Startup / Services

[bbudesa]

I've got a slow computer (close to 10-15 minutes to start up). I've searched and read many posts/threads regarding this issue. The one solution that seems to appear most often is - remove or disable any and all programs or services that you don't need or use.

Well, for a well-versed computer user, that may not be a problem. But for someone of limited skills, that can be quite daunting. When I research some of the services, they all look legitimate, or at least appear to be needed in order to make this thing run cleanly.

I typed "services.msc" to see what services were running automatically, thinking that this might have something to do with my sluggish machine. The following is a list of what starts up automatically. Everything else in Services is set to manual or disabled.

I know this is a tall order, but if someone would be so kind - please tell me which of these I should disable, or at least set to manual. Maybe just cross out everything I don't need to keep on automatic startup. If I'm on the wrong track, let me know.

thanks

Bob

Apple Mobile Device, Avast Anit-virus/firewall, Base filtering Engine, Comm+ Event system, Cryptographic services, DCOM Service Process Launcher, Desktop Window Manager Session Manager, DHCP Client, Diagnostic Policy Service, Distributed Link Tracking Client, DNS client, Function Discovery Resource Publication, Group Policy Client, HP Network Devices Support, IP helper, MBAMScheduler, MBAMService, Network Location Awareness, Network Store Interface Service, Plug n Play, Power, Print Spooler, Program Compatibility Assistant Service, Remote Desktop Services, Remote Procedure Call, RPC Endpoint Mapper, Sandboxie Service, Seagate Dashboard Services, Seagate Mobile backup Service, Security Accounts Manager, Security Center, Server, Shell Hardware Detection, Superfetch, System Event Notification Service, Task Scheduler, TCP/IP NetBIOS helper, Themes, User Profile Service, Windows Audio, Windows Endpoint Audio builder, Windows Defender, Windows Event log, Windows Firewall, Windows font cache Service, Windows Image Acquisition, Windows Management Instrumentation, Windows Search, Windows Update, WLAN Autoconfig, Workstation.

 

[johnb35]

If it takes you 10-15 minutes to boot up then you have an issue that isn't service related. You could have rootkit which causes this sort of issue. Please do the following in order.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infections simply click on the Continue button and TDSSKiller will attempt to clean them or remove them.

After trying to clean them it will pop up with the results of the scan and its actions.

Please reboot the system if asked to do so.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it example, C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt

Please open the log and copy and paste it back here.


Then do the following.

1.

Please download AdwCleaner by Xplode onto your Desktop.



•Please close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Scan.
•After the scan you will need to click on clean for it to delete the adware.
•Your computer will be rebooted automatically. A text file will open after the restart.
•Please post the content of that logfile in your reply.
•You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

2.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

3.

Please download Malwarebytes' Anti-Malware and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.

Please post the log that Malwarebytes displays on your screen.

4.

Download OTL to your Desktop


•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

post the logs from the following 4 programs.

1. Adwcleaner
2. Junkware removal tool
3. Malwarebytes
4. OTL

 

[bbudesa]

TDSSkiller results were too long. I'll break it down and send it next.

AdwCleaner results:

# AdwCleaner v3.311 - Report created 08/10/2014 at 15:50:51
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Bob - BUDESAPC
# Running from : C:\Users\Bob\Downloads\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Bob\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Terri\AppData\LocalLow\HPAppData

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

[ File : C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\phm5365y.default\prefs.js ]


[ File : C:\Users\Terri\AppData\Roaming\Mozilla\Firefox\Profiles\mtmtq4fd.default\prefs.js ]


-\\ Google Chrome v30.0.1599.69

[ File : C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Terri\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [36293 octets] - [03/10/2013 16:52:31]
AdwCleaner[R10].txt - [2103 octets] - [06/10/2013 11:00:46]
AdwCleaner[R11].txt - [2165 octets] - [07/10/2013 14:45:17]
AdwCleaner[R12].txt - [3031 octets] - [09/10/2013 13:03:46]
AdwCleaner[R13].txt - [2407 octets] - [10/10/2013 11:43:31]
AdwCleaner[R14].txt - [2528 octets] - [12/10/2013 09:44:05]
AdwCleaner[R15].txt - [11435 octets] - [19/10/2013 11:09:01]
AdwCleaner[R16].txt - [2738 octets] - [25/08/2014 18:25:43]
AdwCleaner[R17].txt - [3120 octets] - [08/10/2014 15:49:08]
AdwCleaner[R1].txt - [36354 octets] - [03/10/2013 17:11:26]
AdwCleaner[R2].txt - [36362 octets] - [03/10/2013 19:09:20]
AdwCleaner[R3].txt - [1884 octets] - [03/10/2013 19:28:43]
AdwCleaner[R4].txt - [1942 octets] - [04/10/2013 20:41:46]
AdwCleaner[R5].txt - [17070 octets] - [04/10/2013 22:58:58]
AdwCleaner[R6].txt - [6458 octets] - [05/10/2013 08:09:14]
AdwCleaner[R7].txt - [1742 octets] - [05/10/2013 08:58:00]
AdwCleaner[R8].txt - [1862 octets] - [05/10/2013 16:39:03]
AdwCleaner[R9].txt - [1982 octets] - [06/10/2013 08:35:24]
AdwCleaner[S0].txt - [35952 octets] - [03/10/2013 19:12:38]
AdwCleaner[S10].txt - [11630 octets] - [19/10/2013 11:10:03]
AdwCleaner[S11].txt - [2800 octets] - [25/08/2014 18:26:59]
AdwCleaner[S12].txt - [2501 octets] - [08/10/2014 15:50:51]
AdwCleaner[S1].txt - [2013 octets] - [04/10/2013 20:42:34]
AdwCleaner[S2].txt - [17227 octets] - [04/10/2013 22:59:31]
AdwCleaner[S3].txt - [6395 octets] - [05/10/2013 08:09:48]
AdwCleaner[S4].txt - [1803 octets] - [05/10/2013 08:58:58]
AdwCleaner[S5].txt - [1923 octets] - [05/10/2013 16:39:56]
AdwCleaner[S6].txt - [2043 octets] - [06/10/2013 08:35:57]
AdwCleaner[S7].txt - [2225 octets] - [07/10/2013 14:46:13]
AdwCleaner[S8].txt - [3105 octets] - [09/10/2013 13:04:30]
AdwCleaner[S9].txt - [2467 octets] - [10/10/2013 11:44:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S12].txt - [3103 octets] ##########

 

[bbudesa]

First part of TDSSkiller results:

15:40:32.0445 0388 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:40:54.0192 0388 ============================================================
15:40:54.0192 0388 Current date / time: 2014/10/08 15:40:54.0192
15:40:54.0192 0388 SystemInfo:
15:40:54.0192 0388
15:40:54.0192 0388 OS Version: 6.1.7601 ServicePack: 1.0
15:40:54.0192 0388 Product type: Workstation
15:40:54.0192 0388 ComputerName: BUDESAPC
15:40:54.0192 0388 UserName: Bob
15:40:54.0192 0388 Windows directory: C:\Windows
15:40:54.0192 0388 System windows directory: C:\Windows
15:40:54.0192 0388 Running under WOW64
15:40:54.0192 0388 Processor architecture: Intel x64
15:40:54.0192 0388 Number of processors: 1
15:40:54.0192 0388 Page size: 0x1000
15:40:54.0192 0388 Boot type: Normal boot
15:40:54.0192 0388 ============================================================
15:40:55.0130 0388 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:40:55.0130 0388 Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 (2794.52 Gb), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:40:55.0370 0388 ============================================================
15:40:55.0370 0388 \Device\Harddisk0\DR0:
15:40:55.0370 0388 MBR partitions:
15:40:55.0370 0388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:40:55.0370 0388 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:40:55.0370 0388 \Device\Harddisk1\DR1:
15:40:55.0370 0388 MBR partitions:
15:40:55.0370 0388 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
15:40:55.0370 0388 ============================================================
15:40:55.0390 0388 C: <-> \Device\Harddisk0\DR0\Partition2
15:40:55.0430 0388 H: <-> \Device\Harddisk1\DR1\Partition1
15:40:55.0430 0388 ============================================================
15:40:55.0430 0388 Initialize success
15:40:55.0430 0388 ============================================================
15:40:57.0014 4784 ============================================================
15:40:57.0014 4784 Scan started
15:40:57.0014 4784 Mode: Manual;
15:40:57.0014 4784 ============================================================
15:40:57.0566 4784 ================ Scan system memory ========================
15:40:57.0566 4784 System memory - ok
15:40:57.0566 4784 ================ Scan services =============================
15:40:57.0636 4784 [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:40:57.0636 4784 !SASCORE - ok
15:40:57.0736 4784 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:40:57.0736 4784 1394ohci - ok
15:40:57.0758 4784 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:40:57.0762 4784 ACPI - ok
15:40:57.0772 4784 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:40:57.0773 4784 AcpiPmi - ok
15:40:57.0868 4784 [ C5679E5186B2FC95BC76A8A9870D5456 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:40:57.0868 4784 AdobeARMservice - ok
15:40:57.0958 4784 [ A6B6AB9502B63F43A9A56AE6AFB22078 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:40:57.0958 4784 AdobeFlashPlayerUpdateSvc - ok
15:40:57.0988 4784 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:40:57.0988 4784 adp94xx - ok
15:40:58.0008 4784 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:40:58.0008 4784 adpahci - ok
15:40:58.0028 4784 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:40:58.0028 4784 adpu320 - ok
15:40:58.0048 4784 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:40:58.0048 4784 AeLookupSvc - ok
15:40:58.0078 4784 [ FA886682CFC5D36718D3E436AACF10B9 ] AFD C:\Windows\system32\drivers\afd.sys
15:40:58.0088 4784 AFD - ok
15:40:58.0108 4784 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:40:58.0108 4784 agp440 - ok
15:40:58.0128 4784 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:40:58.0128 4784 ALG - ok
15:40:58.0158 4784 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:40:58.0158 4784 aliide - ok
15:40:58.0198 4784 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:40:58.0198 4784 AMD External Events Utility - ok
15:40:58.0208 4784 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:40:58.0208 4784 amdide - ok
15:40:58.0228 4784 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:40:58.0228 4784 AmdK8 - ok
15:40:58.0248 4784 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:40:58.0248 4784 AmdPPM - ok
15:40:58.0258 4784 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:40:58.0258 4784 amdsata - ok
15:40:58.0278 4784 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:40:58.0278 4784 amdsbs - ok
15:40:58.0288 4784 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:40:58.0288 4784 amdxata - ok
15:40:58.0308 4784 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:40:58.0308 4784 AppID - ok
15:40:58.0338 4784 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:40:58.0348 4784 AppIDSvc - ok
15:40:58.0378 4784 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
15:40:58.0378 4784 Appinfo - ok
15:40:58.0438 4784 [ 221564CC7BE37611FE15EACF443E1BF6 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:40:58.0438 4784 Apple Mobile Device - ok
15:40:58.0468 4784 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:40:58.0468 4784 arc - ok
15:40:58.0488 4784 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:40:58.0488 4784 arcsas - ok
15:40:58.0538 4784 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
15:40:58.0538 4784 AsIO - ok
15:40:58.0638 4784 [ 9A262EDD17F8473B91B333D6B031A901 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:58.0638 4784 aspnet_state - ok
15:40:58.0668 4784 [ D95E64416A4A3ED6986E0F474DA934BD ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
15:40:58.0678 4784 aswHwid - ok
15:40:58.0718 4784 [ D421F374BE2213E910CD133708DDE60E ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
15:40:58.0718 4784 aswKbd - ok
15:40:58.0738 4784 [ FF1E537A3632CBB9A0BF72B9FD0878D5 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
15:40:58.0738 4784 aswMonFlt - ok
15:40:58.0798 4784 [ 79826FB8C979740D135C3E77A26C63BB ] aswNdisFlt C:\Windows\system32\DRIVERS\aswNdisFlt.sys
15:40:58.0808 4784 aswNdisFlt - ok
15:40:58.0827 4784 [ A5757DE5F9C83AB40667A53D5126EA40 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
15:40:58.0828 4784 aswRdr - ok
15:40:58.0849 4784 [ 645D97385F3F284FB5604F9B970F4D24 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
15:40:58.0850 4784 aswRvrt - ok
15:40:58.0890 4784 [ B8FDEDE963B82CFD23B3A53A3084666D ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
15:40:58.0890 4784 aswSnx - ok
15:40:58.0930 4784 [ 0DEDC041DF594AEC2C3BD00417CFAF60 ] aswSP C:\Windows\system32\drivers\aswSP.sys
15:40:58.0940 4784 aswSP - ok
15:40:58.0970 4784 [ 48DED912CDE54FC0923B9858512366E1 ] aswStm C:\Windows\system32\drivers\aswStm.sys
15:40:58.0970 4784 aswStm - ok
15:40:58.0980 4784 [ 6FFECAE6A7BF190D4A3D7AFA6D7B5478 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
15:40:58.0990 4784 aswTdi - ok
15:40:59.0010 4784 [ 471A311745848B80339436688A8286E6 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
15:40:59.0010 4784 aswVmm - ok
15:40:59.0020 4784 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:59.0020 4784 AsyncMac - ok
15:40:59.0040 4784 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:40:59.0040 4784 atapi - ok
15:40:59.0150 4784 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
15:40:59.0230 4784 atikmdag - ok
15:40:59.0240 4784 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
15:40:59.0240 4784 AtiPcie - ok
15:40:59.0292 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:40:59.0292 4784 AudioEndpointBuilder - ok
15:40:59.0302 4784 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:40:59.0315 4784 AudioSrv - ok
15:40:59.0374 4784 [ 73F5C13B431915BAE35254B4E95DFB71 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
15:40:59.0374 4784 avast! Antivirus - ok
15:40:59.0394 4784 [ D386D51B1839E208EF7CCFBFA964638E ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe
15:40:59.0394 4784 avast! Firewall - ok
15:40:59.0434 4784 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:40:59.0434 4784 AxInstSV - ok
15:40:59.0464 4784 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:40:59.0464 4784 b06bdrv - ok
15:40:59.0494 4784 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:59.0494 4784 b57nd60a - ok
15:40:59.0524 4784 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:40:59.0524 4784 BDESVC - ok
15:40:59.0534 4784 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:40:59.0534 4784 Beep - ok
15:40:59.0574 4784 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:40:59.0574 4784 BFE - ok
15:40:59.0614 4784 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:40:59.0624 4784 BITS - ok
15:40:59.0634 4784 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:59.0634 4784 blbdrive - ok
15:40:59.0674 4784 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:40:59.0674 4784 Bonjour Service - ok
15:40:59.0744 4784 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:40:59.0794 4784 bowser - ok
15:40:59.0834 4784 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:40:59.0834 4784 BrFiltLo - ok
15:40:59.0854 4784 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:40:59.0854 4784 BrFiltUp - ok
15:40:59.0880 4784 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:40:59.0882 4784 BridgeMP - ok
15:40:59.0922 4784 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:40:59.0923 4784 Browser - ok
15:40:59.0936 4784 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:40:59.0936 4784 Brserid - ok
15:40:59.0946 4784 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:59.0956 4784 BrSerWdm - ok
15:40:59.0966 4784 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:59.0966 4784 BrUsbMdm - ok
15:40:59.0966 4784 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:59.0976 4784 BrUsbSer - ok
15:40:59.0986 4784 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:40:59.0986 4784 BTHMODEM - ok
15:41:00.0016 4784 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:41:00.0016 4784 bthserv - ok
15:41:00.0026 4784 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:41:00.0026 4784 cdfs - ok
15:41:00.0056 4784 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:41:00.0056 4784 cdrom - ok
15:41:00.0086 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:41:00.0096 4784 CertPropSvc - ok
15:41:00.0096 4784 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:41:00.0096 4784 circlass - ok
15:41:00.0126 4784 cleanhlp - ok
15:41:00.0136 4784 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:41:00.0146 4784 CLFS - ok
15:41:00.0196 4784 [ F13EC8A783E0CB0D6DC26A3CA848B7B8 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:41:00.0196 4784 clr_optimization_v2.0.50727_32 - ok
15:41:00.0236 4784 [ B4D73F04E9BC076F7CDAC4327DF636BB ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:41:00.0236 4784 clr_optimization_v2.0.50727_64 - ok
15:41:00.0286 4784 [ E87213F37A13E2B54391E40934F071D0 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:41:00.0286 4784 clr_optimization_v4.0.30319_32 - ok
15:41:00.0296 4784 [ 4AEDAB50F83580D0B4D6CF78191F92AA ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:41:00.0296 4784 clr_optimization_v4.0.30319_64 - ok
15:41:00.0316 4784 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:41:00.0316 4784 CmBatt - ok
15:41:00.0346 4784 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:41:00.0346 4784 cmdide - ok
15:41:00.0386 4784 [ EBF28856F69CF094A902F884CF989706 ] CNG C:\Windows\system32\Drivers\cng.sys
15:41:00.0386 4784 CNG - ok
15:41:00.0406 4784 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:41:00.0406 4784 Compbatt - ok
15:41:00.0436 4784 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:41:00.0436 4784 CompositeBus - ok
15:41:00.0446 4784 COMSysApp - ok
15:41:00.0476 4784 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:41:00.0476 4784 crcdisk - ok
15:41:00.0516 4784 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:41:00.0516 4784 CryptSvc - ok
15:41:00.0566 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:41:00.0576 4784 DcomLaunch - ok
15:41:00.0596 4784 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:41:00.0606 4784 defragsvc - ok
15:41:00.0626 4784 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:41:00.0626 4784 DfsC - ok
15:41:00.0666 4784 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:41:00.0666 4784 Dhcp - ok
15:41:00.0696 4784 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:41:00.0696 4784 discache - ok
15:41:00.0706 4784 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:41:00.0706 4784 Disk - ok
15:41:00.0736 4784 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:41:00.0736 4784 Dnscache - ok
15:41:00.0766 4784 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:41:00.0766 4784 dot3svc - ok
15:41:00.0806 4784 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:41:00.0806 4784 Dot4 - ok
15:41:00.0856 4784 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
15:41:00.0856 4784 Dot4Print - ok
15:41:00.0876 4784 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:41:00.0876 4784 dot4usb - ok
15:41:00.0906 4784 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:41:00.0916 4784 DPS - ok
15:41:00.0988 4784 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:41:00.0988 4784 drmkaud - ok
15:41:01.0028 4784 [ 87CE5C8965E101CCCED1F4675557E868 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:41:01.0028 4784 DXGKrnl - ok
15:41:01.0048 4784 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:41:01.0048 4784 EapHost - ok
15:41:01.0108 4784 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:41:01.0148 4784 ebdrv - ok
15:41:01.0178 4784 [ 204F3F58212B3E422C90BD9691A2DF28 ] EFS C:\Windows\System32\lsass.exe
15:41:01.0188 4784 EFS - ok
15:41:01.0208 4784 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:41:01.0208 4784 elxstor - ok
15:41:01.0238 4784 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:41:01.0248 4784 ErrDev - ok
15:41:01.0278 4784 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:41:01.0278 4784 EventSystem - ok
15:41:01.0298 4784 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:41:01.0298 4784 exfat - ok
15:41:01.0308 4784 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:41:01.0318 4784 fastfat - ok
15:41:01.0348 4784 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:41:01.0348 4784 Fax - ok
15:41:01.0368 4784 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:41:01.0368 4784 fdc - ok
15:41:01.0388 4784 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:41:01.0388 4784 fdPHost - ok
15:41:01.0398 4784 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:41:01.0398 4784 FDResPub - ok
15:41:01.0418 4784 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:41:01.0418 4784 FileInfo - ok
15:41:01.0428 4784 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:41:01.0428 4784 Filetrace - ok
15:41:01.0438 4784 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:41:01.0438 4784 flpydisk - ok
15:41:01.0458 4784 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:41:01.0468 4784 FltMgr - ok
15:41:01.0518 4784 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
15:41:01.0538 4784 FontCache - ok
15:41:01.0588 4784 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:41:01.0588 4784 FontCache3.0.0.0 - ok
15:41:01.0598 4784 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:41:01.0608 4784 FsDepends - ok
15:41:01.0638 4784 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:41:01.0638 4784 Fs_Rec - ok
15:41:01.0678 4784 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:41:01.0678 4784 fvevol - ok
15:41:01.0698 4784 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:41:01.0698 4784 gagp30kx - ok
15:41:01.0738 4784 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:41:01.0798 4784 GEARAspiWDM - ok
15:41:01.0848 4784 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:41:01.0868 4784 gpsvc - ok
15:41:01.0948 4784 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:41:01.0948 4784 gupdate - ok
15:41:01.0958 4784 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:41:01.0958 4784 gupdatem - ok
15:41:01.0988 4784 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:41:01.0988 4784 gusvc - ok
15:41:02.0011 4784 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:41:02.0012 4784 hcw85cir - ok
15:41:02.0046 4784 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:41:02.0050 4784 HdAudAddService - ok
15:41:02.0070 4784 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:41:02.0080 4784 HDAudBus - ok
15:41:02.0090 4784 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:41:02.0090 4784 HidBatt - ok
15:41:02.0100 4784 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:41:02.0110 4784 HidBth - ok
15:41:02.0120 4784 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:41:02.0120 4784 HidIr - ok
15:41:02.0150 4784 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:41:02.0150 4784 hidserv - ok
15:41:02.0180 4784 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:41:02.0180 4784 HidUsb - ok
15:41:02.0220 4784 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:41:02.0220 4784 hkmsvc - ok
15:41:02.0240 4784 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:41:02.0250 4784 HomeGroupListener - ok
15:41:02.0270 4784 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:41:02.0280 4784 HomeGroupProvider - ok
15:41:02.0380 4784 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
15:41:02.0380 4784 hpqcxs08 - ok
15:41:02.0420 4784 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
15:41:02.0420 4784 hpqddsvc - ok
15:41:02.0450 4784 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:41:02.0460 4784 HpSAMD - ok
15:41:02.0540 4784 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
15:41:02.0540 4784 HPSLPSVC - ok
15:41:02.0590 4784 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:41:02.0590 4784 HTTP - ok
15:41:02.0620 4784 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:41:02.0630 4784 hwpolicy - ok
15:41:02.0660 4784 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:41:02.0670 4784 i8042prt - ok
15:41:02.0700 4784 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:41:02.0700 4784 iaStorV - ok
15:41:02.0750 4784 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
15:41:02.0750 4784 IDriverT - ok
15:41:02.0800 4784 [ C98A5B9D932430AD8EEBD3EF73756EF7 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:41:02.0810 4784 idsvc - ok
15:41:02.0830 4784 IEEtwCollectorService - ok
15:41:02.0850 4784 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:41:02.0850 4784 iirsp - ok
15:41:02.0910 4784 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT C:\Windows\System32\ikeext.dll
15:41:02.0910 4784 IKEEXT - ok
15:41:02.0940 4784 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:41:02.0940 4784 intelide - ok
15:41:02.0960 4784 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:41:02.0960 4784 intelppm - ok
15:41:02.0980 4784 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:41:02.0980 4784 IPBusEnum - ok
15:41:03.0010 4784 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:41:03.0010 4784 IpFilterDriver - ok
15:41:03.0050 4784 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:41:03.0060 4784 iphlpsvc - ok
15:41:03.0099 4784 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:41:03.0100 4784 IPMIDRV - ok
15:41:03.0112 4784 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:41:03.0112 4784 IPNAT - ok
15:41:03.0152 4784 [ 6BF622C46721CF6E2B35E868F319E6EB ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:41:03.0162 4784 iPod Service - ok
15:41:03.0182 4784 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:41:03.0182 4784 IRENUM - ok
15:41:03.0202 4784 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:41:03.0202 4784 isapnp - ok
15:41:03.0232 4784 [ 96BB922A0981BC7432C8CF52B5410FE6 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:41:03.0242 4784 iScsiPrt - ok
15:41:03.0262 4784 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:41:03.0262 4784 kbdclass - ok
15:41:03.0272 4784 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:41:03.0272 4784 kbdhid - ok
15:41:03.0292 4784 [ 204F3F58212B3E422C90BD9691A2DF28 ] KeyIso C:\Windows\system32\lsass.exe
15:41:03.0292 4784 KeyIso - ok
15:41:03.0322 4784 [ 353009DEDF918B2A51414F330CF72DEC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:41:03.0322 4784 KSecDD - ok
15:41:03.0362 4784 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:41:03.0362 4784 KSecPkg - ok
15:41:03.0382 4784 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:41:03.0382 4784 ksthunk - ok
15:41:03.0412 4784 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:41:03.0412 4784 KtmRm - ok
15:41:03.0462 4784 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:41:03.0462 4784 LanmanServer - ok
15:41:03.0492 4784 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:41:03.0492 4784 LanmanWorkstation - ok
15:41:03.0542 4784 [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:41:03.0542 4784 LightScribeService - ok
15:41:03.0562 4784 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:41:03.0562 4784 lltdio - ok
15:41:03.0592 4784 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:41:03.0592 4784 lltdsvc - ok
15:41:03.0612 4784 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:41:03.0612 4784 lmhosts - ok
15:41:03.0632 4784 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:41:03.0632 4784 LSI_FC - ok
15:41:03.0652 4784 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:41:03.0652 4784 LSI_SAS - ok
15:41:03.0662 4784 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:41:03.0662 4784 LSI_SAS2 - ok
15:41:03.0682 4784 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:41:03.0682 4784 LSI_SCSI - ok
15:41:03.0712 4784 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:41:03.0712 4784 luafv - ok
15:41:03.0752 4784 [ C586CC39820B6E7FE3657FED8329D300 ] lvpopf64 C:\Windows\system32\DRIVERS\lvpopf64.sys
15:41:03.0752 4784 lvpopf64 - ok
15:41:03.0782 4784 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:41:03.0782 4784 LVPr2M64 - ok
15:41:03.0792 4784 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:41:03.0792 4784 LVPr2Mon - ok
15:41:03.0862 4784 [ 9CD0DC863BE5D40A762F7D84F11A8471 ] LVPrcS64 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
15:41:03.0862 4784 LVPrcS64 - ok
15:41:03.0905 4784 [ 224AB3850F573A419F921C41A15D7F5B ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
15:41:03.0909 4784 LVRS64 - ok
15:41:04.0014 4784 [ BFBA84B8A9C233AE42B11CF7BDFC6C01 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
15:41:04.0096 4784 LVUVC64 - ok
15:41:04.0153 4784 [ F92B0E478C0FAA6D6661E6E977247E60 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:41:04.0154 4784 MBAMProtector - ok
15:41:04.0228 4784 [ D84AEA3F3329D622DFC1297DDDF6163B ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
15:41:04.0258 4784 MBAMScheduler - ok
15:41:04.0288 4784 [ 4F45ED469906494F9BF754E476390DBD ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
15:41:04.0298 4784 MBAMService - ok
15:41:04.0328 4784 [ 8A50D5304E6AE48664CF5838EC32F647 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
15:41:04.0328 4784 MBAMSwissArmy - ok
15:41:04.0378 4784 [ 15E8ABC06843672955CE26A009533BAD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
15:41:04.0379 4784 MBAMWebAccessControl - ok
15:41:04.0397 4784 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:41:04.0398 4784 megasas - ok
15:41:04.0410 4784 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:41:04.0420 4784 MegaSR - ok
15:41:04.0440 4784 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:41:04.0450 4784 MMCSS - ok
15:41:04.0460 4784 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:41:04.0460 4784 Modem - ok
15:41:04.0490 4784 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:41:04.0490 4784 monitor - ok
15:41:04.0500 4784 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:41:04.0510 4784 mouclass - ok
15:41:04.0520 4784 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:41:04.0520 4784 mouhid - ok
15:41:04.0550 4784 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:41:04.0550 4784 mountmgr - ok
15:41:04.0570 4784 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:41:04.0580 4784 mpio - ok
15:41:04.0590 4784 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:41:04.0590 4784 mpsdrv - ok
15:41:04.0620 4784 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:41:04.0630 4784 MpsSvc - ok
15:41:04.0660 4784 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:41:04.0660 4784 MRxDAV - ok
15:41:04.0700 4784 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:41:04.0700 4784 mrxsmb - ok
15:41:04.0730 4784 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:41:04.0740 4784 mrxsmb10 - ok
15:41:04.0750 4784 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:41:04.0760 4784 mrxsmb20 - ok
15:41:04.0780 4784 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:41:04.0780 4784 msahci - ok
15:41:04.0960 4784 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:41:04.0960 4784 msdsm - ok
15:41:05.0020 4784 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:41:05.0030 4784 MSDTC - ok
15:41:05.0140 4784 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:41:05.0140 4784 Msfs - ok
15:41:05.0150 4784 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:41:05.0150 4784 mshidkmdf - ok
15:41:05.0170 4784 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:41:05.0170 4784 msisadrv - ok
15:41:05.0204 4784 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:41:05.0207 4784 MSiSCSI - ok
15:41:05.0215 4784 msiserver - ok
15:41:05.0232 4784 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:41:05.0233 4784 MSKSSRV - ok
15:41:05.0246 4784 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:41:05.0247 4784 MSPCLOCK - ok
15:41:05.0259 4784 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:41:05.0260 4784 MSPQM - ok
15:41:05.0292 4784 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:41:05.0292 4784 MsRPC - ok
15:41:05.0332 4784 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:41:05.0332 4784 mssmbios - ok
15:41:05.0392 4784 MSSQL$XMAP7 - ok
15:41:05.0453 4784 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
15:41:05.0453 4784 MSSQLServerADHelper100 - ok
15:41:05.0463 4784 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:41:05.0463 4784 MSTEE - ok
15:41:05.0483 4784 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:41:05.0483 4784 MTConfig - ok
15:41:05.0503 4784 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
15:41:05.0513 4784 MTsensor - ok
15:41:05.0523 4784 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:41:05.0523 4784 Mup - ok
15:41:05.0562 4784 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:41:05.0566 4784 napagent - ok
15:41:05.0595 4784 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:41:05.0595 4784 NativeWifiP - ok
15:41:05.0635 4784 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:41:05.0645 4784 NDIS - ok
15:41:05.0665 4784 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:41:05.0665 4784 NdisCap - ok
15:41:05.0675 4784 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:41:05.0675 4784 NdisTapi - ok
15:41:05.0715 4784 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:41:05.0715 4784 Ndisuio - ok
15:41:05.0745 4784 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:41:05.0745 4784 NdisWan - ok
15:41:05.0755 4784 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:41:05.0765 4784 NDProxy - ok
15:41:05.0825 4784 [ 0FF3C6AA3E0FE0EB316DF5449B569463 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
15:41:05.0835 4784 Nero BackItUp Scheduler 4.0 - ok
15:41:05.0865 4784 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:41:05.0865 4784 Net Driver HPZ12 - ok
15:41:05.0895 4784 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:41:05.0895 4784 NetBIOS - ok
15:41:05.0935 4784 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:41:05.0935 4784 NetBT - ok
15:41:05.0955 4784 [ 204F3F58212B3E422C90BD9691A2DF28 ] Netlogon C:\Windows\system32\lsass.exe
15:41:05.0955 4784 Netlogon - ok
15:41:05.0985 4784 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:41:05.0995 4784 Netman - ok

 

[bbudesa]

second half of TDSSkiller results:

15:41:06.0065 4784 [ 21318671BCAD3ACF16638F98D4D00973 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:06.0065 4784 NetMsmqActivator - ok
15:41:06.0075 4784 [ 21318671BCAD3ACF16638F98D4D00973 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:06.0075 4784 NetPipeActivator - ok
15:41:06.0095 4784 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:41:06.0095 4784 netprofm - ok
15:41:06.0105 4784 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:06.0105 4784 NetTcpActivator - ok
15:41:06.0115 4784 [ 21318671BCAD3ACF16638F98D4D00973 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:41:06.0115 4784 NetTcpPortSharing - ok
15:41:06.0135 4784 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:41:06.0135 4784 nfrd960 - ok
15:41:06.0165 4784 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:41:06.0175 4784 NlaSvc - ok
15:41:06.0195 4784 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:41:06.0195 4784 Npfs - ok
15:41:06.0221 4784 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:41:06.0224 4784 nsi - ok
15:41:06.0235 4784 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:41:06.0237 4784 nsiproxy - ok
15:41:06.0291 4784 [ 1A29A59A4C5BA6F8C85062A613B7E2B2 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:41:06.0316 4784 Ntfs - ok
15:41:06.0319 4784 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:41:06.0329 4784 Null - ok
15:41:06.0349 4784 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:41:06.0359 4784 nvraid - ok
15:41:06.0369 4784 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:41:06.0379 4784 nvstor - ok
15:41:06.0399 4784 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:41:06.0399 4784 nv_agp - ok
15:41:06.0469 4784 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:41:06.0479 4784 odserv - ok
15:41:06.0519 4784 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:41:06.0519 4784 ohci1394 - ok
15:41:06.0549 4784 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:41:06.0549 4784 ose - ok
15:41:06.0579 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:41:06.0589 4784 p2pimsvc - ok
15:41:06.0619 4784 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:41:06.0629 4784 p2psvc - ok
15:41:06.0659 4784 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:41:06.0659 4784 Parport - ok
15:41:06.0679 4784 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:41:06.0689 4784 partmgr - ok
15:41:06.0699 4784 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:41:06.0699 4784 PcaSvc - ok
15:41:06.0729 4784 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:41:06.0739 4784 pci - ok
15:41:06.0769 4784 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:41:06.0769 4784 pciide - ok
15:41:06.0779 4784 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:41:06.0789 4784 pcmcia - ok
15:41:06.0929 4784 [ FD2A66E8B1A3D1483A8F6CFA3C950B9B ] PCPitstop Scheduling C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
15:41:06.0929 4784 PCPitstop Scheduling - ok
15:41:06.0949 4784 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:41:06.0949 4784 pcw - ok
15:41:06.0969 4784 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:41:06.0969 4784 PEAUTH - ok
15:41:07.0019 4784 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:41:07.0019 4784 PerfHost - ok
15:41:07.0079 4784 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:41:07.0109 4784 pla - ok
15:41:07.0149 4784 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:41:07.0159 4784 PlugPlay - ok
15:41:07.0189 4784 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:41:07.0189 4784 Pml Driver HPZ12 - ok
15:41:07.0219 4784 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:41:07.0219 4784 PNRPAutoReg - ok
15:41:07.0229 4784 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:41:07.0239 4784 PNRPsvc - ok
15:41:07.0269 4784 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:41:07.0269 4784 PolicyAgent - ok
15:41:07.0299 4784 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:41:07.0299 4784 Power - ok
15:41:07.0329 4784 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:41:07.0340 4784 PptpMiniport - ok
15:41:07.0432 4784 [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
15:41:07.0462 4784 PrintNotify - ok
15:41:07.0492 4784 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:41:07.0492 4784 Processor - ok
15:41:07.0522 4784 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:41:07.0532 4784 ProfSvc - ok
15:41:07.0552 4784 [ 204F3F58212B3E422C90BD9691A2DF28 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:41:07.0552 4784 ProtectedStorage - ok
15:41:07.0582 4784 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:41:07.0582 4784 Psched - ok
15:41:07.0622 4784 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:41:07.0642 4784 ql2300 - ok
15:41:07.0672 4784 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:41:07.0672 4784 ql40xx - ok
15:41:07.0702 4784 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:41:07.0702 4784 QWAVE - ok
15:41:07.0712 4784 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:41:07.0722 4784 QWAVEdrv - ok
15:41:07.0732 4784 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:41:07.0732 4784 RasAcd - ok
15:41:07.0752 4784 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:41:07.0752 4784 RasAgileVpn - ok
15:41:07.0762 4784 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:41:07.0772 4784 RasAuto - ok
15:41:07.0802 4784 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:41:07.0802 4784 Rasl2tp - ok
15:41:07.0842 4784 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:41:07.0842 4784 RasMan - ok
15:41:07.0862 4784 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:41:07.0862 4784 RasPppoe - ok
15:41:07.0882 4784 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:41:07.0882 4784 RasSstp - ok
15:41:07.0912 4784 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:41:07.0922 4784 rdbss - ok
15:41:07.0932 4784 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:41:07.0932 4784 rdpbus - ok
15:41:07.0952 4784 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:41:07.0952 4784 RDPCDD - ok
15:41:07.0972 4784 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:41:07.0972 4784 RDPENCDD - ok
15:41:08.0002 4784 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:41:08.0002 4784 RDPREFMP - ok
15:41:08.0032 4784 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:41:08.0032 4784 RDPWD - ok
15:41:08.0052 4784 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:41:08.0052 4784 rdyboost - ok
15:41:08.0082 4784 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:41:08.0082 4784 RemoteAccess - ok
15:41:08.0112 4784 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:41:08.0122 4784 RemoteRegistry - ok
15:41:08.0132 4784 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:41:08.0142 4784 RpcEptMapper - ok
15:41:08.0162 4784 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:41:08.0162 4784 RpcLocator - ok
15:41:08.0202 4784 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:41:08.0202 4784 RpcSs - ok
15:41:08.0232 4784 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:41:08.0232 4784 rspndr - ok
15:41:08.0272 4784 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
15:41:08.0272 4784 RTL8167 - ok
15:41:08.0282 4784 [ 204F3F58212B3E422C90BD9691A2DF28 ] SamSs C:\Windows\system32\lsass.exe
15:41:08.0282 4784 SamSs - ok
15:41:08.0382 4784 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:41:08.0382 4784 SASDIFSV - ok
15:41:08.0419 4784 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:41:08.0420 4784 SASKUTIL - ok
15:41:08.0484 4784 [ F22189298ABFC75F2A2D87BCCD3CA092 ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
15:41:08.0484 4784 SbieDrv - ok
15:41:08.0524 4784 [ 53A64997DEC2AA75C611B376E5A9D03F ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
15:41:08.0524 4784 SbieSvc - ok
15:41:08.0564 4784 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:41:08.0564 4784 sbp2port - ok
15:41:08.0594 4784 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:41:08.0594 4784 SCardSvr - ok
15:41:08.0624 4784 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:41:08.0624 4784 scfilter - ok
15:41:08.0664 4784 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:41:08.0684 4784 Schedule - ok
15:41:08.0714 4784 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:41:08.0714 4784 SCPolicySvc - ok
15:41:08.0744 4784 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:41:08.0754 4784 SDRSVC - ok
15:41:08.0814 4784 [ 21427069E4C6D325275CCC1A0F64D4D8 ] Seagate Dashboard Services C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
15:41:08.0824 4784 Seagate Dashboard Services - ok
15:41:08.0864 4784 [ DF7A7EDF03187D83B8EE8F769FC3FCBD ] Seagate MobileBackup Service C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
15:41:08.0864 4784 Seagate MobileBackup Service - ok
15:41:08.0894 4784 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:41:08.0894 4784 secdrv - ok
15:41:08.0914 4784 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:41:08.0914 4784 seclogon - ok
15:41:08.0954 4784 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:41:08.0954 4784 SENS - ok
15:41:08.0964 4784 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:41:08.0974 4784 SensrSvc - ok
15:41:08.0984 4784 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:41:08.0984 4784 Serenum - ok
15:41:09.0004 4784 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:41:09.0004 4784 Serial - ok
15:41:09.0034 4784 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:41:09.0034 4784 sermouse - ok
15:41:09.0094 4784 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:41:09.0094 4784 SessionEnv - ok
15:41:09.0114 4784 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:41:09.0114 4784 sffdisk - ok
15:41:09.0124 4784 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:41:09.0124 4784 sffp_mmc - ok
15:41:09.0134 4784 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:41:09.0134 4784 sffp_sd - ok
15:41:09.0144 4784 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:41:09.0154 4784 sfloppy - ok
15:41:09.0184 4784 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:41:09.0184 4784 SharedAccess - ok
15:41:09.0224 4784 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:41:09.0234 4784 ShellHWDetection - ok
15:41:09.0244 4784 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:41:09.0244 4784 SiSRaid2 - ok
15:41:09.0264 4784 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:41:09.0264 4784 SiSRaid4 - ok
15:41:09.0314 4784 [ 50D9949020E02B847CD48F1243FCB895 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:41:09.0314 4784 SkypeUpdate - ok
15:41:09.0334 4784 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:41:09.0334 4784 Smb - ok
15:41:09.0374 4784 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:41:09.0374 4784 SNMPTRAP - ok
15:41:09.0400 4784 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:41:09.0401 4784 spldr - ok
15:41:09.0442 4784 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:41:09.0447 4784 Spooler - ok
15:41:09.0520 4784 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:41:09.0538 4784 sppsvc - ok
15:41:09.0553 4784 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:41:09.0558 4784 sppuinotify - ok
15:41:09.0626 4784 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$XMAP7 c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\SQLAGENT.EXE
15:41:09.0636 4784 SQLAgent$XMAP7 - ok
15:41:09.0676 4784 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:41:09.0676 4784 SQLBrowser - ok
15:41:09.0696 4784 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:41:09.0696 4784 SQLWriter - ok
15:41:09.0736 4784 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:41:09.0736 4784 srv - ok
15:41:09.0766 4784 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:41:09.0766 4784 srv2 - ok
15:41:09.0776 4784 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:41:09.0786 4784 srvnet - ok
15:41:09.0816 4784 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:41:09.0816 4784 SSDPSRV - ok
15:41:09.0846 4784 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:41:09.0846 4784 SstpSvc - ok
15:41:09.0876 4784 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:41:09.0876 4784 stexstor - ok
15:41:09.0916 4784 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:41:09.0926 4784 stisvc - ok
15:41:09.0956 4784 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:41:09.0956 4784 swenum - ok
15:41:10.0056 4784 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:41:10.0066 4784 swprv - ok
15:41:10.0116 4784 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:41:10.0126 4784 SysMain - ok
15:41:10.0162 4784 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:41:10.0166 4784 TabletInputService - ok
15:41:10.0185 4784 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:41:10.0189 4784 TapiSrv - ok
15:41:10.0200 4784 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:41:10.0204 4784 TBS - ok
15:41:10.0248 4784 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:41:10.0278 4784 Tcpip - ok
15:41:10.0308 4784 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:41:10.0318 4784 TCPIP6 - ok
15:41:10.0348 4784 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:41:10.0349 4784 tcpipreg - ok
15:41:10.0370 4784 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:41:10.0370 4784 TDPIPE - ok
15:41:10.0400 4784 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:41:10.0400 4784 TDTCP - ok
15:41:10.0440 4784 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:41:10.0440 4784 tdx - ok
15:41:10.0470 4784 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:41:10.0470 4784 TermDD - ok
15:41:10.0510 4784 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:41:10.0520 4784 TermService - ok
15:41:10.0540 4784 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:41:10.0540 4784 Themes - ok
15:41:10.0567 4784 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:41:10.0569 4784 THREADORDER - ok
15:41:10.0581 4784 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:41:10.0584 4784 TrkWks - ok
15:41:10.0631 4784 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:41:10.0632 4784 TrustedInstaller - ok
15:41:10.0662 4784 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:41:10.0662 4784 tssecsrv - ok
15:41:10.0702 4784 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:41:10.0702 4784 TsUsbFlt - ok
15:41:10.0732 4784 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:41:10.0742 4784 tunnel - ok
15:41:10.0762 4784 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:41:10.0762 4784 uagp35 - ok
15:41:10.0802 4784 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:41:10.0802 4784 udfs - ok
15:41:10.0842 4784 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:41:10.0842 4784 UI0Detect - ok
15:41:10.0882 4784 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:41:10.0882 4784 uliagpkx - ok
15:41:10.0892 4784 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:41:10.0902 4784 umbus - ok
15:41:10.0922 4784 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:41:10.0922 4784 UmPass - ok
15:41:10.0952 4784 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:41:10.0962 4784 upnphost - ok
15:41:10.0992 4784 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
15:41:10.0992 4784 USBAAPL64 - ok
15:41:11.0032 4784 [ B0435098C81D04CAFFF80DDB746CD3A2 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:41:11.0032 4784 usbaudio - ok
15:41:11.0072 4784 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:41:11.0072 4784 usbccgp - ok
15:41:11.0102 4784 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:41:11.0102 4784 usbcir - ok
15:41:11.0112 4784 [ 18A85013A3E0F7E1755365D287443965 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:41:11.0112 4784 usbehci - ok
15:41:11.0142 4784 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:41:11.0142 4784 usbhub - ok
15:41:11.0162 4784 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:41:11.0162 4784 usbohci - ok
15:41:11.0192 4784 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:41:11.0192 4784 usbprint - ok
15:41:11.0232 4784 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:41:11.0232 4784 usbscan - ok
15:41:11.0252 4784 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:41:11.0252 4784 USBSTOR - ok
15:41:11.0272 4784 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:41:11.0272 4784 usbuhci - ok
15:41:11.0342 4784 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:41:11.0342 4784 UxSms - ok
15:41:11.0362 4784 [ 204F3F58212B3E422C90BD9691A2DF28 ] VaultSvc C:\Windows\system32\lsass.exe
15:41:11.0362 4784 VaultSvc - ok
15:41:11.0382 4784 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:41:11.0382 4784 vdrvroot - ok
15:41:11.0412 4784 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:41:11.0422 4784 vds - ok
15:41:11.0442 4784 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:41:11.0452 4784 vga - ok
15:41:11.0462 4784 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:41:11.0462 4784 VgaSave - ok
15:41:11.0492 4784 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:41:11.0502 4784 vhdmp - ok
15:41:11.0554 4784 [ EB8E24360CAF3492E129B9E485CDCA9C ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
15:41:11.0564 4784 VIAHdAudAddService - ok
15:41:11.0604 4784 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:41:11.0604 4784 viaide - ok
15:41:11.0624 4784 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:41:11.0624 4784 volmgr - ok
15:41:11.0665 4784 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:41:11.0668 4784 volmgrx - ok
15:41:11.0682 4784 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:41:11.0686 4784 volsnap - ok
15:41:11.0713 4784 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:41:11.0716 4784 vsmraid - ok
15:41:11.0756 4784 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:41:11.0786 4784 VSS - ok
15:41:11.0796 4784 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:41:11.0806 4784 vwifibus - ok
15:41:11.0826 4784 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:41:11.0826 4784 W32Time - ok
15:41:11.0846 4784 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:41:11.0856 4784 WacomPen - ok
15:41:11.0886 4784 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:41:11.0986 4784 WANARP - ok
15:41:12.0016 4784 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:41:12.0016 4784 Wanarpv6 - ok
15:41:12.0066 4784 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:41:12.0086 4784 WatAdminSvc - ok
15:41:12.0136 4784 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:41:12.0166 4784 wbengine - ok
15:41:12.0196 4784 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:41:12.0196 4784 WbioSrvc - ok
15:41:12.0236 4784 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:41:12.0236 4784 wcncsvc - ok
15:41:12.0246 4784 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:41:12.0256 4784 WcsPlugInService - ok
15:41:12.0286 4784 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:41:12.0286 4784 Wd - ok
15:41:12.0326 4784 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:41:12.0336 4784 Wdf01000 - ok
15:41:12.0356 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:41:12.0356 4784 WdiServiceHost - ok
15:41:12.0366 4784 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:41:12.0376 4784 WdiSystemHost - ok
15:41:12.0413 4784 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient C:\Windows\System32\webclnt.dll
15:41:12.0418 4784 WebClient - ok
15:41:12.0428 4784 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:41:12.0438 4784 Wecsvc - ok
15:41:12.0458 4784 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:41:12.0458 4784 wercplsupport - ok
15:41:12.0478 4784 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:41:12.0478 4784 WerSvc - ok
15:41:12.0498 4784 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:41:12.0508 4784 WfpLwf - ok
15:41:12.0518 4784 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:41:12.0518 4784 WIMMount - ok
15:41:12.0538 4784 WinDefend - ok
15:41:12.0568 4784 WinHttpAutoProxySvc - ok
15:41:12.0598 4784 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:41:12.0598 4784 Winmgmt - ok
15:41:12.0658 4784 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:41:12.0698 4784 WinRM - ok
15:41:12.0741 4784 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:41:12.0743 4784 WinUsb - ok
15:41:12.0774 4784 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:41:12.0785 4784 Wlansvc - ok
15:41:12.0840 4784 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:41:12.0880 4784 wlidsvc - ok
15:41:12.0910 4784 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:41:12.0920 4784 WmiAcpi - ok
15:41:12.0950 4784 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:41:12.0960 4784 wmiApSrv - ok
15:41:12.0970 4784 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:41:12.0980 4784 WPCSvc - ok
15:41:13.0010 4784 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:41:13.0020 4784 WPDBusEnum - ok
15:41:13.0040 4784 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:41:13.0040 4784 ws2ifsl - ok
15:41:13.0070 4784 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:41:13.0070 4784 wscsvc - ok
15:41:13.0080 4784 WSearch - ok
15:41:13.0150 4784 [ 61FF576450CCC80564B850BC3FB6713A ] wuauserv C:\Windows\system32\wuaueng.dll
15:41:13.0160 4784 wuauserv - ok
15:41:13.0195 4784 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:41:13.0196 4784 WudfPf - ok
15:41:13.0212 4784 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:41:13.0212 4784 WUDFRd - ok
15:41:13.0232 4784 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:41:13.0232 4784 wudfsvc - ok
15:41:13.0272 4784 [ 04F82965C09CBDF646B487E145060301 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:41:13.0272 4784 WwanSvc - ok
15:41:13.0292 4784 ================ Scan global ===============================
15:41:13.0322 4784 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:41:13.0352 4784 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:41:13.0362 4784 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
15:41:13.0382 4784 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:41:13.0392 4784 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:41:13.0402 4784 [Global] - ok
15:41:13.0402 4784 ================ Scan MBR ==================================
15:41:13.0412 4784 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:41:13.0532 4784 \Device\Harddisk0\DR0 - ok
15:41:13.0592 4784 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
15:41:13.0612 4784 \Device\Harddisk1\DR1 - ok
15:41:13.0612 4784 ================ Scan VBR ==================================
15:41:13.0612 4784 [ 6DC1B7CC6B15A1BA57938527F31318A9 ] \Device\Harddisk0\DR0\Partition1
15:41:13.0612 4784 \Device\Harddisk0\DR0\Partition1 - ok
15:41:13.0622 4784 [ DC814D3644824EFC894DD74BEB9CA6BA ] \Device\Harddisk0\DR0\Partition2
15:41:13.0632 4784 \Device\Harddisk0\DR0\Partition2 - ok
15:41:13.0632 4784 [ 1EF7650F1BA49992076C31E736ED3BD9 ] \Device\Harddisk1\DR1\Partition1
15:41:13.0632 4784 \Device\Harddisk1\DR1\Partition1 - ok
15:41:13.0642 4784 ============================================================
15:41:13.0642 4784 Scan finished
15:41:13.0642 4784 ============================================================
15:41:13.0652 2772 Detected object count: 0
15:41:13.0652 2772 Actual detected object count: 0
15:41:19.0076 4192 Deinitialize success

 

[bbudesa]

results of JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Bob on Wed 10/08/2014 at 16:02:58.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update secretsauce
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util secretsauce
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateSecretSauce_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilSecretSauce_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateSecretSauce_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilSecretSauce_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilSecretSauce_RASMANCS



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Program Files (x86)\eusing free registry cleaner"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
Successfully deleted: [Folder] "C:\Users\Bob\AppData\Roaming\microsoft\windows\start menu\programs\free registry cleaner"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/08/2014 at 16:09:42.70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[bbudesa]

Malwarebytes wouldn't run (I've tried for days!).

Here's results from rkill:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/08/2014 04:14:31 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/08/2014 04:15:28 PM
Execution time: 0 hours(s), 0 minute(s), and 56 seconds(s)

 

[johnb35]

Are you running the latest version of malwarebytes? Have you tried running it in safe mode?

 

[bbudesa]

OTL results:

OTL logfile created on: 10/8/2014 4:23:22 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.45 Gb Available Physical Memory | 70.30% Memory free
15.50 Gb Paging File | 13.39 Gb Available in Paging File | 86.43% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 306.79 Gb Free Space | 65.88% Space Free | Partition Type: NTFS
Drive H: | 2794.51 Gb Total Space | 2336.11 Gb Free Space | 83.60% Space Free | Partition Type: NTFS

Computer Name: BUDESAPC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Pale Moon\palemoon.exe (Moonchild Productions)
PRC - C:\Program Files\Alwil Software\Avast5\avastui.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
PRC - C:\Users\Bob\Desktop\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Pale Moon\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\0e64e782ed0f5deb5c96661b74e9f15f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b51470d7e909c4fab01a25fd1e1c42dc\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\473a9ad4bc33576cdf418bd8ad108f08\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\3c777eb7042798554bcf10134595273e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\28684b3f787d06edd1de8b574521d867\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5ee6a5fbbf59e1c3ca14631ff12dd6ec\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9b943fcb3af2101cfb3467161c6ac0ed\System.ni.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\libcef.dll ()
MOD - C:\Program Files\Alwil Software\Avast5\aswProperty.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Firewall) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe (AVAST Software)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (Sandboxie Holdings, LLC)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Seagate MobileBackup Service) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe (Seagate Technology LLC)
SRV - (Seagate Dashboard Services) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (PCPitstop Scheduling) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe (PC Pitstop LLC)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (aswNdisFlt) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys (AVAST Software)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (Sandboxie Holdings, LLC)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 24 A3 19 FA 79 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.msn.com/?ppud=4"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2
FF - prefs.js..extensions.enabledAddons: extension%40FastFreeConverter.com:3.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/07/06 16:18:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/01/29 07:31:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.7.2\extensions\\Components: C:\Program Files (x86)\Pale Moon\components [2014/05/01 18:51:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Pale Moon 24.7.2\extensions\\Plugins: C:\Program Files (x86)\Pale Moon\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014/01/29 07:31:04 | 000,000,000 | ---D | M]

[2013/10/01 15:26:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Extensions
[2013/12/06 12:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions
[2012/11/29 10:42:54 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Toolbar) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{2104C0F5-952D-443c-AFCD-8F892F991F55}
[2010/08/28 21:06:47 | 000,000,000 | ---D | M] (Charter Update) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\{fa8cb1bd-1442-439c-8225-b8b16983d9b7}
[2013/12/06 12:25:59 | 000,000,000 | ---D | M] ("FTdownloader V6.0") -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\cf7c3171-a228-46e6-872e-0ce5cd488f65@26856adc-3092-4439-91e4-b8f9b988d0d9.com
[2013/12/06 12:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\cf7c3171-a228-46e6-872e-0ce5cd488f65@26856adc-3092-4439-91e4-b8f9b988d0d9.com\extensionData
[2013/12/06 12:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\cf7c3171-a228-46e6-872e-0ce5cd488f65@26856adc-3092-4439-91e4-b8f9b988d0d9.com\extensionData\plugins
[2013/12/06 12:25:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\Firefox\Profiles\phm5365y.default\extensions\cf7c3171-a228-46e6-872e-0ce5cd488f65@26856adc-3092-4439-91e4-b8f9b988d0d9.com\extensionData\userCode
[2013/07/01 12:24:00 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\[email protected]
[2013/10/09 14:26:42 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\mozilla\firefox\profiles\phm5365y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/13 11:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/21 12:01:12 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2014/04/07 21:00:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.msn.com/?pc=AV01
CHR - Extension: avast! Online Security = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\

O1 HOSTS File: ([2014/10/08 11:07:03 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKCU..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2014/05/08 13:33:46 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC2C1E85-256B-4516-8B9E-255E48D3022D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/16 15:33:30 | 000,000,040 | -H-- | M] () - H:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/08 16:02:19 | 001,705,141 | ---- | C] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2014/10/08 12:18:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/10/08 12:15:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/10/08 10:47:49 | 000,000,000 | ---D | C] -- C:\RegBackup
[2014/10/08 10:34:55 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/08 10:33:49 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/10/08 10:33:49 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/10/08 10:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2014/10/08 10:10:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2014/10/08 10:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/10/08 10:06:08 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/10/08 10:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/10/08 09:54:51 | 000,000,000 | R--D | C] -- C:\Sandbox
[2014/10/08 09:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2014/10/08 09:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2014/10/03 20:24:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/09/19 07:30:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Eusing
[2013/03/30 22:01:42 | 002,000,040 | ---- | C] (Driver Restore) -- C:\Program Files (x86)\DriverRestore.exe
[2011/05/17 02:53:09 | 000,411,136 | ---- | C] (Google) -- C:\Program Files (x86)\googleearth.exe
[2011/05/17 02:18:36 | 000,632,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr80.dll
[2011/05/17 02:18:36 | 000,554,832 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp80.dll
[2011/05/17 02:14:05 | 005,816,320 | ---- | C] (OSGeo) -- C:\Program Files (x86)\gdal17.dll

========== Files - Modified Within 30 Days ==========

[2014/10/08 16:13:31 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/10/08 16:13:19 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/08 15:59:50 | 000,022,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/10/08 15:59:50 | 000,022,768 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/10/08 15:56:39 | 000,915,362 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/10/08 15:56:39 | 000,747,640 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/10/08 15:56:39 | 000,151,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/10/08 15:52:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/10/08 15:51:52 | 1945,505,791 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/08 12:12:52 | 000,322,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/10/08 11:07:03 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/10/08 10:59:02 | 000,915,362 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/10/08 10:47:52 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BUDESAPC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/10/08 10:10:38 | 000,002,159 | ---- | M] () -- C:\Users\Bob\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/10/08 09:58:44 | 000,001,486 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2014/10/08 09:54:35 | 000,000,962 | ---- | M] () -- C:\Users\Bob\Desktop\Sandboxed Web Browser.lnk
[2014/10/06 07:12:54 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\CCleanerClean.job
[2014/10/06 03:00:01 | 001,705,141 | ---- | M] (Thisisu) -- C:\Users\Bob\Desktop\JRT_NEW.exe
[2014/10/03 20:24:30 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/20 05:49:47 | 000,100,782 | ---- | M] () -- C:\Users\Bob\Documents\bp.xps
[2014/09/19 10:38:36 | 000,001,011 | ---- | M] () -- C:\Users\Bob\Desktop\Dropbox.lnk
[2014/09/19 07:30:18 | 000,001,053 | ---- | M] () -- C:\Users\Bob\Desktop\Eusing Free Registry Cleaner.lnk
[2014/09/15 09:14:13 | 000,156,727 | ---- | M] () -- C:\Users\Bob\Documents\label.xps

========== Files Created - No Company Name ==========

[2014/10/08 10:47:52 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BUDESAPC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/10/08 10:33:57 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/08 10:10:38 | 000,002,159 | ---- | C] () -- C:\Users\Bob\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2014/10/08 09:48:35 | 000,000,962 | ---- | C] () -- C:\Users\Bob\Desktop\Sandboxed Web Browser.lnk
[2014/10/08 09:48:33 | 000,001,486 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2014/10/04 09:14:40 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\CCleanerClean.job
[2014/10/03 20:24:30 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/09/20 05:49:44 | 000,100,782 | ---- | C] () -- C:\Users\Bob\Documents\bp.xps
[2014/09/19 07:30:17 | 000,001,053 | ---- | C] () -- C:\Users\Bob\Desktop\Eusing Free Registry Cleaner.lnk
[2014/09/15 09:14:12 | 000,156,727 | ---- | C] () -- C:\Users\Bob\Documents\label.xps
[2014/05/08 13:42:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\Track Settings
[2014/05/08 13:42:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\SystemConfiguration
[2014/01/29 07:26:03 | 000,196,401 | ---- | C] () -- C:\Windows\hpoins41.dat
[2013/11/03 16:29:53 | 000,193,570 | ---- | C] () -- C:\Windows\hpoins41.dat.temp
[2013/11/03 16:29:53 | 000,001,253 | ---- | C] () -- C:\Windows\hpomdl41.dat.temp
[2013/11/03 10:48:04 | 000,000,017 | ---- | C] () -- C:\Users\Bob\AppData\Local\resmon.resmoncfg
[2013/10/04 22:40:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/10/04 22:40:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/10/04 22:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/10/04 22:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/10/04 22:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/30 19:46:19 | 000,000,258 | RHS- | C] () -- C:\Users\Bob\ntuser.pol
[2013/04/01 07:32:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\Inst2891.dll
[2011/12/31 20:10:07 | 000,004,608 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/17 02:41:13 | 000,291,840 | ---- | C] () -- C:\Program Files (x86)\gpsbabel.exe
[2011/05/17 02:40:52 | 000,056,320 | ---- | C] () -- C:\Program Files (x86)\earthflashsol.exe
[2011/05/17 02:17:54 | 000,053,248 | ---- | C] () -- C:\Program Files (x86)\wavdest.ax
[2011/05/17 02:13:54 | 000,352,333 | ---- | C] () -- C:\Program Files (x86)\pcs.csv
[2011/05/17 02:13:54 | 000,233,102 | ---- | C] () -- C:\Program Files (x86)\ecw_cs.dat
[2011/05/17 02:13:54 | 000,145,621 | ---- | C] () -- C:\Program Files (x86)\projop_wparm.csv
[2011/05/17 02:13:54 | 000,107,562 | ---- | C] () -- C:\Program Files (x86)\gdal_datum.csv
[2011/05/17 02:13:54 | 000,031,394 | ---- | C] () -- C:\Program Files (x86)\s57objectclasses.csv
[2011/05/17 02:13:54 | 000,028,075 | ---- | C] () -- C:\Program Files (x86)\gcs.csv
[2011/05/17 02:13:54 | 000,021,893 | ---- | C] () -- C:\Program Files (x86)\s57expectedinput.csv
[2011/05/17 02:13:54 | 000,018,006 | ---- | C] () -- C:\Program Files (x86)\unit_of_measure.csv
[2011/05/17 02:13:54 | 000,011,875 | ---- | C] () -- C:\Program Files (x86)\ellipsoid.csv
[2011/05/17 02:13:54 | 000,010,573 | ---- | C] () -- C:\Program Files (x86)\stateplane.csv
[2011/05/17 02:13:54 | 000,009,236 | ---- | C] () -- C:\Program Files (x86)\seed_2d.dgn
[2011/05/17 02:13:54 | 000,007,452 | ---- | C] () -- C:\Program Files (x86)\s57attributes.csv
[2011/05/17 02:13:54 | 000,002,048 | ---- | C] () -- C:\Program Files (x86)\seed_3d.dgn
[2011/05/17 02:13:54 | 000,001,613 | ---- | C] () -- C:\Program Files (x86)\prime_meridian.csv
[2011/05/17 02:13:54 | 000,000,444 | ---- | C] () -- C:\Program Files (x86)\gdalicon.png
[2011/05/17 02:13:51 | 000,003,812 | ---- | C] () -- C:\Program Files (x86)\WMV9_Highest_Quality_Video_(16mbps).prx
[2011/05/17 02:13:51 | 000,003,794 | ---- | C] () -- C:\Program Files (x86)\WMV9_DVD_Quality_(6mbps).prx
[2011/05/17 02:13:39 | 000,005,219 | ---- | C] () -- C:\Program Files (x86)\ImporterUISettings.ini
[2011/05/17 02:13:39 | 000,001,013 | ---- | C] () -- C:\Program Files (x86)\ImporterGlobalSettings.ini
[2011/05/17 02:13:39 | 000,000,704 | ---- | C] () -- C:\Program Files (x86)\PCOptimizations.ini
[2011/05/17 02:13:31 | 000,075,289 | ---- | C] () -- C:\Program Files (x86)\drivers.ini
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\kh56
[2011/05/17 02:13:31 | 000,000,000 | ---- | C] () -- C:\Program Files (x86)\googleearth.exe.local
[2010/09/21 12:05:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/07/17 13:45:21 | 000,000,377 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/03 12:36:37 | 000,000,219 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\default.rss
[2010/05/03 12:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\downloads.m3u
[2009/12/30 16:45:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/12/30 16:45:45 | 000,000,000 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Trance Pad
[2009/12/14 14:34:48 | 000,024,601 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\Comma Separated Values (Windows).ADR

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/22 07:03:21 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\AVAST Software
[2011/10/29 14:04:14 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DeLorme
[2013/02/16 10:39:22 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DirectoryListPrintPro
[2013/10/02 06:43:35 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DiskDefrag
[2014/10/02 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Dropbox
[2013/11/11 14:30:26 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\EPSON
[2014/09/19 07:30:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Eusing
[2013/10/01 15:18:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Garmin
[2010/09/21 11:43:18 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2013/10/14 06:40:32 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Moonchild Productions
[2014/06/10 08:31:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\NCH Swift Sound
[2009/12/30 16:50:40 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Nikon
[2009/12/11 17:42:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2010/02/16 13:56:04 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OverDrive
[2013/11/30 16:53:37 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Seagate
[2013/11/03 17:24:36 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Visan

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 682 bytes -> C:\Users\Bob\Documents\Community gear for Owyhee (1).eml:OECustomProperty

< End of report >

 

[johnb35]

Run the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

If for some reason, if you try to run a program or open a file and you get an error message saying "illegal operation attempted on a registry key that has been marked for deletion", please just reboot your pc and you'll be fine.


In your next reply please post:

The ComboFix log

 

[bbudesa]

Had some error messages while running this, but here's the log:

ComboFix 14-10-04.01 - SYSTEM 10/08/2014 20:58:09.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5740 [GMT -7:00]
Running from: c:\users\Bob\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
H:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2014-09-09 to 2014-10-09 )))))))))))))))))))))))))))))))
.
.
2014-10-09 04:15 . 2014-10-09 04:15 -------- d-----w- c:\users\Terri\AppData\Local\temp
2014-10-09 04:15 . 2014-10-09 04:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-09 04:15 . 2014-10-09 04:15 -------- d-----w- c:\users\Mike\AppData\Local\temp
2014-10-09 04:15 . 2014-10-09 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-09 04:15 . 2014-10-09 04:15 -------- d-----w- c:\users\Bob\AppData\Local\temp
2014-10-09 03:49 . 2014-10-09 04:15 -------- d-----w- C:\.
2014-10-09 03:49 . 2014-10-09 03:52 -------- d-----w- C:\32788R22FWJFW
2014-10-08 23:17 . 2014-10-09 03:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4113F5B-8332-4C74-8F5D-9C49C31F6FBF}\offreg.dll
2014-10-08 19:18 . 2014-10-09 03:51 -------- d-----w- c:\windows\system32\CatRoot2
2014-10-08 17:59 . 2014-10-08 17:59 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-10-08 17:47 . 2014-10-08 17:47 -------- d-----w- C:\RegBackup
2014-10-08 17:34 . 2014-10-09 03:40 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-08 17:33 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-08 17:33 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-08 17:10 . 2014-10-08 17:10 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-10-08 17:06 . 2014-05-12 14:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-08 17:06 . 2014-10-08 23:13 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-08 16:54 . 2014-10-08 16:54 -------- d-----r- C:\Sandbox
2014-10-08 16:48 . 2014-10-08 16:48 -------- d-----w- c:\program files\Sandboxie
2014-10-02 20:16 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-02 20:16 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-10-02 20:16 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-02 20:16 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-19 14:30 . 2014-09-19 14:30 -------- d-----w- c:\users\Bob\AppData\Roaming\Eusing
2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-09-11 10:18 . 2014-08-18 22:19 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-09-11 10:18 . 2014-08-18 22:08 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-09-11 10:18 . 2014-08-18 20:46 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-09-11 10:18 . 2014-08-19 18:05 810168 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2014-09-11 10:18 . 2014-08-19 17:39 812216 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2014-09-11 10:18 . 2014-08-18 21:08 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-09-11 10:18 . 2014-08-18 20:55 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-09-11 10:18 . 2014-08-18 21:23 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-11 10:18 . 2014-08-18 21:16 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-09-11 10:03 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 10:03 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 00:58 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-11 00:58 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 00:58 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-11 00:58 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-11 00:57 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-11 00:57 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-11 00:57 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-11 00:57 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-11 00:57 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-11 00:57 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-11 00:57 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 10:05 . 2009-12-12 17:49 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-27 18:51 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 18:51 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-27 18:51 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-04 14:58 . 2012-04-06 00:31 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-04 14:58 . 2011-06-03 00:49 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-25 09:35 . 2014-07-25 09:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47 . 2014-07-25 06:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-15 05:23 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-15 05:23 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-03-31 05:01 . 2013-03-31 05:01 2000040 ----a-w- c:\program files (x86)\DriverRestore.exe
2011-05-17 09:53 . 2011-05-17 09:53 411136 ----a-w- c:\program files (x86)\googleearth.exe
2011-05-17 09:41 . 2011-05-17 09:41 291840 ----a-w- c:\program files (x86)\gpsbabel.exe
2011-05-17 09:40 . 2011-05-17 09:40 56320 ----a-w- c:\program files (x86)\earthflashsol.exe
2011-05-17 09:18 . 2011-05-17 09:18 632656 ----a-w- c:\program files (x86)\msvcr80.dll
2011-05-17 09:18 . 2011-05-17 09:18 554832 ----a-w- c:\program files (x86)\msvcp80.dll
2011-05-17 09:17 . 2011-05-17 09:17 53248 ----a-w- c:\program files (x86)\wavdest.ax
2011-05-17 09:14 . 2011-05-17 09:14 5816320 ----a-w- c:\program files (x86)\gdal17.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files (x86)\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2014-05-29 784392]
"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-04-30 126056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2014-07-31 4085896]
.
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled\
Dropbox.lnk - c:\users\Bob\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
PlexRadar.lnk - c:\program files (x86)\Plextor\PlexUTILITIES\PlexRadar.exe [2011-10-16 2907136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 PrintNotify;Printer Extensions and Notifications;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [x]
R4 MSSQL$XMAP7;SQL Server (XMAP7);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\sqlservr.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 SQLAgent$XMAP7;SQL Server Agent (XMAP7);c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.XMAP7\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe;c:\program files\Alwil Software\Avast5\afwServ.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
S2 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\AutorunsDisabled\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-04 18:44 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:58]
.
2014-10-06 c:\windows\Tasks\CCleanerClean.job
- c:\program files (x86)\CCleaner\CCleaner.exe [2014-09-26 14:04]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 23:17]
.
2013-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-15 23:17]
.
2013-12-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2011-09-20 09:11]
.
2013-10-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 530ac1be-cbc4-48c0-9d79-5e3315f7dd3e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-10-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5760a512-5f91-47b7-9ef3-9b7d6712adca.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-06 23:18 634872 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutorunsDisabled\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Bob\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mSearch Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
mDefault_Page_URL = hxxp://www.google.com
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DC2C1E85-256B-4516-8B9E-255E48D3022D}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Eusing Free Registry Cleaner - c:\progra~2\EUSING~1\UNWISE.EXE
.
.
.
Completion time: 2014-10-08 21:22:44
ComboFix-quarantined-files.txt 2014-10-09 04:22
ComboFix2.txt 2013-10-05 17:29
ComboFix3.txt 2013-10-05 05:56
.
Pre-Run: 321,567,711,232 bytes free
Post-Run: 321,167,515,648 bytes free
.
- - End Of File - - 7C05D5AF79B83E7A12061A076858DC16
A36C5E4F47E84449FF07ED3517B43A31

 

[bbudesa]

Odd thing happened last night.

When first initializing ComboFix, it sent me the following error message:

This OS is not supported. ComboFix only runs on:
XP (32bit)
Vista 32/64
Win7 32/64
Win8 32/64

Windows 2000 is no longer supported.

Huh? I'm running XP!

Wonder if I need to uninstall, then reinstall?

 

[johnb35]

All your logs show that you have windows 7 64 bit. Not sure how or why it would come up with windows 2000. I'll look at your log better when I get home from work.

 

[bbudesa]

Still not sure why Combofix is picking up a Windows 2000 reference?

 

[johnb35]

Sorry that I never replied back. Was this a fresh install of windows 7? Or was there a previous install of 2000 on here?

 

[bbudesa]

It was a fresh install John. I built this machine about 5 years ago, and installed it then.

I've got to be away from computer for a bit, but will check back later.

Thanks for all you do John.

Bob

 

[johnb35]

Then I can't figure out why combofix would say that. It even says windows 7 up in the first part of the log. Are you still not able to get Malwarebytes to run? Have you tried uninstalling and reinstalling it?

 

[bbudesa]

Hi John.

Yes, I've tried a dozen times to uninstall and reinstall, always with the same results. It bombs out.

Same thing with Combofix. Now, I did try to run as Administrator, and although a bunch of error boxes kept coming up, it finally made it through. I'm sure, due to the error boxes, it didn't run as efficiently as it could have, nor did it find everything it should have.

My machine seems to be running a bit faster from turning on to active sites. I've been going through the same routine several times (tdskiller, adwCleaner, jrt, rkill, OTL) trying to coax out any problems that may have been missed on earlier attempts.

Well, the Oregon Ducks are almost on, so I'll check this later. They're the only game I watch on TV. It's about the ONLY thing I watch on TV, period.

thanks,

Bob