ok
19:37:39.0914 5668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:37:39.0929 5668 wscsvc - ok
19:37:39.0929 5668 WSearch - ok
19:37:39.0945 5668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:37:39.0945 5668 WudfPf - ok
19:37:39.0976 5668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:39.0976 5668 WUDFRd - ok
19:37:40.0023 5668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:37:40.0023 5668 wudfsvc - ok
19:37:40.0038 5668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:37:40.0038 5668 WwanSvc - ok
19:37:40.0070 5668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:37:40.0241 5668 \Device\Harddisk0\DR0 - ok
19:37:40.0257 5668 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:37:41.0754 5668 \Device\Harddisk1\DR1 - ok
19:37:41.0786 5668 Boot (0x1200) (5b9594fbf6f175dd9c4b02e850c68041) \Device\Harddisk0\DR0\Partition0
19:37:41.0786 5668 \Device\Harddisk0\DR0\Partition0 - ok
19:37:41.0801 5668 Boot (0x1200) (d00eb1a5f647574a67f2c3aab5b2ace7) \Device\Harddisk0\DR0\Partition1
19:37:41.0801 5668 \Device\Harddisk0\DR0\Partition1 - ok
19:37:41.0801 5668 Boot (0x1200) (cae6b1a8c4b46582bbf931160cb0d1db) \Device\Harddisk1\DR1\Partition0
19:37:41.0801 5668 \Device\Harddisk1\DR1\Partition0 - ok
19:37:41.0801 5668 ============================================================
19:37:41.0801 5668 Scan finished
19:37:41.0801 5668 ============================================================
19:37:41.0817 1736 Detected object count: 0
19:37:41.0817 1736 Actual detected object count: 0

Very respectfully,
Max
maximusdowns
Regular Member
 
Posts: 59
Joined: August 4th, 2012, 4:11 pm

Re: Suspision of Malware/Trojan

Unread postby Gary R » August 12th, 2012, 1:23 am

Excellent, looks like we've got everything. Time for a tidy up.

First

Let's clear out Combofix and the files/folders it created
  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.
    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.
IMPORTANT
  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Next

Let's clear out OTL and the files and folders it created. This will also remove FRST and TDSSKiller.
  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).

Next

Malwarebytes' Anti-Malware is Freeware, so you can keep or remove it as you wish. Personally I think its one of the better Anti-Spyware scanners around at the moment. However if you wish to remove it, use Control Panel > Programs > Uninstall a program

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?
  • If you are let me know about them.
  • If not it's time to make your computer more secure.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Suspision of Malware/Trojan

Unread postby Gary R » August 13th, 2012, 4:26 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware