Solved Windows has encountered a critical error will restart in one minute

[Gobbler]

Hi there!
I found this site while researching a problem that has just occurred on my desktop. As you have probably already guessed, I fell for the fake Adobe update and downloaded myself a heap of trouble instead. I'm not sure of the correct name for the virus is but the message in my post title comes up as soon as I log on and then everything shuts down before I can do anything. I think this is a common virus at the moment and hopefully the above is enough for you to identify it. I have Microsoft Security Essentials as my security and obviously it got around that as I ok'd the download. My Desktop is running Windows 7 32bit system. Please let me know if you need any further info. Many thanks!

I have followed the steps provided on this link up to the point where my logs need to be reviewed.

https://www.techspot.com/community/...ical-error-will-restart-in-one-minute.184335/

Below are my logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-11-2012
Ran by SYSTEM at 15-11-2012 21:57:40
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Josh\...\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe [x]
HKU\Josh\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Josh\...\Run: [Plex Media Server] "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe" [2495056 2011-07-26] (Plex, Inc.)
HKU\Josh\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Josh\...\RunOnce: [Application Restart #2] C:\Program Files\Google\Chrome Frame\Application\chrome.exe --automation-channel=ChromeTestingInterface:4292.1 --chrome-frame --no-first-run --disable-background-mode --disable-popup-blocking --disable-print-preview --chrome-frame-shutdown-delay=30 --user-data-dir="C:\Users\Josh\AppData\Local\Google\Chrome Frame\User Data\iexplore" --chrome-version=19.0.1084.56 --lang=en-US --flag-switches-begin --flag-switches-end --restore-last-session [1242136 2012-10-31] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Startup: C:\Users\Josh\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

==================== Services (Whitelisted) ===================

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [11552 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [214952 2012-03-26] (Microsoft Corporation)
2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2214504 2011-05-21] (NVIDIA Corporation)
2 3combootp; C:\Windows\System32\HSFHWALI.dll [x]
2 3comtftp; C:\Windows\System32\mediaviewer.dll [x]
2 abnetmon; C:\Windows\System32\aeclienthostservice.dll [x]
2 ACDaemon; C:\Windows\System32\emAudio.dll [x]
2 admjoy; C:\Windows\System32\WD_FireWire_HID.dll [x]
2 adsservice; C:\Windows\System32\vwlogger.dll [x]
2 aexnsclient; C:\Windows\System32\bgs_sdservice.dll [x]
2 ami0nt; C:\Windows\System32\nuvvid2.dll [x]
2 Amsmpu4p; C:\Windows\System32\a016bus.dll [x]
2 apache2; C:\Windows\System32\prfldsvc.dll [x]
2 application; C:\Windows\System32\w810mgmt.dll [x]
2 ARCSOFTVIRTUALCAPTURE; C:\Windows\System32\w810mgmt.dll [x]
2 armoucfltr; C:\Windows\System32\NETGEAR_MA111.dll [x]
2 arp1394; C:\Windows\System32\AVRec.dll [x]
2 aslm75; C:\Windows\System32\vmusb.dll [x]
2 aswtdi; C:\Windows\System32\vtserver.dll [x]
2 atchksrv; C:\Windows\System32\STV672.dll [x]
2 ATIBTXBAR; C:\Windows\System32\w3svc.dll [x]
2 ATKGFNEXSrv; C:\Windows\System32\igfx.dll [x]
2 atksgt; C:\Windows\System32\lmimaint.dll [x]
2 Atmuni; C:\Windows\System32\epsonstatusagent2.dll [x]
2 avc; C:\Windows\System32\wdm_au8820.dll [x]
2 avg7rsw; C:\Windows\System32\db2.dll [x]
2 avsinc; C:\Windows\System32\euq_monitor.dll [x]
2 avsvcmonitor; C:\Windows\System32\vaiomediaplatform-photoserver-appserver.dll [x]
2 b57w2k; C:\Windows\System32\TSHWMDTCP.dll [x]
2 backupclientsvc; C:\Windows\System32\S7oppilx.dll [x]
2 backupexecrpcservice; C:\Windows\System32\rimusb.dll [x]
2 bb-run; C:\Windows\System32\ATIVXSTW.dll [x]
2 bdrsdrv; C:\Windows\System32\Ld51ocnucsnp.dll [x]
2 bgmainsvc; C:\Windows\System32\mnmsrvc.dll [x]
2 bgsvcgen; C:\Windows\System32\nhcDriverDevice.dll [x]
2 bmuservice; C:\Windows\System32\AKSIFDH.dll [x]
2 bocdrive; C:\Windows\System32\anio.dll [x]
2 btcsrusb; C:\Windows\System32\xpadminserver.dll [x]
2 bthpan; C:\Windows\System32\sfhlp01.dll [x]
2 caccprovsp; C:\Windows\System32\nuvvid2.dll [x]
2 cbidf; C:\Windows\System32\usbvideo.dll [x]
2 CcmExec; C:\Windows\System32\PSSdk21.dll [x]
2 CdaC15BA; C:\Windows\System32\pxfhserd.dll [x]
2 CDRPDACC; C:\Windows\System32\MXOPSWD.dll [x]
2 CE3; C:\Windows\System32\CnxTrLan.dll [x]
2 centennialiptransferagent; C:\Windows\System32\asapiw2k.dll [x]
2 cfsvcs; C:\Windows\System32\nscirda.dll [x]
2 client32; C:\Windows\System32\mysql.dll [x]
2 CnxTrUsb; C:\Windows\System32\raspti.dll [x]
2 CoachVc; C:\Windows\System32\NICM.dll [x]
2 contentfilter; C:\Windows\System32\i2omgmt.dll [x]
2 contentindex; C:\Windows\System32\xpadminserver.dll [x]
2 cpqdmi; C:\Windows\System32\revudfservice.dll [x]
2 cpqvcagent; C:\Windows\System32\Xyz777s.dll [x]
2 cpsvc; C:\Windows\System32\wmdmpmsn.dll [x]
2 cq_mem; C:\Windows\System32\asapiw2k.dll [x]
2 crystaloutputfileserver; C:\Windows\System32\rupsmon.dll [x]
2 CTHWIUT.DLL; C:\Windows\System32\DN2AKNET.dll [x]
2 CTMMOUNT; C:\Windows\System32\V0070VID.dll [x]
2 ctusfsyn; C:\Windows\System32\epsonbidirectionalservice.dll [x]
2 curtainssyssvc; C:\Windows\System32\PSSdk23.dll [x]
2 CVPNDRVA; C:\Windows\System32\CTDevice_Srv.dll [x]
2 d-link_st3402; C:\Windows\System32\ageremodemaudio.dll [x]
2 db2; C:\Windows\System32\RecAgent.dll [x]
2 dbmanagerscheduler; C:\Windows\System32\btkrnl.dll [x]
2 dbmang; C:\Windows\System32\papyjoy.dll [x]
2 DcCam; C:\Windows\System32\ZY202_XP.dll [x]
2 DeviceScanner; C:\Windows\System32\fsks.dll [x]
2 Dfs; C:\Windows\System32\omniusbl.dll [x]
2 digictrl; C:\Windows\System32\pavdrv.dll [x]
2 DivisCTP; C:\Windows\System32\itmrtsvc.dll [x]
2 dklogger; C:\Windows\System32\SMCB000.dll [x]
2 dlbx_device; C:\Windows\System32\aslm75.dll [x]
2 dmload; C:\Windows\System32\symc8xx.dll [x]
2 DNE; C:\Windows\System32\naimagent32.dll [x]
2 dot4ufd; C:\Windows\System32\vulfnths.dll [x]
2 dpc_srv_webcast; C:\Windows\System32\kl1.dll [x]
2 driverhardwarev2; C:\Windows\System32\gusvc.dll [x]
2 DSI_SiUSBXp_3_1; C:\Windows\System32\mraid35x.dll [x]
2 dsncservice; C:\Windows\System32\snare.dll [x]
2 dvd-ram_service; C:\Windows\System32\ifxspmgtsrv.dll [x]
2 dwusbdnt; C:\Windows\System32\pavfnsvr.dll [x]
2 eeyeevnt; C:\Windows\System32\comhost.dll [x]
2 ELacpi; C:\Windows\System32\disk.dll [x]
2 epfwtdi; C:\Windows\System32\sfng32.dll [x]
2 F700imd; C:\Windows\System32\oracleservicelocalora.dll [x]
2 fasttrackinstallerservice; C:\Windows\System32\s125bus.dll [x]
2 FireTDI; C:\Windows\System32\GTSCSER.dll [x]
2 flashpnt; C:\Windows\System32\se2Cnd5.dll [x]
2 FTDIBUS; C:\Windows\System32\RadProbe.dll [x]
2 ftrtsvc; C:\Windows\System32\ARPolicy.dll [x]
2 FVXSCSI; C:\Windows\System32\ultra66.dll [x]
2 gs30s; C:\Windows\System32\hamachi.dll [x]
2 GVCplDrv; C:\Windows\System32\snpstd2.dll [x]
2 HabuFltr; C:\Windows\System32\lanmanserver.dll [x]
2 hap17v2k; C:\Windows\System32\lxce_device.dll [x]
2 hcmon; C:\Windows\System32\s616mdfl.dll [x]
2 hf30service; C:\Windows\System32\bt3cser.dll [x]
2 hpqddsvc; C:\Windows\System32\msmpsvc.dll [x]
2 hpwirelessmgr; C:\Windows\System32\mcredirector.dll [x]
2 hsfhwazl; C:\Windows\System32\rslinxng.dll [x]
2 hSONYPVh; C:\Windows\System32\cwafreportscheduler.dll [x]
2 HssSrv; C:\Windows\System32\https-admserv61.dll [x]
2 hsvcmod; C:\Windows\System32\k750mdfl.dll [x]
2 HSX_DP; C:\Windows\System32\HFACSVC.dll [x]
2 HWIONT; C:\Windows\System32\volsnap.dll [x]
2 i2omgmt; C:\Windows\System32\redbook.dll [x]
2 iaantmon; C:\Windows\System32\gv3.dll [x]
2 iAimFP7; C:\Windows\System32\ProcObsrv.dll [x]
2 icraplus; C:\Windows\System32\MA-620.dll [x]
2 ifp800; C:\Windows\System32\vulfntrs.dll [x]
2 ifxspmgtsrv; C:\Windows\System32\ZSMC301b.dll [x]
2 ikfilesec; C:\Windows\System32\akshasp.dll [x]
2 ikhlayer; C:\Windows\System32\RVIEG01.dll [x]
2 imonitor; C:\Windows\System32\lirsgt.dll [x]
2 ino_flpy; C:\Windows\System32\SymIM.dll [x]
2 Invoker; C:\Windows\System32\hkmsvc.dll [x]
2 iolodmv; C:\Windows\System32\ibmasrex.dll [x]
2 iolo_srv; C:\Windows\System32\USIUDF.dll [x]
2 JiaoCap; C:\Windows\System32\VIAPFD.dll [x]
2 JRAID; C:\Windows\System32\vpctcom.dll [x]
2 jsdaemon; C:\Windows\System32\WmHidLo.dll [x]
2 k750bus; C:\Windows\System32\licensemanagersocket.dll [x]
2 KLOGNT; C:\Windows\System32\avfilter.dll [x]
2 kpf4; C:\Windows\System32\bwmservice.dll [x]
2 kwatchsvc; C:\Windows\System32\admservice.dll [x]
2 L1e; C:\Windows\System32\scanwscs.dll [x]
2 ldlcserv; C:\Windows\System32\lxrjd31s.dll [x]
2 lhidflt2; C:\Windows\System32\rsvchost.dll [x]
2 LHidKe; C:\Windows\System32\avidsdmservice.dll [x]
2 lirsgt; C:\Windows\System32\sentinel.dll [x]
2 LKbdFlt2; C:\Windows\System32\NWUSBPort.dll [x]
2 LMouKE; C:\Windows\System32\MXOPSWD.dll [x]
2 lp6nds35; C:\Windows\System32\pae_avs.dll [x]
2 LPDSVC; C:\Windows\System32\raidmagt.dll [x]
2 ltxred; C:\Windows\System32\bdftdif.dll [x]
2 lvcomser; C:\Windows\System32\sit_mdm.dll [x]
2 lvhidsvc; C:\Windows\System32\Ktp.dll [x]
2 lwwlicenseservice; C:\Windows\System32\earthlinksafeconnectagent.dll [x]
2 lxbu_device; C:\Windows\System32\sis315.dll [x]
2 M3AD; C:\Windows\System32\cdr4_xp.dll [x]
2 mail2ec; C:\Windows\System32\hidgame.dll [x]
2 maxbackserviceint; C:\Windows\System32\oracle_load_balancer_60_client-forms6ip14.dll [x]
2 mcdbus; C:\Windows\System32\wlluc48.dll [x]
2 mcods; C:\Windows\System32\atitool.dll [x]
2 mdvrmng; C:\Windows\System32\atimtag.dll [x]
2 meiudf; C:\Windows\System32\dladresm.dll [x]
2 merakpop3; C:\Windows\System32\httpfilter.dll [x]
2 mfeavfk; C:\Windows\System32\iwebmsg.dll [x]
2 minilog; C:\Windows\System32\prosync1.dll [x]
2 modemcsa; C:\Windows\System32\trufos.dll [x]
2 motoswitchservice; C:\Windows\System32\symlcbrd.dll [x]
2 mpfirewl; C:\Windows\System32\QV2KUX.dll [x]
2 mqdmmdm; C:\Windows\System32\NVR0Dev.dll [x]
2 MREMP50a64; C:\Windows\System32\ppa3.dll [x]
2 MRENDIS5; C:\Windows\System32\nvax.dll [x]
2 mrobeservice; C:\Windows\System32\siside.dll [x]
2 MSFWDrv; C:\Windows\System32\armoucfltr.dll [x]
2 MSFWHLPR; C:\Windows\System32\ELacpi.dll [x]
2 mvserver; C:\Windows\System32\F700imd.dll [x]
2 mxserver; C:\Windows\System32\ZSMC301b.dll [x]
2 n558; C:\Windows\System32\symantecantibotshim.dll [x]
2 Ncrc710; C:\Windows\System32\ulcdrhlp.dll [x]
2 ndassvc; C:\Windows\System32\ZDCNDIS5.dll [x]
2 netdetect; C:\Windows\System32\asp.net_1.1.4322.dll [x]
2 ngserver; C:\Windows\System32\noipducservice.dll [x]
2 nidomainservice; C:\Windows\System32\dashsvc.dll [x]
2 nimcrpcsu; C:\Windows\System32\WinDriver6.dll [x]
2 NITaggerService; C:\Windows\System32\pxfhmdfl.dll [x]
2 Nsynas32; C:\Windows\System32\atiavaiw.dll [x]
2 ntiopnp; C:\Windows\System32\sony_ssm.sys.dll [x]
2 ntsecure; C:\Windows\System32\kl1.dll [x]
2 nvedavt; C:\Windows\System32\xusb21.dll [x]
2 nwlnkipx; C:\Windows\System32\s3savagemx.dll [x]
2 nwlnkspx; C:\Windows\System32\se59unic.dll [x]
2 NWSIPX32; C:\Windows\System32\SrvcEPECioctl.dll [x]
2 NxFsMon; C:\Windows\System32\npkcrypt.dll [x]
2 O2SCBUS; C:\Windows\System32\lockmgr.dll [x]
2 odserv; C:\Windows\System32\dsbrokerservice.dll [x]
2 ooclevercacheagent; C:\Windows\System32\s116mgmt.dll [x]
2 OracleOraHome92ClientCache; C:\Windows\System32\ovt519.dll [x]
2 ovt519; C:\Windows\System32\wpsscannersvc.dll [x]
2 p2pgasvc; C:\Windows\System32\XDva004.dll [x]
2 p3; C:\Windows\System32\nhcDriverDevice.dll [x]
2 parallel; C:\Windows\System32\fsssvc.dll [x]
2 Pctspk; C:\Windows\System32\trackcam4.dll [x]
2 PdiPorts; C:\Windows\System32\spcstb.dll [x]
2 penrendezvous; C:\Windows\System32\toshidpt.dll [x]
2 pmsveh; C:\Windows\System32\wmp54gsvc.dll [x]
2 prism_a02; C:\Windows\System32\Intels51.dll [x]
2 procmon10; C:\Windows\System32\iaimfp3.dll [x]
2 prosync1; C:\Windows\System32\emproxy.dll [x]
2 PTproct; C:\Windows\System32\p1110vid.dll [x]
2 Ptserlp; C:\Windows\System32\USB_RNDIS_XP.dll [x]
2 pxhelp20; C:\Windows\System32\pvservice.dll [x]
2 ql1080; C:\Windows\System32\v124.dll [x]
2 QPCapSvc; C:\Windows\System32\qcmerced.dll [x]
2 R300; C:\Windows\System32\procexp90.dll [x]
2 retroexplauncher; C:\Windows\System32\avidsdmservice.dll [x]
2 rimvserport; C:\Windows\System32\ql1080.dll [x]
2 roxupnprenderer; C:\Windows\System32\nvport.dll [x]
2 rt2500; C:\Windows\System32\DXEC02.dll [x]
2 RTHDMIAzAudService; C:\Windows\System32\VC4CB104.dll [x]
2 rtl8023; C:\Windows\System32\suservice.dll [x]
2 RTL8169; C:\Windows\System32\bb-run.dll [x]
2 rxfilter; C:\Windows\System32\slee_503_service.dll [x]
2 s616mgmt; C:\Windows\System32\FETNDISB.dll [x]
2 SaiMini; C:\Windows\System32\vclone.dll [x]
2 sddmi2; C:\Windows\System32\EpmShd.dll [x]
2 SE26obex; C:\Windows\System32\lockmgr.dll [x]
2 SE27mdm; C:\Windows\System32\dlbx_device.dll [x]
2 se2Bunic; C:\Windows\System32\mqdmbus.dll [x]
2 SE2Cmgmt; C:\Windows\System32\SPCtl.dll [x]
2 SE2Emgmt; C:\Windows\System32\guardian2.dll [x]
2 se2End5; C:\Windows\System32\n3900.dll [x]
2 se44obex; C:\Windows\System32\ELhid.dll [x]
2 sentinel; C:\Windows\System32\p17.dll [x]
2 shdserv; C:\Windows\System32\WmBEnum.dll [x]
2 Shockprf; C:\Windows\System32\cfgwzsvc.dll [x]
2 simbad; C:\Windows\System32\MREMP50a64.dll [x]
2 SimpTcp; C:\Windows\System32\avgntflt.dll [x]
2 sit_mdm; C:\Windows\System32\MxlW2k.dll [x]
2 slapd-data52; C:\Windows\System32\s125mdfl.dll [x]
2 Slntamr; C:\Windows\System32\vpcbus.dll [x]
2 smrt; C:\Windows\System32\Epiusb.dll [x]
2 smwdm; C:\Windows\System32\ELhid.dll [x]
2 snapman; C:\Windows\System32\nod32krn.dll [x]
2 SNC; C:\Windows\System32\profos.dll [x]
2 snoopfree; C:\Windows\System32\dsbrokerservice.dll [x]
2 spcsutilityservice; C:\Windows\System32\pavfnsvr.dll [x]
2 speedfan; C:\Windows\System32\amdagp.dll [x]
2 sscdmdm; C:\Windows\System32\pelmouse.dll [x]
2 ssrvc; C:\Windows\System32\ovmsmaccessmanager.dll [x]
2 streamloadservice; C:\Windows\System32\VrAcFil.dll [x]
2 stunnel; C:\Windows\System32\digictrl.dll [x]
2 stylexpservice; C:\Windows\System32\thinkpadmodemservice.dll [x]
2 susbser; C:\Windows\System32\viamraid.dll [x]
2 symantecantibotagent; C:\Windows\System32\cdralw2k.dll [x]
2 symantecantibotwatcher; C:\Windows\System32\addfiltr.dll [x]
2 symc810; C:\Windows\System32\Ptserlp.dll [x]
2 symc8xx; C:\Windows\System32\usnjsvc.dll [x]
2 sym_u3; C:\Windows\System32\vet-rec.dll [x]
2 sysdown; C:\Windows\System32\sqlserveragent.dll [x]
2 Tablet2k; C:\Windows\System32\wanarp.dll [x]
2 tappsrv; C:\Windows\System32\SRTSP.dll [x]
2 tfsnboio; C:\Windows\System32\s716nd5.dll [x]
2 thotkey; C:\Windows\System32\tifm21.dll [x]
2 thpsrv; C:\Windows\System32\AMDPCI.dll [x]
2 TMBUS; C:\Windows\System32\kpfwsvc.dll [x]
2 tme3srv; C:\Windows\System32\coste.dll [x]
2 tomcatcws3; C:\Windows\System32\tfsnudfa.dll [x]
2 toshidpt; C:\Windows\System32\intelroam.dll [x]
2 tosrfusb; C:\Windows\System32\CADlink.dll [x]
2 tphdexlgsvc; C:\Windows\System32\mwsejcap.dll [x]
2 TPM; C:\Windows\System32\service.dll [x]
2 transactional; C:\Windows\System32\JL2005C.dll [x]
2 TuneUp.Defrag; C:\Windows\System32\vclone.dll [x]
2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\EMSCR.dll [x]
2 tunmp; C:\Windows\System32\KMWDFilter.dll [x]
2 tvichw32; C:\Windows\System32\DM9102.dll [x]
2 U81xobex; C:\Windows\System32\d-link_st3402.dll [x]
2 UCTblHid; C:\Windows\System32\WUSB54Gv4SVC.dll [x]
2 ultra66; C:\Windows\System32\NWADI.dll [x]
2 upsentry_smart; C:\Windows\System32\DSDrv4.dll [x]
2 us30sys; C:\Windows\System32\winvnc.dll [x]
2 usb20l; C:\Windows\System32\smservauth.dll [x]
2 V0070VID; C:\Windows\System32\SABProcEnum.dll [x]
2 v124; C:\Windows\System32\pdlnsx25.dll [x]
2 VAIOMediaPlatform-PhotoServer-HTTP; C:\Windows\System32\ACDaemon.dll [x]
2 vaiomediaplatform-videoserver-appserver; C:\Windows\System32\aswlsvc.dll [x]
2 vcomm; C:\Windows\System32\AVerBDA.dll [x]
2 VirtualCam; C:\Windows\System32\fltmgr.dll [x]
2 VirtualFD; C:\Windows\System32\nvmd.dll [x]
2 vncdrv; C:\Windows\System32\websensewfreportserver.dll [x]
2 vproeventmonitor; C:\Windows\System32\tifsfilter.dll [x]
2 VrAcFil; C:\Windows\System32\SrvcSSIOMngr.dll [x]
2 vrmonsvc; C:\Windows\System32\aiclient.dll [x]
2 vulfnths; C:\Windows\System32\ELmon.dll [x]
2 w800obex; C:\Windows\System32\emAudio.dll [x]
3 wampapache; "c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" -k runservice [x]
3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe wampmysqld [x]
2 webrootcommagentservice; C:\Windows\System32\cltnetcnservice.dll [x]
2 wfxsvc; C:\Windows\System32\bridge.dll [x]
2 WGX; C:\Windows\System32\schscnt.dll [x]
2 wlidsvc; C:\Windows\System32\dlacdbhm.dll [x]
2 wmccds; C:\Windows\System32\amfilter.dll [x]
2 wps; C:\Windows\System32\nv.dll [x]
2 XilinxPC4Driver; C:\Windows\System32\pxhelp20.dll [x]
2 z525bus; C:\Windows\System32\mgabg.dll [x]
2 zdeviceservice; C:\Windows\System32\MSMQTriggers.dll [x]
2 ZDPNDIS5; C:\Windows\System32\qmofiltr.dll [x]
2 ZDPSp50; C:\Windows\System32\se26nd5.dll [x]
2 zebrceb; C:\Windows\System32\ino_flpy.dll [x]
2 zntport; C:\Windows\System32\WBHWDOCT.dll [x]
2 ZSMC211; C:\Windows\System32\CAMCAUD.dll [x]
2 ZY202_XP; C:\Windows\System32\aswrdr.dll [x]
2 {6080a529-897e-4629-a488-aba0c29b635e}; C:\Windows\System32\nv_agp.dll [x]

==================== Drivers (Whitelisted) ====================

1 cbaltlhf; \??\C:\Windows\system32\drivers\cbaltlhf.sys [43480 2012-11-15] (Microsoft Corporation)
3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-29] (Malwarebytes Corporation)
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2012-11-15] (Malwarebytes Corporation)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [23920 2010-04-29] (MediaMall Technologies, Inc.)
3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [552448 2007-08-16] (Ralink Technology Corp.)
1 shsdulsr; \??\C:\Windows\system32\drivers\shsdulsr.sys [43480 2012-11-15] (Microsoft Corporation)
1 nwtawkmn; \??\C:\Windows\system32\drivers\nwtawkmn.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: ami0nt -> C:\Windows\system32\nuvvid2.dll ==> No File.
NETSVC: tomcatcws3 -> C:\Windows\system32\tfsnudfa.dll ==> No File.
NETSVC: aswtdi -> C:\Windows\system32\vtserver.dll ==> No File.
NETSVC: mxserver -> C:\Windows\system32\ZSMC301b.dll ==> No File.
NETSVC: retroexplauncher -> C:\Windows\system32\avidsdmservice.dll ==> No File.
NETSVC: NITaggerService -> C:\Windows\system32\pxfhmdfl.dll ==> No File.
NETSVC: iAimFP7 -> C:\Windows\system32\ProcObsrv.dll ==> No File.
NETSVC: hf30service -> C:\Windows\system32\bt3cser.dll ==> No File.
NETSVC: TPM -> C:\Windows\system32\service.dll ==> No File.
NETSVC: symantecantibotwatcher -> C:\Windows\system32\addfiltr.dll ==> No File.
NETSVC: R300 -> C:\Windows\system32\procexp90.dll ==> No File.
NETSVC: HabuFltr -> C:\Windows\system32\lanmanserver.dll ==> No File.
NETSVC: lxbu_device -> C:\Windows\system32\sis315.dll ==> No File.
NETSVC: ifp800 -> C:\Windows\system32\vulfntrs.dll ==> No File.
NETSVC: flashpnt -> C:\Windows\system32\se2Cnd5.dll ==> No File.
NETSVC: atchksrv -> C:\Windows\system32\STV672.dll ==> No File.
NETSVC: ZDPNDIS5 -> C:\Windows\system32\qmofiltr.dll ==> No File.
NETSVC: kwatchsvc -> C:\Windows\system32\admservice.dll ==> No File.
NETSVC: lirsgt -> C:\Windows\system32\sentinel.dll ==> No File.
NETSVC: bocdrive -> C:\Windows\system32\anio.dll ==> No File.
NETSVC: vaiomediaplatform-videoserver-appserver -> C:\Windows\system32\aswlsvc.dll ==> No File.
NETSVC: RTHDMIAzAudService -> C:\Windows\system32\VC4CB104.dll ==> No File.
NETSVC: bb-run -> C:\Windows\system32\ATIVXSTW.dll ==> No File.
NETSVC: kpf4 -> C:\Windows\system32\bwmservice.dll ==> No File.
NETSVC: vcomm -> C:\Windows\system32\AVerBDA.dll ==> No File.
NETSVC: SNC -> C:\Windows\system32\profos.dll ==> No File.
NETSVC: zdeviceservice -> C:\Windows\system32\MSMQTriggers.dll ==> No File.
NETSVC: ZDPSp50 -> C:\Windows\system32\se26nd5.dll ==> No File.
NETSVC: curtainssyssvc -> C:\Windows\system32\PSSdk23.dll ==> No File.
NETSVC: ATKGFNEXSrv -> C:\Windows\system32\igfx.dll ==> No File.
NETSVC: apache2 -> C:\Windows\system32\prfldsvc.dll ==> No File.
NETSVC: fasttrackinstallerservice -> C:\Windows\system32\s125bus.dll ==> No File.
NETSVC: mdvrmng -> C:\Windows\system32\atimtag.dll ==> No File.
NETSVC: simbad -> C:\Windows\system32\MREMP50a64.dll ==> No File.
NETSVC: dpc_srv_webcast -> C:\Windows\system32\kl1.dll ==> No File.
NETSVC: webrootcommagentservice -> C:\Windows\system32\cltnetcnservice.dll ==> No File.
NETSVC: avc -> C:\Windows\system32\wdm_au8820.dll ==> No File.
NETSVC: vproeventmonitor -> C:\Windows\system32\tifsfilter.dll ==> No File.
NETSVC: tphdexlgsvc -> C:\Windows\system32\mwsejcap.dll ==> No File.
NETSVC: ovt519 -> C:\Windows\system32\wpsscannersvc.dll ==> No File.
NETSVC: tvichw32 -> C:\Windows\system32\DM9102.dll ==> No File.
NETSVC: avsvcmonitor -> C:\Windows\system32\vaiomediaplatform-photoserver-appserver.dll ==> No File.
NETSVC: LKbdFlt2 -> C:\Windows\system32\NWUSBPort.dll ==> No File.
NETSVC: cpqvcagent -> C:\Windows\system32\Xyz777s.dll ==> No File.
NETSVC: se44obex -> C:\Windows\system32\ELhid.dll ==> No File.
NETSVC: driverhardwarev2 -> C:\Windows\system32\gusvc.dll ==> No File.
NETSVC: NxFsMon -> C:\Windows\system32\npkcrypt.dll ==> No File.
NETSVC: sddmi2 -> C:\Windows\system32\EpmShd.dll ==> No File.
NETSVC: v124 -> C:\Windows\system32\pdlnsx25.dll ==> No File.
NETSVC: n558 -> C:\Windows\system32\symantecantibotshim.dll ==> No File.
NETSVC: ultra66 -> C:\Windows\system32\NWADI.dll ==> No File.
NETSVC: VirtualFD -> C:\Windows\system32\nvmd.dll ==> No File.
NETSVC: snapman -> C:\Windows\system32\nod32krn.dll ==> No File.
NETSVC: Dfs -> C:\Windows\system32\omniusbl.dll ==> No File.
NETSVC: thpsrv -> C:\Windows\system32\AMDPCI.dll ==> No File.
NETSVC: mqdmmdm -> C:\Windows\system32\NVR0Dev.dll ==> No File.
NETSVC: ZSMC211 -> C:\Windows\system32\CAMCAUD.dll ==> No File.
NETSVC: backupexecrpcservice -> C:\Windows\system32\rimusb.dll ==> No File.
NETSVC: nvedavt -> C:\Windows\system32\xusb21.dll ==> No File.
NETSVC: cq_mem -> C:\Windows\system32\asapiw2k.dll ==> No File.
NETSVC: penrendezvous -> C:\Windows\system32\toshidpt.dll ==> No File.
NETSVC: b57w2k -> C:\Windows\system32\TSHWMDTCP.dll ==> No File.
NETSVC: ntiopnp -> C:\Windows\system32\sony_ssm.sys.dll ==> No File.
NETSVC: zebrceb -> C:\Windows\system32\ino_flpy.dll ==> No File.
NETSVC: dot4ufd -> C:\Windows\system32\vulfnths.dll ==> No File.
NETSVC: aslm75 -> C:\Windows\system32\vmusb.dll ==> No File.
NETSVC: dklogger -> C:\Windows\system32\SMCB000.dll ==> No File.
NETSVC: sentinel -> C:\Windows\system32\p17.dll ==> No File.
NETSVC: SE27mdm -> C:\Windows\system32\dlbx_device.dll ==> No File.
NETSVC: F700imd -> C:\Windows\system32\oracleservicelocalora.dll ==> No File.
NETSVC: nidomainservice -> C:\Windows\system32\dashsvc.dll ==> No File.
NETSVC: O2SCBUS -> C:\Windows\system32\lockmgr.dll ==> No File.
NETSVC: shdserv -> C:\Windows\system32\WmBEnum.dll ==> No File.
NETSVC: OracleOraHome92ClientCache -> C:\Windows\system32\ovt519.dll ==> No File.
NETSVC: cpsvc -> C:\Windows\system32\wmdmpmsn.dll ==> No File.
NETSVC: VrAcFil -> C:\Windows\system32\SrvcSSIOMngr.dll ==> No File.
NETSVC: Atmuni -> C:\Windows\system32\epsonstatusagent2.dll ==> No File.
NETSVC: Ptserlp -> C:\Windows\system32\USB_RNDIS_XP.dll ==> No File.
NETSVC: bgsvcgen -> C:\Windows\system32\nhcDriverDevice.dll ==> No File.
NETSVC: DivisCTP -> C:\Windows\system32\itmrtsvc.dll ==> No File.
NETSVC: merakpop3 -> C:\Windows\system32\httpfilter.dll ==> No File.
NETSVC: Tablet2k -> C:\Windows\system32\wanarp.dll ==> No File.
NETSVC: DcCam -> C:\Windows\system32\ZY202_XP.dll ==> No File.
NETSVC: gs30s -> C:\Windows\system32\hamachi.dll ==> No File.
NETSVC: CcmExec -> C:\Windows\system32\PSSdk21.dll ==> No File.
NETSVC: rt2500 -> C:\Windows\system32\DXEC02.dll ==> No File.
NETSVC: admjoy -> C:\Windows\system32\WD_FireWire_HID.dll ==> No File.
NETSVC: upsentry_smart -> C:\Windows\system32\DSDrv4.dll ==> No File.
NETSVC: nimcrpcsu -> C:\Windows\system32\WinDriver6.dll ==> No File.
NETSVC: MSFWDrv -> C:\Windows\system32\armoucfltr.dll ==> No File.
NETSVC: crystaloutputfileserver -> C:\Windows\system32\rupsmon.dll ==> No File.
NETSVC: tunmp -> C:\Windows\system32\KMWDFilter.dll ==> No File.
NETSVC: JRAID -> C:\Windows\system32\vpctcom.dll ==> No File.
NETSVC: Shockprf -> C:\Windows\system32\cfgwzsvc.dll ==> No File.
NETSVC: ctusfsyn -> C:\Windows\system32\epsonbidirectionalservice.dll ==> No File.
NETSVC: FVXSCSI -> C:\Windows\system32\ultra66.dll ==> No File.
NETSVC: application -> C:\Windows\system32\w810mgmt.dll ==> No File.
NETSVC: tosrfusb -> C:\Windows\system32\CADlink.dll ==> No File.
NETSVC: btcsrusb -> C:\Windows\system32\xpadminserver.dll ==> No File.
NETSVC: PdiPorts -> C:\Windows\system32\spcstb.dll ==> No File.
NETSVC: M3AD -> C:\Windows\system32\cdr4_xp.dll ==> No File.
NETSVC: ntsecure -> C:\Windows\system32\kl1.dll ==> No File.
NETSVC: hpwirelessmgr -> C:\Windows\system32\mcredirector.dll ==> No File.
NETSVC: vncdrv -> C:\Windows\system32\websensewfreportserver.dll ==> No File.
NETSVC: contentindex -> C:\Windows\system32\xpadminserver.dll ==> No File.
NETSVC: lp6nds35 -> C:\Windows\system32\pae_avs.dll ==> No File.
NETSVC: 3comtftp -> C:\Windows\system32\mediaviewer.dll ==> No File.
NETSVC: stylexpservice -> C:\Windows\system32\thinkpadmodemservice.dll ==> No File.
NETSVC: SaiMini -> C:\Windows\system32\vclone.dll ==> No File.
NETSVC: toshidpt -> C:\Windows\system32\intelroam.dll ==> No File.
NETSVC: digictrl -> C:\Windows\system32\pavdrv.dll ==> No File.
NETSVC: TMBUS -> C:\Windows\system32\kpfwsvc.dll ==> No File.
NETSVC: k750bus -> C:\Windows\system32\licensemanagersocket.dll ==> No File.
NETSVC: atksgt -> C:\Windows\system32\lmimaint.dll ==> No File.
NETSVC: speedfan -> C:\Windows\system32\amdagp.dll ==> No File.
NETSVC: streamloadservice -> C:\Windows\system32\VrAcFil.dll ==> No File.
NETSVC: imonitor -> C:\Windows\system32\lirsgt.dll ==> No File.
NETSVC: ZY202_XP -> C:\Windows\system32\aswrdr.dll ==> No File.
NETSVC: DeviceScanner -> C:\Windows\system32\fsks.dll ==> No File.
NETSVC: mail2ec -> C:\Windows\system32\hidgame.dll ==> No File.
NETSVC: sym_u3 -> C:\Windows\system32\vet-rec.dll ==> No File.
NETSVC: usb20l -> C:\Windows\system32\smservauth.dll ==> No File.
NETSVC: ldlcserv -> C:\Windows\system32\lxrjd31s.dll ==> No File.
NETSVC: ino_flpy -> C:\Windows\system32\SymIM.dll ==> No File.
NETSVC: jsdaemon -> C:\Windows\system32\WmHidLo.dll ==> No File.
NETSVC: ARCSOFTVIRTUALCAPTURE -> C:\Windows\system32\w810mgmt.dll ==> No File.
NETSVC: HssSrv -> C:\Windows\system32\https-admserv61.dll ==> No File.
NETSVC: hsfhwazl -> C:\Windows\system32\rslinxng.dll ==> No File.
NETSVC: bdrsdrv -> C:\Windows\system32\Ld51ocnucsnp.dll ==> No File.
NETSVC: FTDIBUS -> C:\Windows\system32\RadProbe.dll ==> No File.
NETSVC: VirtualCam -> C:\Windows\system32\fltmgr.dll ==> No File.
NETSVC: pxhelp20 -> C:\Windows\system32\pvservice.dll ==> No File.
NETSVC: mcdbus -> C:\Windows\system32\wlluc48.dll ==> No File.
NETSVC: contentfilter -> C:\Windows\system32\i2omgmt.dll ==> No File.
NETSVC: symc810 -> C:\Windows\system32\Ptserlp.dll ==> No File.
NETSVC: ndassvc -> C:\Windows\system32\ZDCNDIS5.dll ==> No File.
NETSVC: HWIONT -> C:\Windows\system32\volsnap.dll ==> No File.
NETSVC: DSI_SiUSBXp_3_1 -> C:\Windows\system32\mraid35x.dll ==> No File.
NETSVC: JiaoCap -> C:\Windows\system32\VIAPFD.dll ==> No File.
NETSVC: spcsutilityservice -> C:\Windows\system32\pavfnsvr.dll ==> No File.
NETSVC: z525bus -> C:\Windows\system32\mgabg.dll ==> No File.
NETSVC: 3combootp -> C:\Windows\system32\HSFHWALI.dll ==> No File.
NETSVC: centennialiptransferagent -> C:\Windows\system32\asapiw2k.dll ==> No File.
NETSVC: tappsrv -> C:\Windows\system32\SRTSP.dll ==> No File.
NETSVC: L1e -> C:\Windows\system32\scanwscs.dll ==> No File.
NETSVC: rimvserport -> C:\Windows\system32\ql1080.dll ==> No File.
NETSVC: dsncservice -> C:\Windows\system32\snare.dll ==> No File.
NETSVC: wps -> C:\Windows\system32\nv.dll ==> No File.
NETSVC: backupclientsvc -> C:\Windows\system32\S7oppilx.dll ==> No File.
NETSVC: U81xobex -> C:\Windows\system32\d-link_st3402.dll ==> No File.
NETSVC: icraplus -> C:\Windows\system32\MA-620.dll ==> No File.
NETSVC: zntport -> C:\Windows\system32\WBHWDOCT.dll ==> No File.
NETSVC: dbmang -> C:\Windows\system32\papyjoy.dll ==> No File.
NETSVC: avg7rsw -> C:\Windows\system32\db2.dll ==> No File.
NETSVC: UCTblHid -> C:\Windows\system32\WUSB54Gv4SVC.dll ==> No File.
NETSVC: KLOGNT -> C:\Windows\system32\avfilter.dll ==> No File.
NETSVC: TuneUp.ProgramStatisticsSvc -> C:\Windows\system32\EMSCR.dll ==> No File.
NETSVC: mpfirewl -> C:\Windows\system32\QV2KUX.dll ==> No File.
NETSVC: mrobeservice -> C:\Windows\system32\siside.dll ==> No File.
NETSVC: thotkey -> C:\Windows\system32\tifm21.dll ==> No File.
NETSVC: ql1080 -> C:\Windows\system32\v124.dll ==> No File.
NETSVC: caccprovsp -> C:\Windows\system32\nuvvid2.dll ==> No File.
NETSVC: CnxTrUsb -> C:\Windows\system32\raspti.dll ==> No File.
NETSVC: ifxspmgtsrv -> C:\Windows\system32\ZSMC301b.dll ==> No File.
NETSVC: HSX_DP -> C:\Windows\system32\HFACSVC.dll ==> No File.
NETSVC: cpqdmi -> C:\Windows\system32\revudfservice.dll ==> No File.
NETSVC: se2End5 -> C:\Windows\system32\n3900.dll ==> No File.
NETSVC: LMouKE -> C:\Windows\system32\MXOPSWD.dll ==> No File.
NETSVC: i2omgmt -> C:\Windows\system32\redbook.dll ==> No File.
NETSVC: XilinxPC4Driver -> C:\Windows\system32\pxhelp20.dll ==> No File.
NETSVC: bthpan -> C:\Windows\system32\sfhlp01.dll ==> No File.
NETSVC: CDRPDACC -> C:\Windows\system32\MXOPSWD.dll ==> No File.
NETSVC: symc8xx -> C:\Windows\system32\usnjsvc.dll ==> No File.
NETSVC: p3 -> C:\Windows\system32\nhcDriverDevice.dll ==> No File.
NETSVC: nwlnkipx -> C:\Windows\system32\s3savagemx.dll ==> No File.
NETSVC: CoachVc -> C:\Windows\system32\NICM.dll ==> No File.
NETSVC: avsinc -> C:\Windows\system32\euq_monitor.dll ==> No File.
NETSVC: hap17v2k -> C:\Windows\system32\lxce_device.dll ==> No File.
NETSVC: motoswitchservice -> C:\Windows\system32\symlcbrd.dll ==> No File.
NETSVC: iolo_srv -> C:\Windows\system32\USIUDF.dll ==> No File.
NETSVC: dmload -> C:\Windows\system32\symc8xx.dll ==> No File.
NETSVC: Slntamr -> C:\Windows\system32\vpcbus.dll ==> No File.
NETSVC: Amsmpu4p -> C:\Windows\system32\a016bus.dll ==> No File.
NETSVC: WGX -> C:\Windows\system32\schscnt.dll ==> No File.
NETSVC: p2pgasvc -> C:\Windows\system32\XDva004.dll ==> No File.
NETSVC: sit_mdm -> C:\Windows\system32\MxlW2k.dll ==> No File.
NETSVC: ATIBTXBAR -> C:\Windows\system32\w3svc.dll ==> No File.
NETSVC: hSONYPVh -> C:\Windows\system32\cwafreportscheduler.dll ==> No File.
NETSVC: tme3srv -> C:\Windows\system32\coste.dll ==> No File.
NETSVC: slapd-data52 -> C:\Windows\system32\s125mdfl.dll ==> No File.
NETSVC: dvd-ram_service -> C:\Windows\system32\ifxspmgtsrv.dll ==> No File.
NETSVC: arp1394 -> C:\Windows\system32\AVRec.dll ==> No File.
NETSVC: CVPNDRVA -> C:\Windows\system32\CTDevice_Srv.dll ==> No File.
NETSVC: snoopfree -> C:\Windows\system32\dsbrokerservice.dll ==> No File.
NETSVC: netdetect -> C:\Windows\system32\asp.net_1.1.4322.dll ==> No File.
NETSVC: Nsynas32 -> C:\Windows\system32\atiavaiw.dll ==> No File.
NETSVC: LHidKe -> C:\Windows\system32\avidsdmservice.dll ==> No File.
NETSVC: cfsvcs -> C:\Windows\system32\nscirda.dll ==> No File.
NETSVC: hpqddsvc -> C:\Windows\system32\msmpsvc.dll ==> No File.
NETSVC: SE2Emgmt -> C:\Windows\system32\guardian2.dll ==> No File.
NETSVC: lvcomser -> C:\Windows\system32\sit_mdm.dll ==> No File.
NETSVC: ELacpi -> C:\Windows\system32\disk.dll ==> No File.
NETSVC: ftrtsvc -> C:\Windows\system32\ARPolicy.dll ==> No File.
NETSVC: eeyeevnt -> C:\Windows\system32\comhost.dll ==> No File.
NETSVC: CdaC15BA -> C:\Windows\system32\pxfhserd.dll ==> No File.
NETSVC: PTproct -> C:\Windows\system32\p1110vid.dll ==> No File.
NETSVC: transactional -> C:\Windows\system32\JL2005C.dll ==> No File.
NETSVC: Invoker -> C:\Windows\system32\hkmsvc.dll ==> No File.
NETSVC: CE3 -> C:\Windows\system32\CnxTrLan.dll ==> No File.
NETSVC: vrmonsvc -> C:\Windows\system32\aiclient.dll ==> No File.
NETSVC: parallel -> C:\Windows\system32\fsssvc.dll ==> No File.
NETSVC: bmuservice -> C:\Windows\system32\AKSIFDH.dll ==> No File.
NETSVC: smrt -> C:\Windows\system32\Epiusb.dll ==> No File.
NETSVC: aexnsclient -> C:\Windows\system32\bgs_sdservice.dll ==> No File.
NETSVC: NWSIPX32 -> C:\Windows\system32\SrvcEPECioctl.dll ==> No File.
NETSVC: iaantmon -> C:\Windows\system32\gv3.dll ==> No File.
NETSVC: us30sys -> C:\Windows\system32\winvnc.dll ==> No File.
NETSVC: se2Bunic -> C:\Windows\system32\mqdmbus.dll ==> No File.
NETSVC: FireTDI -> C:\Windows\system32\GTSCSER.dll ==> No File.
NETSVC: QPCapSvc -> C:\Windows\system32\qcmerced.dll ==> No File.
NETSVC: mcods -> C:\Windows\system32\atitool.dll ==> No File.
NETSVC: ssrvc -> C:\Windows\system32\ovmsmaccessmanager.dll ==> No File.
NETSVC: prism_a02 -> C:\Windows\system32\Intels51.dll ==> No File.
NETSVC: SE26obex -> C:\Windows\system32\lockmgr.dll ==> No File.
NETSVC: sscdmdm -> C:\Windows\system32\pelmouse.dll ==> No File.
NETSVC: VAIOMediaPlatform-PhotoServer-HTTP -> C:\Windows\system32\ACDaemon.dll ==> No File.
NETSVC: d-link_st3402 -> C:\Windows\system32\ageremodemaudio.dll ==> No File.
NETSVC: hcmon -> C:\Windows\system32\s616mdfl.dll ==> No File.
NETSVC: ACDaemon -> C:\Windows\system32\emAudio.dll ==> No File.
NETSVC: cisvc -> No Registry Path.
NETSVC: lwwlicenseservice -> C:\Windows\system32\earthlinksafeconnectagent.dll ==> No File.
NETSVC: procmon10 -> C:\Windows\system32\iaimfp3.dll ==> No File.
NETSVC: MRENDIS5 -> C:\Windows\system32\nvax.dll ==> No File.
NETSVC: cbidf -> C:\Windows\system32\usbvideo.dll ==> No File.
NETSVC: adsservice -> C:\Windows\system32\vwlogger.dll ==> No File.
NETSVC: ngserver -> C:\Windows\system32\noipducservice.dll ==> No File.
NETSVC: iolodmv -> C:\Windows\system32\ibmasrex.dll ==> No File.
NETSVC: lhidflt2 -> C:\Windows\system32\rsvchost.dll ==> No File.
NETSVC: w800obex -> C:\Windows\system32\emAudio.dll ==> No File.
NETSVC: Ncrc710 -> C:\Windows\system32\ulcdrhlp.dll ==> No File.
NETSVC: wmccds -> C:\Windows\system32\amfilter.dll ==> No File.
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e} -> C:\Windows\system32\nv_agp.dll ==> No File.
NETSVC: Pctspk -> C:\Windows\system32\trackcam4.dll ==> No File.
NETSVC: pmsveh -> C:\Windows\system32\wmp54gsvc.dll ==> No File.
NETSVC: vulfnths -> C:\Windows\system32\ELmon.dll ==> No File.
NETSVC: SimpTcp -> C:\Windows\system32\avgntflt.dll ==> No File.
NETSVC: CTHWIUT.DLL -> C:\Windows\system32\DN2AKNET.dll ==> No File.
NETSVC: abnetmon -> C:\Windows\system32\aeclienthostservice.dll ==> No File.
NETSVC: prosync1 -> C:\Windows\system32\emproxy.dll ==> No File.
NETSVC: LPDSVC -> C:\Windows\system32\raidmagt.dll ==> No File.
NETSVC: rxfilter -> C:\Windows\system32\slee_503_service.dll ==> No File.
NETSVC: epfwtdi -> C:\Windows\system32\sfng32.dll ==> No File.
NETSVC: RTL8169 -> C:\Windows\system32\bb-run.dll ==> No File.
NETSVC: TuneUp.Defrag -> C:\Windows\system32\vclone.dll ==> No File.
NETSVC: tfsnboio -> C:\Windows\system32\s716nd5.dll ==> No File.
NETSVC: symantecantibotagent -> C:\Windows\system32\cdralw2k.dll ==> No File.
NETSVC: ooclevercacheagent -> C:\Windows\system32\s116mgmt.dll ==> No File.
NETSVC: bgmainsvc -> C:\Windows\system32\mnmsrvc.dll ==> No File.
NETSVC: GVCplDrv -> C:\Windows\system32\snpstd2.dll ==> No File.
NETSVC: DNE -> C:\Windows\system32\naimagent32.dll ==> No File.
NETSVC: modemcsa -> C:\Windows\system32\trufos.dll ==> No File.
NETSVC: V0070VID -> C:\Windows\system32\SABProcEnum.dll ==> No File.
NETSVC: nwlnkspx -> C:\Windows\system32\se59unic.dll ==> No File.
NETSVC: ikfilesec -> C:\Windows\system32\akshasp.dll ==> No File.
NETSVC: rtl8023 -> C:\Windows\system32\suservice.dll ==> No File.
NETSVC: CTMMOUNT -> C:\Windows\system32\V0070VID.dll ==> No File.
NETSVC: dwusbdnt -> C:\Windows\system32\pavfnsvr.dll ==> No File.
NETSVC: dbmanagerscheduler -> C:\Windows\system32\btkrnl.dll ==> No File.
NETSVC: maxbackserviceint -> C:\Windows\system32\oracle_load_balancer_60_client-forms6ip14.dll ==> No File.
NETSVC: susbser -> C:\Windows\system32\viamraid.dll ==> No File.
NETSVC: wfxsvc -> C:\Windows\system32\bridge.dll ==> No File.
NETSVC: MREMP50a64 -> C:\Windows\system32\ppa3.dll ==> No File.
NETSVC: odserv -> C:\Windows\system32\dsbrokerservice.dll ==> No File.
NETSVC: roxupnprenderer -> C:\Windows\system32\nvport.dll ==> No File.
NETSVC: armoucfltr -> C:\Windows\system32\NETGEAR_MA111.dll ==> No File.
NETSVC: s616mgmt -> C:\Windows\system32\FETNDISB.dll ==> No File.
NETSVC: hsvcmod -> C:\Windows\system32\k750mdfl.dll ==> No File.
NETSVC: minilog -> C:\Windows\system32\prosync1.dll ==> No File.
NETSVC: db2 -> C:\Windows\system32\RecAgent.dll ==> No File.
NETSVC: dlbx_device -> C:\Windows\system32\aslm75.dll ==> No File.
NETSVC: MSFWHLPR -> C:\Windows\system32\ELacpi.dll ==> No File.
NETSVC: ikhlayer -> C:\Windows\system32\RVIEG01.dll ==> No File.
NETSVC: client32 -> C:\Windows\system32\mysql.dll ==> No File.
NETSVC: lvhidsvc -> C:\Windows\system32\Ktp.dll ==> No File.
NETSVC: meiudf -> C:\Windows\system32\dladresm.dll ==> No File.
NETSVC: stunnel -> C:\Windows\system32\digictrl.dll ==> No File.
NETSVC: sysdown -> C:\Windows\system32\sqlserveragent.dll ==> No File.
NETSVC: mvserver -> C:\Windows\system32\F700imd.dll ==> No File.
NETSVC: ltxred -> C:\Windows\system32\bdftdif.dll ==> No File.
NETSVC: smwdm -> C:\Windows\system32\ELhid.dll ==> No File.
NETSVC: SE2Cmgmt -> C:\Windows\system32\SPCtl.dll ==> No File.
NETSVC: mfeavfk -> C:\Windows\system32\iwebmsg.dll ==> No File.

==================== One Month Created Files and Folders ========

2012-11-15 21:54 - 2012-11-15 21:54 - 00000000 ____D C:\FRST
2012-11-15 21:44 - 2012-11-15 21:44 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\shsdulsr.sys
2012-11-15 21:44 - 2012-11-15 21:44 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cbaltlhf.sys
2012-11-15 21:36 - 2012-11-15 21:36 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys

==================== One Month Modified Files and Folders ========

2012-11-15 21:54 - 2012-11-15 21:54 - 00000000 ____D C:\FRST
2012-11-15 21:48 - 2011-08-03 23:31 - 00733518 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-15 21:44 - 2012-11-15 21:44 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\shsdulsr.sys
2012-11-15 21:44 - 2012-11-15 21:44 - 00043480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cbaltlhf.sys
2012-11-15 21:41 - 2012-01-13 22:48 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-15 21:40 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-15 21:40 - 2009-07-13 20:39 - 00067796 ____A C:\Windows\setupact.log
2012-11-15 21:36 - 2012-11-15 21:36 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2012-11-15 21:36 - 2012-01-13 22:48 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-15 21:32 - 2011-08-08 11:48 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-11-15 21:31 - 2009-07-13 20:34 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-15 21:31 - 2009-07-13 20:34 - 00013936 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-15 21:25 - 2011-08-03 23:21 - 01478198 ____A C:\Windows\WindowsUpdate.log

ZeroAccess:
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\@
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\L
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\U
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\L\00000004.@
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\L\201d3dde
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\U\80000000.@
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\U\80000032.@

ZeroAccess:
C:\Users\Josh\AppData\Local\{e607dfe8-3289-2710-0a52-1b6a9c07c350}
C:\Users\Josh\AppData\Local\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\@
C:\Users\Josh\AppData\Local\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\L
C:\Users\Josh\AppData\Local\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\n
C:\Users\Josh\AppData\Local\{e607dfe8-3289-2710-0a52-1b6a9c07c350}\U

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-08-08 02:28:35
Restore point made on: 2012-08-15 23:00:22
Restore point made on: 2012-08-17 13:29:06

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4029.93 MB
Available physical RAM: 3523.66 MB
Total Pagefile: 4028.2 MB
Available Pagefile: 3529.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.62 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:465.66 GB) (Free:102.95 GB) NTFS
2 Drive d: (Big Daddy) (Fixed) (Total:1863.01 GB) (Free:649.82 GB) NTFS
4 Drive g: (GB) (Removable) (Total:0.99 GB) (Free:0.98 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1863 GB 0 B
Disk 2 Online 1009 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1863 GB 1024 KB

=========================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Big Daddy NTFS Partition 1863 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1009 MB 16 KB

=========================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G GB FAT Removable 1009 MB Healthy

=========================================================

Last Boot: 2012-08-16 23:03

==================== End Of Log ============================

Farbar Recovery Scan Tool (x86) Version: 12-11-2012
Ran by SYSTEM at 2012-11-15 21:58:59
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2012-08-19 20:42] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Let me know if you can boot normally.

 

[Gobbler]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-11-2012
Ran by SYSTEM at 2012-11-16 16:41:50 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
cbaltlhf service deleted successfully.
C:\Windows\system32\drivers\cbaltlhf.sys moved successfully.
shsdulsr service deleted successfully.
C:\Windows\system32\drivers\shsdulsr.sys moved successfully.
nwtawkmn service deleted successfully.
C:\Windows\system32\drivers\nwtawkmn.sys not found.
C:\Windows\Installer\{e607dfe8-3289-2710-0a52-1b6a9c07c350} moved successfully.
C:\Users\Josh\AppData\Local\{e607dfe8-3289-2710-0a52-1b6a9c07c350} moved successfully.
C:\Windows\assembly\GAC\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

It is booting now with no issues.

 

[Broni]

Good

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

============================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Gobbler]

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Josh [Admin rights]
Mode : Scan -- Date : 11/17/2012 17:54:13

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe -> KILLED [TermThr]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500641AS +++++
--- User ---
[MBR] fadd3cd50ffdf3e1d1b9044e0efc4a9c
[BSP] daf16441f406d0f43baae37a5e5f7083 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD2002FYPS-01U1B1 +++++
--- User ---
[MBR] 0313d59cabdea16ee12df855dba9378c
[BSP] aee193f131d9d43f48fd4e5fa7d01c1a : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_S_11172012_02d1754.txt >>
RKreport[1]_S_11162012_02d2308.txt ; RKreport[2]_D_11172012_02d1753.txt ; RKreport[3]_D_11172012_02d1753.txt ; RKreport[4]_S_11172012_02d1754.txt


Alright I have ran all three programs and everything looks to be working peachy keen, thank you so much for the help.

 

[Gobbler]

This is an edited down log it won't let me post the whole thing.

17:57:25.0449 4088 \Device\Harddisk1\DR1 - ok
17:57:25.0449 4088 ================ Scan VBR ==================================
17:57:25.0459 4088 [ D8A25C9032AF79CA9ED870F5FFA25B69 ] \Device\Harddisk0\DR0\Partition1
17:57:25.0459 4088 \Device\Harddisk0\DR0\Partition1 - ok
17:57:25.0469 4088 [ 489F8D25B6082084B87A2F57B1921A78 ] \Device\Harddisk0\DR0\Partition2
17:57:25.0469 4088 \Device\Harddisk0\DR0\Partition2 - ok
17:57:25.0469 4088 [ 49DCD569A7232D04DF3FC27CC6855C40 ] \Device\Harddisk1\DR1\Partition1
17:57:25.0469 4088 \Device\Harddisk1\DR1\Partition1 - ok
17:57:25.0469 4088 ============================================================
17:57:25.0469 4088 Scan finished
17:57:25.0469 4088 ============================================================
17:57:25.0489 0408 Detected object count: 0
17:57:25.0489 0408 Actual detected object count: 0

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 17:59:10
-----------------------------

17:59:10.130 OS Version: Windows 6.1.7601 Service Pack 1
17:59:10.130 Number of processors: 2 586 0xF06
17:59:10.130 ComputerName: JOSH-PC UserName: Josh
17:59:11.359 Initialize success
17:59:21.621 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:59:21.621 Disk 0 Vendor: ST350064 3.AD Size: 476940MB BusType: 8
17:59:21.637 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
17:59:21.637 Disk 1 Vendor: WDC_WD20 04.0 Size: 1907729MB BusType: 8
17:59:21.637 Disk 0 MBR read successfully
17:59:21.652 Disk 0 MBR scan
17:59:21.652 Disk 0 Windows 7 default MBR code
17:59:21.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:59:21.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
17:59:21.684 Disk 0 scanning sectors +976771072
17:59:21.762 Disk 0 scanning C:\Windows\system32\drivers
17:59:28.326 Service scanning
17:59:36.500 Service MpKslc4ebaf85 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{207F953E-034D-44AA-8818-76440A481778}\MpKslc4ebaf85.sys **LOCKED** 32
17:59:45.579 Modules scanning
18:00:08.642 Disk 0 trace - called modules:
18:00:08.642
18:00:08.658 Scan finished successfully
18:02:13.860 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
18:02:13.860 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

 

[Broni]

I need to see a whole log.
Split it between couple of replies.

Did you run TDSSKiller before RogueKiller or after?

 

[Gobbler]

20:06:00.0130 0900 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:06:01.0070 0900 ============================================================
20:06:01.0070 0900 Current date / time: 2012/11/17 20:06:01.0070
20:06:01.0070 0900 SystemInfo:
20:06:01.0070 0900
20:06:01.0070 0900 OS Version: 6.1.7601 ServicePack: 1.0
20:06:01.0070 0900 Product type: Workstation
20:06:01.0070 0900 ComputerName: JOSH-PC
20:06:01.0070 0900 UserName: Josh
20:06:01.0070 0900 Windows directory: C:\Windows
20:06:01.0070 0900 System windows directory: C:\Windows
20:06:01.0070 0900 Processor architecture: Intel x86
20:06:01.0070 0900 Number of processors: 2
20:06:01.0070 0900 Page size: 0x1000
20:06:01.0070 0900 Boot type: Normal boot
20:06:01.0070 0900 ============================================================
20:06:02.0060 0900 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:06:02.0450 0900 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:06:02.0460 0900 ============================================================
20:06:02.0460 0900 \Device\Harddisk0\DR0:
20:06:02.0470 0900 MBR partitions:
20:06:02.0470 0900 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:06:02.0470 0900 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
20:06:02.0470 0900 \Device\Harddisk1\DR1:
20:06:02.0470 0900 MBR partitions:
20:06:02.0470 0900 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
20:06:02.0470 0900 ============================================================
20:06:02.0490 0900 C: <-> \Device\Harddisk0\DR0\Partition2
20:06:02.0500 0900 E: <-> \Device\Harddisk1\DR1\Partition1
20:06:02.0500 0900 ============================================================
20:06:02.0500 0900 Initialize success
20:06:02.0500 0900 ============================================================
20:06:03.0780 3700 ============================================================
20:06:03.0780 3700 Scan started
20:06:03.0780 3700 Mode: Manual;
20:06:03.0780 3700 ============================================================
20:06:04.0497 3700 ================ Scan system memory ========================
20:06:04.0497 3700 System memory - ok
20:06:04.0497 3700 ================ Scan services =============================
20:06:04.0638 3700 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:06:04.0638 3700 1394ohci - ok
20:06:04.0669 3700 3combootp - ok
20:06:04.0684 3700 3comtftp - ok
20:06:04.0684 3700 abnetmon - ok
20:06:04.0700 3700 ACDaemon - ok
20:06:04.0747 3700 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:06:04.0747 3700 ACPI - ok
20:06:04.0778 3700 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:06:04.0778 3700 AcpiPmi - ok
20:06:05.0121 3700 admjoy - ok
20:06:05.0480 3700 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:06:05.0480 3700 AdobeARMservice - ok
20:06:05.0636 3700 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:06:05.0761 3700 AdobeFlashPlayerUpdateSvc - ok
20:06:05.0792 3700 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:06:05.0792 3700 adp94xx - ok
20:06:05.0823 3700 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:06:05.0823 3700 adpahci - ok
20:06:05.0839 3700 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:06:05.0839 3700 adpu320 - ok
20:06:05.0854 3700 adsservice - ok
20:06:05.0886 3700 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:06:05.0886 3700 AeLookupSvc - ok
20:06:05.0917 3700 aexnsclient - ok
20:06:05.0995 3700 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
20:06:05.0995 3700 AFD - ok
20:06:06.0042 3700 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:06:06.0042 3700 agp440 - ok
20:06:06.0088 3700 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:06:06.0088 3700 aic78xx - ok
20:06:06.0104 3700 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
20:06:06.0104 3700 ALG - ok
20:06:06.0166 3700 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
20:06:06.0166 3700 aliide - ok
20:06:06.0182 3700 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:06:06.0182 3700 amdagp - ok
20:06:06.0198 3700 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
20:06:06.0198 3700 amdide - ok
20:06:06.0229 3700 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:06:06.0229 3700 AmdK8 - ok
20:06:06.0229 3700 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:06:06.0229 3700 AmdPPM - ok
20:06:06.0260 3700 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:06:06.0260 3700 amdsata - ok
20:06:06.0276 3700 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:06:06.0276 3700 amdsbs - ok
20:06:06.0291 3700 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:06:06.0291 3700 amdxata - ok
20:06:06.0291 3700 ami0nt - ok
20:06:06.0307 3700 Amsmpu4p - ok
20:06:06.0322 3700 apache2 - ok
20:06:06.0369 3700 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
20:06:06.0369 3700 AppID - ok
20:06:06.0400 3700 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:06:06.0400 3700 AppIDSvc - ok
20:06:06.0447 3700 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
20:06:06.0447 3700 Appinfo - ok
20:06:06.0759 3700 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:06:06.0759 3700 Apple Mobile Device - ok
20:06:06.0790 3700 application - ok
20:06:06.0822 3700 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
20:06:06.0822 3700 AppMgmt - ok
20:06:06.0900 3700 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:06:06.0900 3700 arc - ok
20:06:06.0946 3700 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:06:06.0946 3700 arcsas - ok
20:06:06.0993 3700 ARCSOFTVIRTUALCAPTURE - ok
20:06:07.0071 3700 armoucfltr - ok
20:06:07.0087 3700 arp1394 - ok
20:06:07.0102 3700 aslm75 - ok
20:06:07.0212 3700 aswtdi - ok
20:06:07.0258 3700 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:06:07.0258 3700 AsyncMac - ok
20:06:07.0680 3700 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
20:06:07.0680 3700 atapi - ok
20:06:07.0758 3700 atchksrv - ok
20:06:08.0070 3700 [ ECF01C1E13591A1350FCF91D4197D9E2 ] athr C:\Windows\system32\DRIVERS\athr.sys
20:06:08.0070 3700 athr - ok
20:06:08.0085 3700 ATIBTXBAR - ok
20:06:08.0148 3700 ATKGFNEXSrv - ok
20:06:08.0148 3700 atksgt - ok
20:06:08.0163 3700 Atmuni - ok
20:06:08.0428 3700 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:06:08.0428 3700 AudioEndpointBuilder - ok
20:06:08.0460 3700 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:06:08.0460 3700 Audiosrv - ok
20:06:08.0569 3700 avc - ok
20:06:08.0803 3700 avg7rsw - ok
20:06:08.0912 3700 avsinc - ok
20:06:08.0912 3700 avsvcmonitor - ok
20:06:09.0037 3700 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:06:09.0037 3700 AxInstSV - ok
20:06:09.0208 3700 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:06:09.0208 3700 b06bdrv - ok
20:06:09.0598 3700 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:06:09.0598 3700 b57nd60x - ok
20:06:09.0630 3700 b57w2k - ok
20:06:09.0692 3700 backupclientsvc - ok
20:06:09.0708 3700 backupexecrpcservice - ok
20:06:09.0879 3700 bb-run - ok
20:06:10.0004 3700 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
20:06:10.0004 3700 BDESVC - ok
20:06:10.0051 3700 bdrsdrv - ok
20:06:10.0098 3700 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
20:06:10.0098 3700 Beep - ok
20:06:10.0144 3700 bgmainsvc - ok
20:06:10.0160 3700 bgsvcgen - ok
20:06:10.0222 3700 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:06:10.0238 3700 blbdrive - ok
20:06:10.0269 3700 bmuservice - ok
20:06:10.0300 3700 bocdrive - ok
20:06:10.0550 3700 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:06:10.0550 3700 Bonjour Service - ok
20:06:10.0644 3700 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:06:10.0644 3700 bowser - ok
20:06:10.0753 3700 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:06:10.0753 3700 BrFiltLo - ok
20:06:10.0784 3700 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:06:10.0784 3700 BrFiltUp - ok
20:06:10.0815 3700 [ 77361D72A04F18809D0EFB6CCEB74D4B ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
20:06:10.0815 3700 Bridge - ok
20:06:10.0909 3700 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:06:10.0909 3700 BridgeMP - ok
20:06:11.0018 3700 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
20:06:11.0018 3700 Browser - ok
20:06:11.0174 3700 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\system32\DRIVERS\BrSerId.sys
20:06:11.0174 3700 Brserid - ok
20:06:11.0252 3700 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:06:11.0252 3700 BrSerWdm - ok
20:06:11.0283 3700 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:06:11.0283 3700 BrUsbMdm - ok
20:06:11.0330 3700 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\DRIVERS\BrUsbSer.sys
20:06:11.0330 3700 BrUsbSer - ok
20:06:11.0346 3700 btcsrusb - ok
20:06:11.0392 3700 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:06:11.0392 3700 BTHMODEM - ok
20:06:11.0424 3700 bthpan - ok
20:06:11.0517 3700 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
20:06:11.0517 3700 bthserv - ok
20:06:11.0533 3700 caccprovsp - ok
20:06:11.0533 3700 cbidf - ok
20:06:11.0548 3700 CcmExec - ok
20:06:11.0548 3700 CdaC15BA - ok
20:06:11.0580 3700 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:06:11.0580 3700 cdfs - ok
20:06:11.0876 3700 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
20:06:11.0876 3700 cdrom - ok
20:06:11.0876 3700 CDRPDACC - ok
20:06:11.0954 3700 CE3 - ok
20:06:12.0001 3700 centennialiptransferagent - ok
20:06:12.0172 3700 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
20:06:12.0172 3700 CertPropSvc - ok
20:06:12.0328 3700 cfsvcs - ok
20:06:12.0391 3700 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:06:12.0391 3700 circlass - ok
20:06:12.0469 3700 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
20:06:12.0469 3700 CLFS - ok
20:06:12.0500 3700 client32 - ok
20:06:12.0921 3700 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:06:12.0921 3700 clr_optimization_v2.0.50727_32 - ok
20:06:12.0999 3700 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:06:13.0030 3700 clr_optimization_v4.0.30319_32 - ok
20:06:13.0062 3700 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:06:13.0062 3700 CmBatt - ok
20:06:13.0108 3700 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:06:13.0108 3700 cmdide - ok
20:06:13.0202 3700 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
20:06:13.0202 3700 CNG - ok
20:06:13.0218 3700 CnxTrUsb - ok
20:06:13.0233 3700 CoachVc - ok
20:06:13.0249 3700 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:06:13.0249 3700 Compbatt - ok
20:06:13.0264 3700 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:06:13.0264 3700 CompositeBus - ok
20:06:13.0280 3700 COMSysApp - ok
20:06:13.0280 3700 contentfilter - ok
20:06:13.0342 3700 contentindex - ok
20:06:13.0358 3700 cpqdmi - ok
20:06:13.0384 3700 cpqvcagent - ok
20:06:13.0394 3700 cpsvc - ok
20:06:13.0414 3700 cq_mem - ok
20:06:13.0434 3700 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:06:13.0434 3700 crcdisk - ok
20:06:13.0504 3700 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:06:13.0504 3700 CryptSvc - ok
20:06:13.0544 3700 crystaloutputfileserver - ok
20:06:13.0604 3700 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
20:06:13.0604 3700 CSC - ok
20:06:13.0704 3700 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
20:06:13.0704 3700 CscService - ok
20:06:13.0724 3700 CTHWIUT.DLL - ok
20:06:13.0744 3700 CTMMOUNT - ok
20:06:13.0784 3700 ctusfsyn - ok
20:06:13.0814 3700 curtainssyssvc - ok
20:06:13.0854 3700 CVPNDRVA - ok
20:06:13.0864 3700 d-link_st3402 - ok
20:06:14.0124 3700 db2 - ok
20:06:14.0284 3700 dbmanagerscheduler - ok
20:06:14.0284 3700 dbmang - ok
20:06:14.0294 3700 DcCam - ok
20:06:14.0394 3700 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
20:06:14.0394 3700 DcomLaunch - ok
20:06:14.0484 3700 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
20:06:14.0484 3700 defragsvc - ok
20:06:14.0505 3700 DeviceScanner - ok
20:06:14.0515 3700 Dfs - ok
20:06:14.0555 3700 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:06:14.0555 3700 DfsC - ok
20:06:14.0605 3700 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:06:14.0605 3700 Dhcp - ok
20:06:14.0615 3700 digictrl - ok
20:06:14.0635 3700 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
20:06:14.0635 3700 discache - ok
20:06:14.0685 3700 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:06:14.0685 3700 Disk - ok
20:06:14.0685 3700 DivisCTP - ok
20:06:14.0705 3700 dklogger - ok
20:06:14.0725 3700 dlbx_device - ok
20:06:14.0725 3700 dmload - ok
20:06:14.0725 3700 DNE - ok
20:06:14.0765 3700 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:06:14.0765 3700 Dnscache - ok
20:06:14.0835 3700 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
20:06:14.0845 3700 dot3svc - ok
20:06:14.0845 3700 dot4ufd - ok
20:06:14.0855 3700 dpc_srv_webcast - ok
20:06:14.0895 3700 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
20:06:14.0895 3700 DPS - ok
20:06:14.0915 3700 driverhardwarev2 - ok
20:06:14.0955 3700 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:06:14.0955 3700 drmkaud - ok
20:06:14.0955 3700 DSI_SiUSBXp_3_1 - ok
20:06:14.0975 3700 dsncservice - ok
20:06:14.0985 3700 dvd-ram_service - ok
20:06:15.0005 3700 dwusbdnt - ok
20:06:15.0065 3700 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:06:15.0075 3700 DXGKrnl - ok
20:06:15.0125 3700 [ 0535BFBEDB9378DDD15BDF9957D57D71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
20:06:15.0125 3700 e1express - ok
20:06:15.0155 3700 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
20:06:15.0155 3700 EapHost - ok
20:06:15.0595 3700 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:06:15.0615 3700 ebdrv - ok
20:06:15.0625 3700 eeyeevnt - ok
20:06:15.0695 3700 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
20:06:15.0695 3700 EFS - ok
20:06:15.0955 3700 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:06:15.0965 3700 ehRecvr - ok
20:06:16.0015 3700 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
20:06:16.0015 3700 ehSched - ok
20:06:16.0035 3700 ELacpi - ok
20:06:16.0095 3700 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:06:16.0105 3700 elxstor - ok
20:06:16.0135 3700 epfwtdi - ok
20:06:16.0165 3700 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:06:16.0165 3700 ErrDev - ok
20:06:16.0211 3700 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
20:06:16.0211 3700 EventSystem - ok
20:06:16.0243 3700 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
20:06:16.0243 3700 exfat - ok
20:06:16.0243 3700 F700imd - ok
20:06:16.0289 3700 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:06:16.0289 3700 fastfat - ok
20:06:16.0305 3700 fasttrackinstallerservice - ok
20:06:16.0352 3700 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
20:06:16.0367 3700 Fax - ok
20:06:16.0383 3700 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:06:16.0383 3700 fdc - ok
20:06:16.0414 3700 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
20:06:16.0414 3700 fdPHost - ok
20:06:16.0414 3700 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
20:06:16.0414 3700 FDResPub - ok
20:06:16.0445 3700 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:06:16.0445 3700 FileInfo - ok
20:06:16.0461 3700 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:06:16.0461 3700 Filetrace - ok
20:06:16.0477 3700 FireTDI - ok
20:06:16.0492 3700 flashpnt - ok
20:06:16.0508 3700 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:06:16.0508 3700 flpydisk - ok
20:06:16.0523 3700 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:06:16.0523 3700 FltMgr - ok
20:06:16.0586 3700 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
20:06:16.0601 3700 FontCache - ok
20:06:16.0648 3700 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:06:16.0648 3700 FontCache3.0.0.0 - ok
20:06:16.0679 3700 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:06:16.0679 3700 FsDepends - ok
20:06:16.0742 3700 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:06:16.0742 3700 Fs_Rec - ok
20:06:16.0742 3700 FTDIBUS - ok
20:06:16.0757 3700 ftrtsvc - ok
20:06:16.0804 3700 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:06:16.0804 3700 fvevol - ok
20:06:16.0835 3700 FVXSCSI - ok
20:06:16.0867 3700 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:06:16.0867 3700 gagp30kx - ok
20:06:16.0929 3700 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:06:16.0960 3700 GEARAspiWDM - ok
20:06:17.0073 3700 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
20:06:17.0083 3700 gpsvc - ok
20:06:17.0103 3700 gs30s - ok
20:06:17.0273 3700 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:06:17.0273 3700 gupdate - ok
20:06:17.0303 3700 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:06:17.0303 3700 gupdatem - ok
20:06:17.0343 3700 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:06:17.0353 3700 gusvc - ok
20:06:17.0353 3700 GVCplDrv - ok
20:06:17.0363 3700 HabuFltr - ok
20:06:17.0363 3700 hap17v2k - ok
20:06:17.0373 3700 hcmon - ok
20:06:17.0423 3700 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:06:17.0433 3700 hcw85cir - ok
20:06:17.0493 3700 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:06:17.0493 3700 HdAudAddService - ok
20:06:17.0533 3700 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:06:17.0533 3700 HDAudBus - ok
20:06:17.0563 3700 hf30service - ok
20:06:17.0593 3700 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:06:17.0603 3700 HidBatt - ok
20:06:17.0603 3700 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:06:17.0603 3700 HidBth - ok
20:06:17.0613 3700 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:06:17.0613 3700 HidIr - ok
20:06:17.0643 3700 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
20:06:17.0643 3700 hidserv - ok
20:06:17.0693 3700 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:06:17.0693 3700 HidUsb - ok
20:06:17.0733 3700 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:06:17.0753 3700 hkmsvc - ok
20:06:17.0853 3700 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:06:17.0883 3700 HomeGroupListener - ok
20:06:17.0953 3700 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:06:17.0953 3700 HomeGroupProvider - ok
20:06:17.0963 3700 hpqddsvc - ok
20:06:18.0003 3700 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:06:18.0003 3700 HpSAMD - ok
20:06:18.0013 3700 hpwirelessmgr - ok
20:06:18.0023 3700 hsfhwazl - ok
20:06:18.0023 3700 hSONYPVh - ok
20:06:18.0033 3700 HssSrv - ok
20:06:18.0053 3700 hsvcmod - ok
20:06:18.0063 3700 HSX_DP - ok
20:06:18.0113 3700 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:06:18.0123 3700 HTTP - ok
20:06:18.0123 3700 HWIONT - ok
20:06:18.0193 3700 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:06:18.0193 3700 hwpolicy - ok
20:06:18.0203 3700 i2omgmt - ok
20:06:18.0243 3700 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:06:18.0243 3700 i8042prt - ok
20:06:18.0253 3700 iaantmon - ok
20:06:18.0283 3700 iAimFP7 - ok
20:06:18.0303 3700 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:06:18.0303 3700 iaStorV - ok
20:06:18.0313 3700 icraplus - ok
20:06:18.0483 3700 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:06:18.0533 3700 idsvc - ok
20:06:18.0533 3700 ifp800 - ok
20:06:18.0553 3700 ifxspmgtsrv - ok
20:06:18.0583 3700 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:06:18.0593 3700 iirsp - ok
20:06:18.0683 3700 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
20:06:18.0693 3700 IKEEXT - ok
20:06:18.0703 3700 ikfilesec - ok
20:06:18.0723 3700 ikhlayer - ok
20:06:18.0733 3700 imonitor - ok
20:06:18.0733 3700 ino_flpy - ok
20:06:18.0753 3700 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
20:06:18.0753 3700 intelide - ok
20:06:18.0763 3700 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:06:18.0773 3700 intelppm - ok
20:06:18.0783 3700 Invoker - ok
20:06:18.0793 3700 iolodmv - ok
20:06:18.0793 3700 iolo_srv - ok
20:06:18.0823 3700 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:06:18.0823 3700 IPBusEnum - ok
20:06:18.0843 3700 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:06:18.0843 3700 IpFilterDriver - ok
20:06:18.0873 3700 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:06:18.0873 3700 IPMIDRV - ok
20:06:18.0883 3700 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:06:18.0883 3700 IPNAT - ok
20:06:18.0993 3700 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:06:18.0993 3700 iPod Service - ok
20:06:19.0073 3700 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:06:19.0093 3700 IRENUM - ok
20:06:19.0123 3700 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:06:19.0123 3700 isapnp - ok
20:06:19.0143 3700 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:06:19.0143 3700 iScsiPrt - ok
20:06:19.0203 3700 JiaoCap - ok
20:06:19.0233 3700 JRAID - ok
20:06:19.0233 3700 jsdaemon - ok
20:06:19.0253 3700 k750bus - ok
20:06:19.0293 3700 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:06:19.0293 3700 kbdclass - ok
20:06:19.0323 3700 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:06:19.0323 3700 kbdhid - ok
20:06:19.0353 3700 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
20:06:19.0353 3700 KeyIso - ok
20:06:19.0373 3700 KLOGNT - ok
20:06:19.0413 3700 kpf4 - ok
20:06:19.0483 3700 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:06:19.0493 3700 KSecDD - ok
20:06:19.0783 3700 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:06:19.0803 3700 KSecPkg - ok
20:06:19.0893 3700 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
20:06:19.0933 3700 KtmRm - ok
20:06:20.0083 3700 kwatchsvc - ok
20:06:20.0163 3700 L1e - ok
20:06:20.0193 3700 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
20:06:20.0193 3700 LanmanServer - ok
20:06:20.0203 3700 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:06:20.0203 3700 LanmanWorkstation - ok
20:06:20.0213 3700 ldlcserv - ok
20:06:20.0223 3700 lhidflt2 - ok
20:06:20.0233 3700 LHidKe - ok
20:06:20.0243 3700 lirsgt - ok
20:06:20.0263 3700 LKbdFlt2 - ok
20:06:20.0303 3700 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:06:20.0313 3700 lltdio - ok
20:06:20.0343 3700 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:06:20.0343 3700 lltdsvc - ok
20:06:20.0363 3700 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
20:06:20.0363 3700 lmhosts - ok
20:06:20.0363 3700 LMouKE - ok
20:06:20.0383 3700 lp6nds35 - ok
20:06:20.0383 3700 LPDSVC - ok
20:06:20.0423 3700 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:06:20.0423 3700 LSI_FC - ok
20:06:20.0443 3700 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:06:20.0443 3700 LSI_SAS - ok
20:06:20.0473 3700 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:06:20.0473 3700 LSI_SAS2 - ok
20:06:20.0483 3700 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:06:20.0483 3700 LSI_SCSI - ok
20:06:20.0523 3700 ltxred - ok
20:06:20.0543 3700 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
20:06:20.0543 3700 luafv - ok
20:06:20.0553 3700 lvcomser - ok
20:06:20.0553 3700 lvhidsvc - ok
20:06:20.0563 3700 lwwlicenseservice - ok
20:06:20.0583 3700 lxbu_device - ok
20:06:20.0593 3700 M3AD - ok
20:06:20.0603 3700 mail2ec - ok
20:06:20.0643 3700 maxbackserviceint - ok
20:06:20.0693 3700 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:06:20.0693 3700 MBAMProtector - ok
20:06:20.0913 3700 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:06:20.0953 3700 MBAMScheduler - ok
20:06:21.0003 3700 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:06:21.0023 3700 MBAMService - ok
20:06:21.0033 3700 mcdbus - ok
20:06:21.0043 3700 mcods - ok
20:06:21.0113 3700 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:06:21.0123 3700 Mcx2Svc - ok
20:06:21.0133 3700 mdvrmng - ok
20:06:21.0153 3700 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:06:21.0153 3700 megasas - ok
20:06:21.0183 3700 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:06:21.0183 3700 MegaSR - ok
20:06:21.0193 3700 meiudf - ok
20:06:21.0203 3700 merakpop3 - ok
20:06:21.0213 3700 mfeavfk - ok
20:06:21.0283 3700 Microsoft SharePoint Workspace Audit Service - ok
20:06:21.0293 3700 minilog - ok
20:06:21.0353 3700 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
20:06:21.0353 3700 MMCSS - ok
20:06:21.0393 3700 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
20:06:21.0413 3700 Modem - ok
20:06:21.0413 3700 modemcsa - ok
20:06:21.0483 3700 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:06:21.0483 3700 monitor - ok
20:06:21.0503 3700 motoswitchservice - ok
20:06:21.0543 3700 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:06:21.0543 3700 mouclass - ok
20:06:21.0583 3700 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:06:21.0583 3700 mouhid - ok
20:06:21.0623 3700 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:06:21.0633 3700 mountmgr - ok
20:06:21.0703 3700 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:06:21.0703 3700 MozillaMaintenance - ok
20:06:21.0803 3700 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:06:21.0823 3700 MpFilter - ok
20:06:21.0913 3700 mpfirewl - ok
20:06:21.0953 3700 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
20:06:21.0953 3700 mpio - ok
20:06:22.0303 3700 [ A69630D039C38018689190234F866D77 ] MpKsl3c61cc21 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{207F953E-034D-44AA-8818-76440A481778}\MpKsl3c61cc21.sys
20:06:22.0303 3700 MpKsl3c61cc21 - ok
20:06:22.0363 3700 [ A69630D039C38018689190234F866D77 ] MpKslc4ebaf85 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{207F953E-034D-44AA-8818-76440A481778}\MpKslc4ebaf85.sys
20:06:22.0403 3700 MpKslc4ebaf85 - ok
20:06:22.0433 3700 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:06:22.0433 3700 mpsdrv - ok
20:06:22.0443 3700 mqdmmdm - ok
20:06:22.0483 3700 MREMP50a64 - ok
20:06:22.0483 3700 MRENDIS5 - ok
20:06:22.0503 3700 mrobeservice - ok
20:06:22.0543 3700 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:06:22.0543 3700 MRxDAV - ok
20:06:22.0603 3700 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:06:22.0613 3700 mrxsmb - ok
20:06:22.0653 3700 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:06:22.0653 3700 mrxsmb10 - ok
20:06:22.0663 3700 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:06:22.0673 3700 mrxsmb20 - ok
20:06:22.0693 3700 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
20:06:22.0703 3700 msahci - ok
20:06:22.0733 3700 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:06:22.0733 3700 msdsm - ok
20:06:22.0753 3700 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
20:06:22.0753 3700 MSDTC - ok
20:06:22.0783 3700 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:06:22.0783 3700 Msfs - ok
20:06:22.0793 3700 MSFWDrv - ok
20:06:22.0813 3700 MSFWHLPR - ok
20:06:22.0823 3700 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:06:22.0823 3700 mshidkmdf - ok
20:06:22.0863 3700 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:06:22.0863 3700 msisadrv - ok
20:06:22.0893 3700 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:06:22.0893 3700 MSiSCSI - ok
20:06:22.0893 3700 msiserver - ok
20:06:22.0913 3700 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:06:22.0923 3700 MSKSSRV - ok
20:06:22.0993 3700 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:06:22.0993 3700 MsMpSvc - ok
20:06:23.0013 3700 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:06:23.0013 3700 MSPCLOCK - ok
20:06:23.0023 3700 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:06:23.0023 3700 MSPQM - ok
20:06:23.0043 3700 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:06:23.0043 3700 MsRPC - ok
20:06:23.0073 3700 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:06:23.0073 3700 mssmbios - ok
20:06:23.0093 3700 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:06:23.0093 3700 MSTEE - ok
20:06:23.0133 3700 [ 00C7B2306F1CA5389A1AC6D1DF9C2E25 ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
20:06:23.0133 3700 msvad_simple - ok
20:06:23.0183 3700 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:06:23.0263 3700 MTConfig - ok
20:06:23.0293 3700 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
20:06:23.0293 3700 Mup - ok
20:06:23.0433 3700 mvserver - ok
20:06:23.0433 3700 mxserver - ok
20:06:23.0443 3700 n558 - ok
20:06:23.0554 3700 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
20:06:23.0594 3700 napagent - ok
20:06:23.0754 3700 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:06:23.0794 3700 NativeWifiP - ok
20:06:23.0804 3700 Ncrc710 - ok
20:06:23.0834 3700 ndassvc - ok
20:06:24.0004 3700 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:06:24.0004 3700 NDIS - ok
20:06:24.0054 3700 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:06:24.0054 3700 NdisCap - ok
20:06:24.0094 3700 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:06:24.0094 3700 NdisTapi - ok
20:06:24.0134 3700 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:06:24.0134 3700 Ndisuio - ok
20:06:24.0174 3700 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:06:24.0174 3700 NdisWan - ok
20:06:24.0224 3700 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:06:24.0234 3700 NDProxy - ok
20:06:24.0244 3700 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:06:24.0244 3700 NetBIOS - ok
20:06:24.0284 3700 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:06:24.0284 3700 NetBT - ok
20:06:24.0294 3700 netdetect - ok
20:06:24.0314 3700 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
20:06:24.0314 3700 Netlogon - ok
20:06:24.0364 3700 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
20:06:24.0364 3700 Netman - ok
20:06:24.0404 3700 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
20:06:24.0414 3700 netprofm - ok
20:06:24.0524 3700 [ 6F8480809D14F0594B4B1DF07385DA33 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
20:06:24.0544 3700 netr28u - ok

 

[Gobbler]

20:06:24.0564 3700 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:06:24.0564 3700 NetTcpPortSharing - ok
20:06:24.0594 3700 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:06:24.0614 3700 nfrd960 - ok
20:06:24.0624 3700 ngserver - ok
20:06:24.0624 3700 nidomainservice - ok
20:06:24.0634 3700 nimcrpcsu - ok
20:06:24.0684 3700 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:06:24.0684 3700 NisDrv - ok
20:06:24.0754 3700 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:06:24.0764 3700 NisSrv - ok
20:06:24.0804 3700 NITaggerService - ok
20:06:24.0914 3700 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:06:24.0914 3700 NlaSvc - ok
20:06:24.0994 3700 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:06:25.0074 3700 Npfs - ok
20:06:25.0124 3700 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
20:06:25.0124 3700 nsi - ok
20:06:25.0144 3700 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:06:25.0144 3700 nsiproxy - ok
20:06:25.0144 3700 Nsynas32 - ok
20:06:25.0694 3700 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:06:25.0774 3700 Ntfs - ok
20:06:25.0774 3700 ntiopnp - ok
20:06:25.0784 3700 ntsecure - ok
20:06:25.0834 3700 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
20:06:25.0874 3700 Null - ok
20:06:25.0964 3700 nvedavt - ok
20:06:27.0184 3700 [ 847B1755F7757F825305A1FFE6DAC3E9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:06:27.0235 3700 nvlddmkm - ok
20:06:27.0266 3700 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:06:27.0266 3700 nvraid - ok
20:06:27.0328 3700 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:06:27.0328 3700 nvstor - ok
20:06:27.0469 3700 [ 7C732AFF202DCD06C3D262966D71604C ] nvsvc C:\Windows\system32\nvvsvc.exe
20:06:27.0531 3700 nvsvc - ok
20:06:28.0108 3700 [ 262D2FBF211A88DCB84249DF0F6EF6E7 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:06:28.0124 3700 nvUpdatusService - ok
20:06:28.0171 3700 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:06:28.0186 3700 nv_agp - ok
20:06:28.0186 3700 nwlnkipx - ok
20:06:28.0202 3700 nwlnkspx - ok
20:06:28.0202 3700 NWSIPX32 - ok
20:06:28.0218 3700 NxFsMon - ok
20:06:28.0233 3700 O2SCBUS - ok
20:06:28.0264 3700 odserv - ok
20:06:28.0296 3700 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:06:28.0296 3700 ohci1394 - ok
20:06:28.0327 3700 ooclevercacheagent - ok
20:06:28.0342 3700 OracleOraHome92ClientCache - ok
20:06:28.0436 3700 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:06:28.0436 3700 ose - ok
20:06:29.0060 3700 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:06:29.0216 3700 osppsvc - ok
20:06:29.0247 3700 ovt519 - ok
20:06:29.0263 3700 p2pgasvc - ok
20:06:29.0361 3700 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:06:29.0391 3700 p2pimsvc - ok
20:06:29.0471 3700 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
20:06:29.0481 3700 p2psvc - ok
20:06:29.0521 3700 p3 - ok
20:06:29.0531 3700 parallel - ok
20:06:29.0571 3700 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:06:29.0601 3700 Parport - ok
20:06:29.0671 3700 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:06:29.0671 3700 partmgr - ok
20:06:29.0711 3700 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:06:29.0721 3700 Parvdm - ok
20:06:29.0751 3700 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:06:29.0751 3700 PcaSvc - ok
20:06:29.0811 3700 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
20:06:29.0821 3700 pci - ok
20:06:29.0831 3700 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
20:06:29.0831 3700 pciide - ok
20:06:29.0851 3700 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:06:29.0851 3700 pcmcia - ok
20:06:29.0861 3700 Pctspk - ok
20:06:29.0881 3700 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
20:06:29.0881 3700 pcw - ok
20:06:29.0891 3700 PdiPorts - ok
20:06:29.0931 3700 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:06:29.0941 3700 PEAUTH - ok
20:06:30.0081 3700 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:06:30.0141 3700 PeerDistSvc - ok
20:06:30.0151 3700 penrendezvous - ok
20:06:30.0541 3700 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
20:06:30.0591 3700 pla - ok
20:06:30.0651 3700 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:06:30.0661 3700 PlugPlay - ok
20:06:30.0671 3700 pmsveh - ok
20:06:30.0681 3700 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:06:30.0691 3700 PNRPAutoReg - ok
20:06:30.0701 3700 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:06:30.0711 3700 PNRPsvc - ok
20:06:30.0761 3700 [ 7D7A9C17D5455203DEA11E5EF886CC59 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
20:06:30.0761 3700 Point32 - ok
20:06:30.0821 3700 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:06:30.0841 3700 PolicyAgent - ok
20:06:30.0881 3700 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
20:06:30.0891 3700 Power - ok
20:06:30.0921 3700 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:06:30.0921 3700 PptpMiniport - ok
20:06:30.0931 3700 prism_a02 - ok
20:06:30.0951 3700 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:06:30.0951 3700 Processor - ok
20:06:30.0961 3700 procmon10 - ok
20:06:31.0021 3700 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
20:06:31.0031 3700 ProfSvc - ok
20:06:31.0031 3700 prosync1 - ok
20:06:31.0751 3700 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:06:31.0761 3700 ProtectedStorage - ok
20:06:31.0871 3700 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:06:31.0871 3700 Psched - ok
20:06:31.0881 3700 PTproct - ok
20:06:31.0901 3700 Ptserlp - ok
20:06:31.0911 3700 pxhelp20 - ok
20:06:31.0971 3700 ql1080 - ok
20:06:32.0211 3700 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:06:32.0271 3700 ql2300 - ok
20:06:32.0291 3700 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:06:32.0291 3700 ql40xx - ok
20:06:32.0311 3700 QPCapSvc - ok
20:06:32.0351 3700 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
20:06:32.0351 3700 QWAVE - ok
20:06:32.0361 3700 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:06:32.0371 3700 QWAVEdrv - ok
20:06:32.0371 3700 R300 - ok
20:06:32.0391 3700 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:06:32.0391 3700 RasAcd - ok
20:06:32.0421 3700 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:06:32.0421 3700 RasAgileVpn - ok
20:06:32.0441 3700 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
20:06:32.0441 3700 RasAuto - ok
20:06:32.0461 3700 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:06:32.0461 3700 Rasl2tp - ok
20:06:32.0511 3700 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
20:06:32.0531 3700 RasMan - ok
20:06:32.0541 3700 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:06:32.0551 3700 RasPppoe - ok
20:06:32.0561 3700 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:06:32.0561 3700 RasSstp - ok
20:06:32.0611 3700 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:06:32.0611 3700 rdbss - ok
20:06:32.0621 3700 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:06:32.0621 3700 rdpbus - ok
20:06:32.0651 3700 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:06:32.0651 3700 RDPCDD - ok
20:06:32.0681 3700 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:06:32.0681 3700 RDPDR - ok
20:06:32.0711 3700 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:06:32.0711 3700 RDPENCDD - ok
20:06:32.0741 3700 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:06:32.0741 3700 RDPREFMP - ok
20:06:32.0831 3700 [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:06:32.0831 3700 RdpVideoMiniport - ok
20:06:32.0881 3700 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:06:32.0891 3700 RDPWD - ok
20:06:32.0971 3700 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:06:32.0971 3700 rdyboost - ok
20:06:32.0991 3700 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
20:06:32.0991 3700 RemoteAccess - ok
20:06:33.0021 3700 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:06:33.0021 3700 RemoteRegistry - ok
20:06:33.0071 3700 retroexplauncher - ok
20:06:33.0091 3700 rimvserport - ok
20:06:33.0111 3700 roxupnprenderer - ok
20:06:33.0151 3700 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:06:33.0151 3700 RpcEptMapper - ok
20:06:33.0171 3700 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
20:06:33.0171 3700 RpcLocator - ok
20:06:33.0191 3700 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
20:06:33.0191 3700 RpcSs - ok
20:06:33.0271 3700 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:06:33.0271 3700 rspndr - ok
20:06:33.0281 3700 rt2500 - ok
20:06:33.0321 3700 RTHDMIAzAudService - ok
20:06:33.0331 3700 rtl8023 - ok
20:06:33.0331 3700 RTL8169 - ok
20:06:33.0361 3700 rxfilter - ok
20:06:33.0411 3700 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:06:33.0421 3700 s3cap - ok
20:06:33.0451 3700 s616mgmt - ok
20:06:33.0451 3700 SaiMini - ok
20:06:33.0481 3700 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
20:06:33.0481 3700 SamSs - ok
20:06:33.0551 3700 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:06:33.0551 3700 sbp2port - ok
20:06:33.0581 3700 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:06:33.0581 3700 SCardSvr - ok
20:06:33.0601 3700 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:06:33.0601 3700 scfilter - ok
20:06:33.0781 3700 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
20:06:33.0821 3700 Schedule - ok
20:06:33.0831 3700 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:06:33.0841 3700 SCPolicySvc - ok
20:06:33.0861 3700 sddmi2 - ok
20:06:33.0931 3700 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:06:33.0951 3700 SDRSVC - ok
20:06:33.0961 3700 SE26obex - ok
20:06:33.0961 3700 SE27mdm - ok
20:06:33.0971 3700 se2Bunic - ok
20:06:33.0981 3700 SE2Cmgmt - ok
20:06:33.0981 3700 SE2Emgmt - ok
20:06:33.0991 3700 se2End5 - ok
20:06:34.0161 3700 se44obex - ok
20:06:34.0241 3700 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:06:34.0241 3700 secdrv - ok
20:06:34.0261 3700 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
20:06:34.0271 3700 seclogon - ok
20:06:34.0301 3700 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
20:06:34.0301 3700 SENS - ok
20:06:34.0321 3700 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:06:34.0341 3700 SensrSvc - ok
20:06:34.0341 3700 sentinel - ok
20:06:34.0361 3700 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:06:34.0361 3700 Serenum - ok
20:06:34.0361 3700 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:06:34.0371 3700 Serial - ok
20:06:34.0391 3700 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:06:34.0391 3700 sermouse - ok
20:06:34.0461 3700 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
20:06:34.0471 3700 SessionEnv - ok
20:06:34.0501 3700 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:06:34.0501 3700 sffdisk - ok
20:06:34.0521 3700 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:06:34.0521 3700 sffp_mmc - ok
20:06:34.0531 3700 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:06:34.0541 3700 sffp_sd - ok
20:06:34.0551 3700 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:06:34.0551 3700 sfloppy - ok
20:06:34.0571 3700 shdserv - ok
20:06:34.0592 3700 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:06:34.0602 3700 ShellHWDetection - ok
20:06:34.0612 3700 Shockprf - ok
20:06:34.0612 3700 simbad - ok
20:06:34.0622 3700 SimpTcp - ok
20:06:34.0672 3700 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:06:34.0692 3700 sisagp - ok
20:06:34.0712 3700 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:06:34.0712 3700 SiSRaid2 - ok
20:06:34.0732 3700 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:06:34.0732 3700 SiSRaid4 - ok
20:06:34.0742 3700 sit_mdm - ok
20:06:34.0742 3700 slapd-data52 - ok
20:06:34.0762 3700 Slntamr - ok
20:06:34.0772 3700 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:06:34.0782 3700 Smb - ok
20:06:34.0782 3700 smrt - ok
20:06:34.0842 3700 smwdm - ok
20:06:34.0852 3700 snapman - ok
20:06:34.0852 3700 SNC - ok
20:06:34.0892 3700 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:06:34.0902 3700 SNMPTRAP - ok
20:06:34.0902 3700 snoopfree - ok
20:06:34.0912 3700 spcsutilityservice - ok
20:06:34.0922 3700 speedfan - ok
20:06:34.0942 3700 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
20:06:34.0942 3700 spldr - ok
20:06:35.0002 3700 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
20:06:35.0052 3700 Spooler - ok
20:06:35.0322 3700 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
20:06:35.0342 3700 sppsvc - ok
20:06:35.0392 3700 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:06:35.0402 3700 sppuinotify - ok
20:06:35.0502 3700 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:06:35.0552 3700 srv - ok
20:06:35.0562 3700 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:06:35.0572 3700 srv2 - ok
20:06:35.0583 3700 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:06:35.0583 3700 srvnet - ok
20:06:35.0583 3700 sscdmdm - ok
20:06:35.0613 3700 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:06:35.0623 3700 SSDPSRV - ok
20:06:35.0623 3700 ssrvc - ok
20:06:35.0643 3700 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:06:35.0653 3700 SstpSvc - ok
20:06:35.0673 3700 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:06:35.0673 3700 stexstor - ok
20:06:35.0713 3700 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
20:06:35.0723 3700 StiSvc - ok
20:06:35.0763 3700 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:06:35.0763 3700 storflt - ok
20:06:35.0843 3700 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:06:35.0843 3700 storvsc - ok
20:06:35.0853 3700 streamloadservice - ok
20:06:35.0863 3700 stunnel - ok
20:06:35.0873 3700 stylexpservice - ok
20:06:35.0903 3700 susbser - ok
20:06:35.0943 3700 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
20:06:35.0943 3700 swenum - ok
20:06:35.0963 3700 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
20:06:35.0973 3700 swprv - ok
20:06:35.0983 3700 symantecantibotagent - ok
20:06:35.0983 3700 symantecantibotwatcher - ok
20:06:35.0993 3700 symc810 - ok
20:06:36.0003 3700 symc8xx - ok
20:06:36.0013 3700 sym_u3 - ok
20:06:36.0023 3700 Synth3dVsc - ok
20:06:36.0063 3700 sysdown - ok
20:06:36.0131 3700 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
20:06:36.0147 3700 SysMain - ok
20:06:36.0163 3700 Tablet2k - ok
20:06:36.0218 3700 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:06:36.0268 3700 TabletInputService - ok
20:06:36.0352 3700 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
20:06:36.0361 3700 TapiSrv - ok
20:06:36.0371 3700 tappsrv - ok
20:06:36.0401 3700 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
20:06:36.0401 3700 TBS - ok
20:06:36.0722 3700 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:06:36.0792 3700 Tcpip - ok
20:06:37.0112 3700 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:06:37.0122 3700 TCPIP6 - ok
20:06:37.0282 3700 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:06:37.0282 3700 tcpipreg - ok
20:06:37.0392 3700 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:06:37.0392 3700 TDPIPE - ok
20:06:37.0702 3700 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:06:37.0712 3700 TDTCP - ok
20:06:37.0762 3700 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:06:37.0782 3700 tdx - ok
20:06:37.0842 3700 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:06:37.0842 3700 TermDD - ok
20:06:37.0902 3700 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
20:06:37.0912 3700 TermService - ok
20:06:37.0922 3700 tfsnboio - ok
20:06:37.0942 3700 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
20:06:37.0942 3700 Themes - ok
20:06:37.0952 3700 thotkey - ok
20:06:37.0962 3700 thpsrv - ok
20:06:37.0982 3700 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
20:06:37.0982 3700 THREADORDER - ok
20:06:38.0022 3700 TMBUS - ok
20:06:38.0032 3700 tme3srv - ok
20:06:38.0052 3700 tomcatcws3 - ok
20:06:38.0062 3700 toshidpt - ok
20:06:38.0072 3700 tosrfusb - ok
20:06:38.0082 3700 tphdexlgsvc - ok
20:06:38.0092 3700 TPM - ok
20:06:38.0102 3700 transactional - ok
20:06:38.0142 3700 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
20:06:38.0142 3700 TrkWks - ok
20:06:38.0292 3700 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:06:38.0302 3700 TrustedInstaller - ok
20:06:38.0352 3700 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:06:38.0372 3700 tssecsrv - ok
20:06:38.0432 3700 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:06:38.0442 3700 TsUsbFlt - ok
20:06:38.0452 3700 tsusbhub - ok
20:06:38.0482 3700 TuneUp.Defrag - ok
20:06:38.0512 3700 TuneUp.ProgramStatisticsSvc - ok
20:06:38.0512 3700 tunmp - ok
20:06:38.0562 3700 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:06:38.0652 3700 tunnel - ok
20:06:38.0662 3700 tvichw32 - ok
20:06:38.0672 3700 U81xobex - ok
20:06:38.0762 3700 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:06:38.0772 3700 uagp35 - ok
20:06:38.0792 3700 UCTblHid - ok
20:06:38.0822 3700 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:06:38.0822 3700 udfs - ok
20:06:38.0882 3700 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:06:38.0882 3700 UI0Detect - ok
20:06:38.0912 3700 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:06:38.0922 3700 uliagpkx - ok
20:06:38.0932 3700 ultra66 - ok
20:06:39.0002 3700 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
20:06:39.0002 3700 umbus - ok
20:06:39.0012 3700 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:06:39.0022 3700 UmPass - ok
20:06:39.0062 3700 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
20:06:39.0062 3700 UmRdpService - ok
20:06:39.0092 3700 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
20:06:39.0102 3700 upnphost - ok
20:06:39.0102 3700 upsentry_smart - ok
20:06:39.0122 3700 us30sys - ok
20:06:39.0132 3700 usb20l - ok
20:06:39.0192 3700 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:06:39.0192 3700 USBAAPL - ok
20:06:39.0222 3700 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:06:39.0242 3700 usbaudio - ok
20:06:39.0282 3700 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:06:39.0282 3700 usbccgp - ok
20:06:39.0302 3700 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:06:39.0322 3700 usbcir - ok
20:06:39.0362 3700 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:06:39.0382 3700 usbehci - ok
20:06:39.0422 3700 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:06:39.0442 3700 usbhub - ok
20:06:39.0482 3700 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:06:39.0492 3700 usbohci - ok
20:06:39.0622 3700 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:06:39.0632 3700 usbprint - ok
20:06:39.0672 3700 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:06:39.0712 3700 usbscan - ok
20:06:39.0732 3700 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:06:39.0742 3700 USBSTOR - ok
20:06:39.0752 3700 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:06:39.0752 3700 usbuhci - ok
20:06:39.0862 3700 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
20:06:39.0862 3700 UxSms - ok
20:06:39.0882 3700 V0070VID - ok
20:06:39.0892 3700 v124 - ok
20:06:39.0892 3700 VAIOMediaPlatform-PhotoServer-HTTP - ok
20:06:39.0902 3700 vaiomediaplatform-videoserver-appserver - ok
20:06:39.0932 3700 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
20:06:39.0932 3700 VaultSvc - ok
20:06:39.0952 3700 vcomm - ok
20:06:39.0982 3700 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:06:39.0982 3700 vdrvroot - ok
20:06:40.0032 3700 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
20:06:40.0042 3700 vds - ok
20:06:40.0082 3700 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:06:40.0082 3700 vga - ok
20:06:40.0102 3700 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:06:40.0102 3700 VgaSave - ok
20:06:40.0112 3700 VGPU - ok
20:06:40.0142 3700 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:06:40.0142 3700 vhdmp - ok
20:06:40.0182 3700 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:06:40.0192 3700 viaagp - ok
20:06:40.0202 3700 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:06:40.0202 3700 ViaC7 - ok
20:06:40.0252 3700 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
20:06:40.0252 3700 viaide - ok
20:06:40.0262 3700 VirtualCam - ok
20:06:40.0272 3700 VirtualFD - ok
20:06:40.0322 3700 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:06:40.0322 3700 vmbus - ok
20:06:40.0342 3700 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:06:40.0342 3700 VMBusHID - ok
20:06:40.0352 3700 vncdrv - ok
20:06:40.0382 3700 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:06:40.0382 3700 volmgr - ok
20:06:40.0412 3700 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:06:40.0412 3700 volmgrx - ok
20:06:40.0432 3700 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:06:40.0432 3700 volsnap - ok
20:06:40.0442 3700 vproeventmonitor - ok
20:06:40.0452 3700 VrAcFil - ok
20:06:40.0462 3700 vrmonsvc - ok
20:06:40.0492 3700 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:06:40.0492 3700 vsmraid - ok
20:06:40.0552 3700 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
20:06:40.0592 3700 VSS - ok
20:06:40.0612 3700 vulfnths - ok
20:06:40.0632 3700 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:06:40.0642 3700 vwifibus - ok
20:06:40.0672 3700 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:06:40.0672 3700 vwififlt - ok
20:06:40.0722 3700 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
20:06:40.0732 3700 W32Time - ok
20:06:40.0742 3700 w800obex - ok
20:06:40.0762 3700 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:06:40.0782 3700 WacomPen - ok
20:06:40.0862 3700 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:06:40.0862 3700 WANARP - ok
20:06:40.0872 3700 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:06:40.0872 3700 Wanarpv6 - ok
20:06:40.0952 3700 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:06:41.0022 3700 WatAdminSvc - ok
20:06:41.0233 3700 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
20:06:41.0311 3700 wbengine - ok
20:06:41.0405 3700 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:06:41.0420 3700 WbioSrvc - ok
20:06:41.0451 3700 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:06:41.0451 3700 wcncsvc - ok
20:06:41.0483 3700 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:06:41.0514 3700 WcsPlugInService - ok
20:06:41.0545 3700 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:06:41.0561 3700 Wd - ok
20:06:41.0592 3700 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:06:41.0592 3700 Wdf01000 - ok
20:06:41.0607 3700 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:06:41.0607 3700 WdiServiceHost - ok
20:06:41.0623 3700 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:06:41.0623 3700 WdiSystemHost - ok
20:06:41.0685 3700 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
20:06:41.0685 3700 WebClient - ok
20:06:41.0701 3700 webrootcommagentservice - ok
20:06:41.0717 3700 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:06:41.0717 3700 Wecsvc - ok
20:06:41.0763 3700 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:06:41.0779 3700 wercplsupport - ok
20:06:41.0841 3700 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
20:06:41.0841 3700 WerSvc - ok
20:06:41.0904 3700 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:06:41.0919 3700 WfpLwf - ok
20:06:41.0935 3700 wfxsvc - ok
20:06:41.0951 3700 WGX - ok
20:06:41.0997 3700 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:06:41.0997 3700 WIMMount - ok
20:06:41.0997 3700 WinHttpAutoProxySvc - ok
20:06:42.0091 3700 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:06:42.0091 3700 Winmgmt - ok
20:06:42.0153 3700 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
20:06:42.0169 3700 WinRM - ok
20:06:42.0263 3700 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:06:42.0278 3700 WinUsb - ok
20:06:42.0606 3700 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:06:42.0656 3700 Wlansvc - ok
20:06:42.0666 3700 wlidsvc - ok
20:06:42.0677 3700 wmccds - ok
20:06:42.0727 3700 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:06:42.0727 3700 WmiAcpi - ok
20:06:42.0787 3700 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:06:42.0787 3700 wmiApSrv - ok
20:06:42.0867 3700 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:06:42.0877 3700 WMPNetworkSvc - ok
20:06:42.0947 3700 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:06:43.0047 3700 WPCSvc - ok
20:06:43.0127 3700 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:06:43.0147 3700 WPDBusEnum - ok
20:06:43.0167 3700 wps - ok
20:06:43.0217 3700 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:06:43.0217 3700 ws2ifsl - ok
20:06:43.0227 3700 WSearch - ok
20:06:43.0287 3700 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:06:43.0307 3700 WudfPf - ok
20:06:43.0357 3700 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:06:43.0387 3700 WUDFRd - ok
20:06:43.0497 3700 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:06:43.0527 3700 wudfsvc - ok
20:06:43.0698 3700 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
20:06:43.0738 3700 WwanSvc - ok
20:06:43.0768 3700 XilinxPC4Driver - ok
20:06:43.0928 3700 z525bus - ok
20:06:43.0968 3700 zdeviceservice - ok
20:06:44.0008 3700 ZDPNDIS5 - ok
20:06:44.0018 3700 ZDPSp50 - ok
20:06:44.0018 3700 zebrceb - ok
20:06:44.0058 3700 zntport - ok
20:06:44.0078 3700 ZSMC211 - ok
20:06:44.0108 3700 ZY202_XP - ok
20:06:44.0128 3700 {6080a529-897e-4629-a488-aba0c29b635e} - ok
20:06:44.0138 3700 ================ Scan global ===============================
20:06:44.0218 3700 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
20:06:44.0378 3700 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:06:44.0398 3700 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
20:06:44.0468 3700 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
20:06:44.0538 3700 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
20:06:44.0538 3700 [Global] - ok
20:06:44.0548 3700 ================ Scan MBR ==================================
20:06:44.0568 3700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:06:49.0869 3700 \Device\Harddisk0\DR0 - ok
20:06:49.0879 3700 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
20:06:49.0879 3700 \Device\Harddisk1\DR1 - ok
20:06:49.0879 3700 ================ Scan VBR ==================================
20:06:49.0889 3700 [ D8A25C9032AF79CA9ED870F5FFA25B69 ] \Device\Harddisk0\DR0\Partition1
20:06:49.0909 3700 \Device\Harddisk0\DR0\Partition1 - ok

 

[Gobbler]

I downloaded one of the programs at a time and ran them right after I downloaded them in the order that they were posted on the post, I didn't do a very good job of posting them in order sorry.

 

[Broni]

OK.
I still need aswMBR log.

 

[Gobbler]

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 17:59:10
-----------------------------
17:59:10.130 OS Version: Windows 6.1.7601 Service Pack 1
17:59:10.130 Number of processors: 2 586 0xF06
17:59:10.130 ComputerName: JOSH-PC UserName: Josh
17:59:11.359 Initialize success
17:59:21.621 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:59:21.621 Disk 0 Vendor: ST350064 3.AD Size: 476940MB BusType: 8
17:59:21.637 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
17:59:21.637 Disk 1 Vendor: WDC_WD20 04.0 Size: 1907729MB BusType: 8
17:59:21.637 Disk 0 MBR read successfully
17:59:21.652 Disk 0 MBR scan
17:59:21.652 Disk 0 Windows 7 default MBR code
17:59:21.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:59:21.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
17:59:21.684 Disk 0 scanning sectors +976771072
17:59:21.762 Disk 0 scanning C:\Windows\system32\drivers
17:59:28.326 Service scanning
17:59:36.500 Service MpKslc4ebaf85 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{207F953E-034D-44AA-8818-76440A481778}\MpKslc4ebaf85.sys **LOCKED** 32
17:59:45.579 Modules scanning
18:00:08.642 Disk 0 trace - called modules:
18:00:08.642
18:00:08.658 Scan finished successfully
18:02:13.860 Disk 0 MBR has been saved successfully to "C:\Users\Josh\Desktop\MBR.dat"
18:02:13.860 The log file has been saved successfully to "C:\Users\Josh\Desktop\aswMBR.txt"

 

[Broni]

Good

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Gobbler]

Thanks I was getting lost where one log began and where one ended.

 

[Gobbler]

Alright here is the latest log.

ComboFix 12-11-16.02 - Josh 11/17/2012 21:09:38.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2010 [GMT -8:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB17208$
c:\windows\$NtUninstallKB17208$\4224694519\L\xadqgnnk
c:\windows\system32\dds_trash_log.cmd
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 05:24 . 2012-11-18 06:20 -------- d-----w- c:\users\Josh\AppData\Local\temp
2012-11-18 05:24 . 2012-11-18 05:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-18 05:24 . 2012-11-18 05:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-18 05:07 . 2012-11-18 05:27 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207F953E-034D-44AA-8818-76440A481778}\offreg.dll
2012-11-18 04:02 . 2012-10-24 17:50 96224 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-18 04:02 . 2012-10-24 17:50 157272 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-11-18 04:02 . 2012-10-24 17:50 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-11-18 03:50 . 2012-08-21 21:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-18 03:50 . 2012-11-18 03:50 -------- d-----w- C:\Mozilla Plugins
2012-11-18 03:50 . 2012-11-18 03:50 -------- d-----w- C:\iTunesMiniPlayer.Resources
2012-11-18 03:50 . 2012-11-18 03:50 -------- d-----w- C:\iTunesHelper.Resources
2012-11-18 03:49 . 2012-11-18 03:50 -------- d-----w- C:\iTunes.Resources
2012-11-18 03:49 . 2012-11-18 03:49 -------- d-----w- c:\program files\iPod
2012-11-18 03:49 . 2012-11-18 03:50 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-11-18 03:49 . 2012-11-18 03:49 -------- d-----w- C:\CD Configuration
2012-11-18 03:48 . 2012-11-18 05:07 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-17 00:48 . 2012-10-17 09:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{207F953E-034D-44AA-8818-76440A481778}\mpengine.dll
2012-11-16 05:54 . 2012-11-16 05:54 -------- d-----w- C:\FRST
2012-10-25 11:12 . 2012-10-25 11:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 11:12 . 2012-10-25 11:12 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 02:08 . 2012-04-10 21:44 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-17 02:08 . 2011-08-04 18:09 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-30 03:54 . 2012-04-10 21:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-10 07:30 . 2012-09-10 07:30 293776 ----a-w- C:\iTunesOutlookAddIn.dll
2012-09-10 07:30 . 2012-09-10 07:30 124816 ----a-w- C:\iTunesMiniPlayer.dll
2012-09-10 07:30 . 2012-09-10 07:30 421776 ----a-w- C:\iTunesHelper.exe
2012-09-10 07:30 . 2012-09-10 07:30 403344 ----a-w- C:\iTunesAdmin.dll
2012-09-10 07:30 . 2012-09-10 07:30 156560 ----a-w- C:\iTunesHelper.dll
2012-09-10 07:30 . 2012-09-10 07:30 9777040 ----a-w- C:\iTunes.exe
2012-09-10 07:30 . 2012-09-10 07:30 21131152 ----a-w- C:\iTunes.dll
2012-09-10 07:30 . 2012-09-10 07:30 776216 ----a-w- C:\gnsdk_sdkmanager.dll
2012-09-10 07:30 . 2012-09-10 07:30 3008536 ----a-w- C:\gnsdk_dsp.dll
2012-09-10 07:30 . 2012-09-10 07:30 262680 ----a-w- C:\gnsdk_submit.dll
2012-09-10 07:30 . 2012-09-10 07:30 219672 ----a-w- C:\gnsdk_musicid.dll
2012-09-10 07:30 . 2012-09-10 07:30 2011024 ----a-w- C:\iPodUpdaterExt.dll
2012-08-21 21:01 . 2011-08-06 23:32 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-10-24 17:50 . 2012-11-18 03:47 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
"iTunesHelper"="C:\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-6-13 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NETSVCS REQUIRES REPAIRS - current entries shown
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Ias
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
ami0nt
tomcatcws3
aswtdi
mxserver
retroexplauncher
NITaggerService
iAimFP7
hf30service
TPM
symantecantibotwatcher
R300
HabuFltr
lxbu_device
ifp800
flashpnt
atchksrv
ZDPNDIS5
kwatchsvc
lirsgt
bocdrive
vaiomediaplatform-videoserver-appserver
RTHDMIAzAudService
bb-run
kpf4
vcomm
SNC
zdeviceservice
ZDPSp50
curtainssyssvc
ATKGFNEXSrv
apache2
fasttrackinstallerservice
mdvrmng
simbad
dpc_srv_webcast
webrootcommagentservice
avc
vproeventmonitor
tphdexlgsvc
ovt519
tvichw32
avsvcmonitor
LKbdFlt2
cpqvcagent
se44obex
driverhardwarev2
NxFsMon
sddmi2
v124
n558
ultra66
VirtualFD
snapman
Dfs
thpsrv
mqdmmdm
ZSMC211
backupexecrpcservice
nvedavt
cq_mem
penrendezvous
b57w2k
ntiopnp
zebrceb
dot4ufd
aslm75
dklogger
sentinel
SE27mdm
F700imd
nidomainservice
O2SCBUS
shdserv
OracleOraHome92ClientCache
cpsvc
VrAcFil
Atmuni
Ptserlp
bgsvcgen
DivisCTP
merakpop3
Tablet2k
DcCam
gs30s
CcmExec
rt2500
admjoy
upsentry_smart
nimcrpcsu
MSFWDrv
crystaloutputfileserver
tunmp
JRAID
Shockprf
ctusfsyn
FVXSCSI
application
tosrfusb
btcsrusb
PdiPorts
M3AD
ntsecure
hpwirelessmgr
vncdrv
contentindex
lp6nds35
3comtftp
stylexpservice
SaiMini
toshidpt
digictrl
TMBUS
k750bus
atksgt
speedfan
streamloadservice
imonitor
ZY202_XP
DeviceScanner
mail2ec
sym_u3
usb20l
ldlcserv
ino_flpy
jsdaemon
ARCSOFTVIRTUALCAPTURE
HssSrv
hsfhwazl
bdrsdrv
FTDIBUS
VirtualCam
pxhelp20
mcdbus
contentfilter
symc810
ndassvc
HWIONT
DSI_SiUSBXp_3_1
JiaoCap
spcsutilityservice
z525bus
3combootp
centennialiptransferagent
tappsrv
L1e
rimvserport
dsncservice
wps
backupclientsvc
U81xobex
icraplus
zntport
dbmang
avg7rsw
UCTblHid
KLOGNT
TuneUp.ProgramStatisticsSvc
mpfirewl
mrobeservice
thotkey
ql1080
caccprovsp
CnxTrUsb
ifxspmgtsrv
HSX_DP
cpqdmi
se2End5
LMouKE
i2omgmt
XilinxPC4Driver
bthpan
CDRPDACC
symc8xx
p3
nwlnkipx
CoachVc
avsinc
hap17v2k
motoswitchservice
iolo_srv
dmload
Slntamr
Amsmpu4p
WGX
p2pgasvc
sit_mdm
ATIBTXBAR
hSONYPVh
tme3srv
slapd-data52
dvd-ram_service
arp1394
CVPNDRVA
snoopfree
netdetect
Nsynas32
LHidKe
cfsvcs
hpqddsvc
SE2Emgmt
lvcomser
ELacpi
ftrtsvc
eeyeevnt
CdaC15BA
PTproct
transactional
Invoker
CE3
wlidsvc
vrmonsvc
parallel
bmuservice
smrt
aexnsclient
NWSIPX32
iaantmon
us30sys
se2Bunic
FireTDI
QPCapSvc
mcods
ssrvc
prism_a02
SE26obex
sscdmdm
VAIOMediaPlatform-PhotoServer-HTTP
d-link_st3402
hcmon
ACDaemon
cisvc
lwwlicenseservice
procmon10
MRENDIS5
cbidf
adsservice
ngserver
iolodmv
lhidflt2
w800obex
Ncrc710
wmccds
{6080a529-897e-4629-a488-aba0c29b635e}
Pctspk
pmsveh
vulfnths
SimpTcp
CTHWIUT.DLL
abnetmon
prosync1
LPDSVC
rxfilter
epfwtdi
RTL8169
TuneUp.Defrag
tfsnboio
symantecantibotagent
ooclevercacheagent
bgmainsvc
GVCplDrv
DNE
modemcsa
V0070VID
nwlnkspx
ikfilesec
rtl8023
CTMMOUNT
dwusbdnt
dbmanagerscheduler
maxbackserviceint
susbser
wfxsvc
MREMP50a64
odserv
roxupnprenderer
armoucfltr
s616mgmt
hsvcmod
minilog
db2
dlbx_device
MSFWHLPR
ikhlayer
client32
lvhidsvc
meiudf
stunnel
sysdown
mvserver
ltxred
smwdm
SE2Cmgmt
mfeavfk
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
BDESVC
AppMgmt
.
Rebuilding ... You need to reboot your machine for this to take effect.
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:08]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 06:48]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-14 06:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l200lb69.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\Coupons.com CouponBar\tbcore3.dll
HKCU-Run-PlayOn - c:\program files\MediaMall\PlayOn.exe
HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
SafeBoot-48930758.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-11-17 22:23:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-18 06:23
.
Pre-Run: 113,028,571,136 bytes free
Post-Run: 115,978,592,256 bytes free
.
- - End Of File - - A83491BDF68C893C5C424814D671A00D

 

[Broni]

Looks good

Any current issues?

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Gobbler]

There are no current issues.Here is the latest log.

OTL logfile created on: 11/19/2012 6:56:43 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Josh\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 50.82% Memory free
5.99 Gb Paging File | 4.36 Gb Available in Paging File | 72.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 104.79 Gb Free Space | 22.50% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 670.01 Gb Free Space | 35.96% Space Free | Partition Type: NTFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 18:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
PRC - [2012/11/16 18:08:17 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/24 09:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/02 11:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 11:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/09 23:30:34 | 000,421,776 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe
PRC - [2012/08/29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 15:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/16 18:08:16 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/24 09:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 14:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 14:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswrdr.dll -- (ZY202_XP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (ZSMC211)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WBHWDOCT.dll -- (zntport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (zebrceb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se26nd5.dll -- (ZDPSp50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (ZDPNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSMQTriggers.dll -- (zdeviceservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mgabg.dll -- (z525bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxhelp20.dll -- (XilinxPC4Driver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv.dll -- (wps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amfilter.dll -- (wmccds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (wlidsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\schscnt.dll -- (WGX)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bridge.dll -- (wfxsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cltnetcnservice.dll -- (webrootcommagentservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (w800obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELmon.dll -- (vulfnths)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aiclient.dll -- (vrmonsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (VrAcFil)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifsfilter.dll -- (vproeventmonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensewfreportserver.dll -- (vncdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmd.dll -- (VirtualFD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fltmgr.dll -- (VirtualCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVerBDA.dll -- (vcomm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (vaiomediaplatform-videoserver-appserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ACDaemon.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnsx25.dll -- (v124)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABProcEnum.dll -- (V0070VID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservauth.dll -- (usb20l)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winvnc.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSDrv4.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWADI.dll -- (ultra66)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WUSB54Gv4SVC.dll -- (UCTblHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\d-link_st3402.dll -- (U81xobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DM9102.dll -- (tvichw32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KMWDFilter.dll -- (tunmp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EMSCR.dll -- (TuneUp.ProgramStatisticsSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vclone.dll -- (TuneUp.Defrag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JL2005C.dll -- (transactional)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\service.dll -- (TPM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsejcap.dll -- (tphdexlgsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CADlink.dll -- (tosrfusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intelroam.dll -- (toshidpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsnudfa.dll -- (tomcatcws3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\coste.dll -- (tme3srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (TMBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AMDPCI.dll -- (thpsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifm21.dll -- (thotkey)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716nd5.dll -- (tfsnboio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SRTSP.dll -- (tappsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanarp.dll -- (Tablet2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sqlserveragent.dll -- (sysdown)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usnjsvc.dll -- (symc8xx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ptserlp.dll -- (symc810)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (symantecantibotwatcher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdralw2k.dll -- (symantecantibotagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vet-rec.dll -- (sym_u3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viamraid.dll -- (susbser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\thinkpadmodemservice.dll -- (stylexpservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\digictrl.dll -- (stunnel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VrAcFil.dll -- (streamloadservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovmsmaccessmanager.dll -- (ssrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pelmouse.dll -- (sscdmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amdagp.dll -- (speedfan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavfnsvr.dll -- (spcsutilityservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsbrokerservice.dll -- (snoopfree)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\profos.dll -- (SNC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nod32krn.dll -- (snapman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELhid.dll -- (smwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epiusb.dll -- (smrt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpcbus.dll -- (Slntamr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mdfl.dll -- (slapd-data52)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MxlW2k.dll -- (sit_mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgntflt.dll -- (SimpTcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MREMP50a64.dll -- (simbad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cfgwzsvc.dll -- (Shockprf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmBEnum.dll -- (shdserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sentinel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELhid.dll -- (se44obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n3900.dll -- (se2End5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\guardian2.dll -- (SE2Emgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SPCtl.dll -- (SE2Cmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmbus.dll -- (se2Bunic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbx_device.dll -- (SE27mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lockmgr.dll -- (SE26obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (sddmi2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vclone.dll -- (SaiMini)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (s616mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slee_503_service.dll -- (rxfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bb-run.dll -- (RTL8169)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\suservice.dll -- (rtl8023)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VC4CB104.dll -- (RTHDMIAzAudService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DXEC02.dll -- (rt2500)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (roxupnprenderer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1080.dll -- (rimvserport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avidsdmservice.dll -- (retroexplauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp90.dll -- (R300)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcmerced.dll -- (QPCapSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\v124.dll -- (ql1080)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pvservice.dll -- (pxhelp20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB_RNDIS_XP.dll -- (Ptserlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p1110vid.dll -- (PTproct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emproxy.dll -- (prosync1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Intels51.dll -- (prism_a02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmp54gsvc.dll -- (pmsveh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\toshidpt.dll -- (penrendezvous)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcstb.dll -- (PdiPorts)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trackcam4.dll -- (Pctspk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsssvc.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nhcDriverDevice.dll -- (p3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XDva004.dll -- (p2pgasvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpsscannersvc.dll -- (ovt519)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovt519.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116mgmt.dll -- (ooclevercacheagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsbrokerservice.dll -- (odserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lockmgr.dll -- (O2SCBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcrypt.dll -- (NxFsMon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcEPECioctl.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59unic.dll -- (nwlnkspx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s3savagemx.dll -- (nwlnkipx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xusb21.dll -- (nvedavt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kl1.dll -- (ntsecure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sony_ssm.sys.dll -- (ntiopnp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atiavaiw.dll -- (Nsynas32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhmdfl.dll -- (NITaggerService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (nimcrpcsu)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dashsvc.dll -- (nidomainservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\noipducservice.dll -- (ngserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asp.net_1.1.4322.dll -- (netdetect)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDCNDIS5.dll -- (ndassvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (Ncrc710)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotshim.dll -- (n558)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC301b.dll -- (mxserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700imd.dll -- (mvserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELacpi.dll -- (MSFWHLPR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\armoucfltr.dll -- (MSFWDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siside.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvax.dll -- (MRENDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (MREMP50a64)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVR0Dev.dll -- (mqdmmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (mpfirewl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symlcbrd.dll -- (motoswitchservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trufos.dll -- (modemcsa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (minilog)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebmsg.dll -- (mfeavfk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\httpfilter.dll -- (merakpop3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dladresm.dll -- (meiudf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atimtag.dll -- (mdvrmng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atitool.dll -- (mcods)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (mcdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_client-forms6ip14.dll -- (maxbackserviceint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hidgame.dll -- (mail2ec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdr4_xp.dll -- (M3AD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sis315.dll -- (lxbu_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\earthlinksafeconnectagent.dll -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ktp.dll -- (lvhidsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sit_mdm.dll -- (lvcomser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdftdif.dll -- (ltxred)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmagt.dll -- (LPDSVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pae_avs.dll -- (lp6nds35)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOPSWD.dll -- (LMouKE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWUSBPort.dll -- (LKbdFlt2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sentinel.dll -- (lirsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avidsdmservice.dll -- (LHidKe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (lhidflt2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrjd31s.dll -- (ldlcserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scanwscs.dll -- (L1e)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\admservice.dll -- (kwatchsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bwmservice.dll -- (kpf4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avfilter.dll -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\licensemanagersocket.dll -- (k750bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmHidLo.dll -- (jsdaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpctcom.dll -- (JRAID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VIAPFD.dll -- (JiaoCap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmasrex.dll -- (iolodmv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (iolo_srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hkmsvc.dll -- (Invoker)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SymIM.dll -- (ino_flpy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lirsgt.dll -- (imonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RVIEG01.dll -- (ikhlayer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\akshasp.dll -- (ikfilesec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC301b.dll -- (ifxspmgtsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vulfntrs.dll -- (ifp800)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA-620.dll -- (icraplus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ProcObsrv.dll -- (iAimFP7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gv3.dll -- (iaantmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\redbook.dll -- (i2omgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\volsnap.dll -- (HWIONT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HFACSVC.dll -- (HSX_DP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mdfl.dll -- (hsvcmod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-admserv61.dll -- (HssSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafreportscheduler.dll -- (hSONYPVh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rslinxng.dll -- (hsfhwazl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcredirector.dll -- (hpwirelessmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msmpsvc.dll -- (hpqddsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cser.dll -- (hf30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdfl.dll -- (hcmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxce_device.dll -- (hap17v2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lanmanserver.dll -- (HabuFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snpstd2.dll -- (GVCplDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hamachi.dll -- (gs30s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (FVXSCSI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARPolicy.dll -- (ftrtsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RadProbe.dll -- (FTDIBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Cnd5.dll -- (flashpnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GTSCSER.dll -- (FireTDI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125bus.dll -- (fasttrackinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleservicelocalora.dll -- (F700imd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (epfwtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\disk.dll -- (ELacpi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\comhost.dll -- (eeyeevnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavfnsvr.dll -- (dwusbdnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ifxspmgtsrv.dll -- (dvd-ram_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snare.dll -- (dsncservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mraid35x.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gusvc.dll -- (driverhardwarev2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kl1.dll -- (dpc_srv_webcast)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vulfnths.dll -- (dot4ufd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\naimagent32.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (dmload)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ageremodemaudio.dll -- (d-link_st3402)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aslm75.dll -- (dlbx_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMCB000.dll -- (dklogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\itmrtsvc.dll -- (DivisCTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavdrv.dll -- (digictrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\omniusbl.dll -- (Dfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsks.dll -- (DeviceScanner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZY202_XP.dll -- (DcCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\papyjoy.dll -- (dbmang)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (dbmanagerscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (db2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTDevice_Srv.dll -- (CVPNDRVA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (curtainssyssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonbidirectionalservice.dll -- (ctusfsyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\V0070VID.dll -- (CTMMOUNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DN2AKNET.dll -- (CTHWIUT.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rupsmon.dll -- (crystaloutputfileserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asapiw2k.dll -- (cq_mem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmdmpmsn.dll -- (cpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Xyz777s.dll -- (cpqvcagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\revudfservice.dll -- (cpqdmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xpadminserver.dll -- (contentindex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i2omgmt.dll -- (contentfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICM.dll -- (CoachVc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raspti.dll -- (CnxTrUsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mysql.dll -- (client32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nscirda.dll -- (cfsvcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asapiw2k.dll -- (centennialiptransferagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CnxTrLan.dll -- (CE3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOPSWD.dll -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhserd.dll -- (CdaC15BA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk21.dll -- (CcmExec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbvideo.dll -- (cbidf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nuvvid2.dll -- (caccprovsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfhlp01.dll -- (bthpan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xpadminserver.dll -- (btcsrusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (bocdrive)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AKSIFDH.dll -- (bmuservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nhcDriverDevice.dll -- (bgsvcgen)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mnmsrvc.dll -- (bgmainsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ld51ocnucsnp.dll -- (bdrsdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIVXSTW.dll -- (bb-run)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rimusb.dll -- (backupexecrpcservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\S7oppilx.dll -- (backupclientsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TSHWMDTCP.dll -- (b57w2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll -- (avsvcmonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\euq_monitor.dll -- (avsinc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2.dll -- (avg7rsw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdm_au8820.dll -- (avc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonstatusagent2.dll -- (Atmuni)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lmimaint.dll -- (atksgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igfx.dll -- (ATKGFNEXSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (ATIBTXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\STV672.dll -- (atchksrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vtserver.dll -- (aswtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmusb.dll -- (aslm75)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVRec.dll -- (arp1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NETGEAR_MA111.dll -- (armoucfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mgmt.dll -- (ARCSOFTVIRTUALCAPTURE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mgmt.dll -- (application)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (apache2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016bus.dll -- (Amsmpu4p)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nuvvid2.dll -- (ami0nt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgs_sdservice.dll -- (aexnsclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vwlogger.dll -- (adsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (admjoy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (ACDaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aeclienthostservice.dll -- (abnetmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mediaviewer.dll -- (3comtftp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HSFHWALI.dll -- (3combootp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv_agp.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})
SRV - [2012/11/16 18:08:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/04 14:52:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Josh\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/29 12:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/07/08 23:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2007/08/16 12:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)


========== Standard Registry (SafeList) ==========

 

[Gobbler]

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 03 89 63 59 53 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A690E7CF-96BA-4C0E-843A-981EC88EF834}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A690E7CF-96BA-4C0E-843A-981EC88EF834}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 20:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/17 19:54:05 | 000,000,000 | ---D | M]

[2012/02/05 07:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2012/11/16 22:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l200lb69.default\extensions
[2012/11/18 11:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/18 11:02:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/11/17 22:20:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F420228-8517-46CE-ABA2-E5374B8143C9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB818722-AC78-459A-A451-6CA7FD0BF4F8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3ACA713-E556-4469-BAF0-3EE34FF95898}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 11:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/18 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/18 10:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/18 10:48:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/17 22:20:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/17 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\temp
[2012/11/17 21:00:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 21:00:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 21:00:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 20:48:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 20:43:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/17 19:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/17 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/17 19:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/11/17 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/17 19:50:51 | 000,000,000 | ---D | C] -- C:\Mozilla Plugins
[2012/11/17 19:50:49 | 000,000,000 | ---D | C] -- C:\iTunesMiniPlayer.Resources
[2012/11/17 19:50:48 | 000,000,000 | ---D | C] -- C:\iTunesHelper.Resources
[2012/11/17 19:49:09 | 000,000,000 | ---D | C] -- C:\iTunes.Resources
[2012/11/17 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/17 19:49:05 | 000,000,000 | ---D | C] -- C:\CD Configuration
[2012/11/17 19:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/17 19:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/17 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/17 17:56:49 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\TDSSKiller.exe
[2012/11/16 22:53:51 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\RK_Quarantine
[2012/11/15 21:54:44 | 000,000,000 | ---D | C] -- C:\FRST

========== Files - Modified Within 30 Days ==========

[2012/11/19 18:36:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/19 18:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/18 21:36:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/18 11:14:19 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 11:14:19 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/18 11:12:03 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/18 11:12:03 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/18 11:05:41 | 000,410,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/18 11:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/18 11:04:26 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/18 03:07:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/17 22:20:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/17 20:02:22 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 19:54:01 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/17 19:51:09 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/17 18:02:13 | 000,000,512 | ---- | M] () -- C:\Users\Josh\Desktop\MBR.dat
[2012/11/15 21:30:45 | 000,001,091 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2012/11/18 03:03:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/18 03:03:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/17 21:00:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 21:00:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 21:00:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 21:00:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 21:00:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/17 20:02:22 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 19:54:01 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/17 19:51:09 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/17 18:02:13 | 000,000,512 | ---- | C] () -- C:\Users\Josh\Desktop\MBR.dat
[2012/11/15 21:30:45 | 000,001,091 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/10/24 20:28:05 | 000,186,844 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/06 18:35:01 | 029,360,128 | ---- | C] () -- C:\Users\Josh\ios_5_gm_seed__ipad_2__9a334.dmg
[2011/10/06 17:37:34 | 751,482,123 | ---- | C] () -- C:\Users\Josh\ios_5_gm_seed__ipad_2__9a334.7z
[2011/08/05 10:24:53 | 000,007,605 | ---- | C] () -- C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
[2011/08/04 16:04:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/04 16:03:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/16 16:13:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Catalina Marketing Corp
[2012/06/13 10:33:37 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\com.amazon.music.uploader
[2011/09/01 18:07:49 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Digiarty
[2011/10/28 04:20:54 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Leadertech
[2012/01/27 19:01:37 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Rainmeter
[2011/12/31 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\redsn0w
[2011/12/04 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\Seas0nPass
[2011/08/06 22:46:03 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\TeamViewer
[2012/04/16 18:30:05 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\uTorrent
[2011/08/08 17:03:45 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\ZumoCast

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Josh\Desktop\signature.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
  @Alternate Data Stream - 168 bytes -> C:\Users\Josh\Desktop\signature.jpeg:3or4kl4x13tuuug3Byamue2s4b
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

================================

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

==================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Gobbler]

OTL logfile created on: 11/22/2012 9:15:25 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Josh\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 60.62% Memory free
5.99 Gb Paging File | 4.69 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 104.14 Gb Free Space | 22.36% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 670.01 Gb Free Space | 35.96% Space Free | Partition Type: NTFS

Computer Name: JOSH-PC | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 18:56:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Josh\Downloads\OTL.exe
PRC - [2012/11/16 18:08:17 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/10/24 09:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/02 11:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 11:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/09 23:30:34 | 000,421,776 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe
PRC - [2012/08/29 14:00:12 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/08/20 09:37:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/08/09 23:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/13 15:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/16 18:08:16 | 009,814,968 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/10/24 09:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 14:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 14:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswrdr.dll -- (ZY202_XP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CAMCAUD.dll -- (ZSMC211)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WBHWDOCT.dll -- (zntport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ino_flpy.dll -- (zebrceb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se26nd5.dll -- (ZDPSp50)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qmofiltr.dll -- (ZDPNDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSMQTriggers.dll -- (zdeviceservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mgabg.dll -- (z525bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxhelp20.dll -- (XilinxPC4Driver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv.dll -- (wps)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amfilter.dll -- (wmccds)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlacdbhm.dll -- (wlidsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\schscnt.dll -- (WGX)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bridge.dll -- (wfxsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cltnetcnservice.dll -- (webrootcommagentservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (w800obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELmon.dll -- (vulfnths)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aiclient.dll -- (vrmonsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcSSIOMngr.dll -- (VrAcFil)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifsfilter.dll -- (vproeventmonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\websensewfreportserver.dll -- (vncdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvmd.dll -- (VirtualFD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fltmgr.dll -- (VirtualCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVerBDA.dll -- (vcomm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aswlsvc.dll -- (vaiomediaplatform-videoserver-appserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ACDaemon.dll -- (VAIOMediaPlatform-PhotoServer-HTTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pdlnsx25.dll -- (v124)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SABProcEnum.dll -- (V0070VID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\smservauth.dll -- (usb20l)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\winvnc.dll -- (us30sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DSDrv4.dll -- (upsentry_smart)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWADI.dll -- (ultra66)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WUSB54Gv4SVC.dll -- (UCTblHid)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\d-link_st3402.dll -- (U81xobex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DM9102.dll -- (tvichw32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\KMWDFilter.dll -- (tunmp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EMSCR.dll -- (TuneUp.ProgramStatisticsSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vclone.dll -- (TuneUp.Defrag)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\JL2005C.dll -- (transactional)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\service.dll -- (TPM)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mwsejcap.dll -- (tphdexlgsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CADlink.dll -- (tosrfusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\intelroam.dll -- (toshidpt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tfsnudfa.dll -- (tomcatcws3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\coste.dll -- (tme3srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kpfwsvc.dll -- (TMBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AMDPCI.dll -- (thpsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tifm21.dll -- (thotkey)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716nd5.dll -- (tfsnboio)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SRTSP.dll -- (tappsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wanarp.dll -- (Tablet2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sqlserveragent.dll -- (sysdown)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usnjsvc.dll -- (symc8xx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ptserlp.dll -- (symc810)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\addfiltr.dll -- (symantecantibotwatcher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdralw2k.dll -- (symantecantibotagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vet-rec.dll -- (sym_u3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\viamraid.dll -- (susbser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\thinkpadmodemservice.dll -- (stylexpservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\digictrl.dll -- (stunnel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VrAcFil.dll -- (streamloadservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovmsmaccessmanager.dll -- (ssrvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pelmouse.dll -- (sscdmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\amdagp.dll -- (speedfan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavfnsvr.dll -- (spcsutilityservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsbrokerservice.dll -- (snoopfree)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\profos.dll -- (SNC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nod32krn.dll -- (snapman)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELhid.dll -- (smwdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Epiusb.dll -- (smrt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpcbus.dll -- (Slntamr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125mdfl.dll -- (slapd-data52)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MxlW2k.dll -- (sit_mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avgntflt.dll -- (SimpTcp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MREMP50a64.dll -- (simbad)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cfgwzsvc.dll -- (Shockprf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmBEnum.dll -- (shdserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p17.dll -- (sentinel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELhid.dll -- (se44obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\n3900.dll -- (se2End5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\guardian2.dll -- (SE2Emgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SPCtl.dll -- (SE2Cmgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mqdmbus.dll -- (se2Bunic)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dlbx_device.dll -- (SE27mdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lockmgr.dll -- (SE26obex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\EpmShd.dll -- (sddmi2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vclone.dll -- (SaiMini)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\FETNDISB.dll -- (s616mgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slee_503_service.dll -- (rxfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bb-run.dll -- (RTL8169)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\suservice.dll -- (rtl8023)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VC4CB104.dll -- (RTHDMIAzAudService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DXEC02.dll -- (rt2500)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvport.dll -- (roxupnprenderer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ql1080.dll -- (rimvserport)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avidsdmservice.dll -- (retroexplauncher)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\procexp90.dll -- (R300)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\qcmerced.dll -- (QPCapSvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\v124.dll -- (ql1080)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pvservice.dll -- (pxhelp20)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USB_RNDIS_XP.dll -- (Ptserlp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\p1110vid.dll -- (PTproct)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emproxy.dll -- (prosync1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Intels51.dll -- (prism_a02)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmp54gsvc.dll -- (pmsveh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\toshidpt.dll -- (penrendezvous)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\spcstb.dll -- (PdiPorts)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trackcam4.dll -- (Pctspk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsssvc.dll -- (parallel)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nhcDriverDevice.dll -- (p3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\XDva004.dll -- (p2pgasvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wpsscannersvc.dll -- (ovt519)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ovt519.dll -- (OracleOraHome92ClientCache)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s116mgmt.dll -- (ooclevercacheagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dsbrokerservice.dll -- (odserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lockmgr.dll -- (O2SCBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\npkcrypt.dll -- (NxFsMon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SrvcEPECioctl.dll -- (NWSIPX32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se59unic.dll -- (nwlnkspx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s3savagemx.dll -- (nwlnkipx)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xusb21.dll -- (nvedavt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kl1.dll -- (ntsecure)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sony_ssm.sys.dll -- (ntiopnp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atiavaiw.dll -- (Nsynas32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhmdfl.dll -- (NITaggerService)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (nimcrpcsu)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dashsvc.dll -- (nidomainservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\noipducservice.dll -- (ngserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asp.net_1.1.4322.dll -- (netdetect)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZDCNDIS5.dll -- (ndassvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (Ncrc710)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symantecantibotshim.dll -- (n558)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC301b.dll -- (mxserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\F700imd.dll -- (mvserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ELacpi.dll -- (MSFWHLPR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\armoucfltr.dll -- (MSFWDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\siside.dll -- (mrobeservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nvax.dll -- (MRENDIS5)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ppa3.dll -- (MREMP50a64)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NVR0Dev.dll -- (mqdmmdm)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\QV2KUX.dll -- (mpfirewl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symlcbrd.dll -- (motoswitchservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\trufos.dll -- (modemcsa)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prosync1.dll -- (minilog)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\iwebmsg.dll -- (mfeavfk)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\httpfilter.dll -- (merakpop3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\dladresm.dll -- (meiudf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atimtag.dll -- (mdvrmng)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\atitool.dll -- (mcods)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wlluc48.dll -- (mcdbus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracle_load_balancer_60_client-forms6ip14.dll -- (maxbackserviceint)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hidgame.dll -- (mail2ec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cdr4_xp.dll -- (M3AD)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sis315.dll -- (lxbu_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\earthlinksafeconnectagent.dll -- (lwwlicenseservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ktp.dll -- (lvhidsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sit_mdm.dll -- (lvcomser)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bdftdif.dll -- (ltxred)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raidmagt.dll -- (LPDSVC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pae_avs.dll -- (lp6nds35)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOPSWD.dll -- (LMouKE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NWUSBPort.dll -- (LKbdFlt2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sentinel.dll -- (lirsgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avidsdmservice.dll -- (LHidKe)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rsvchost.dll -- (lhidflt2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxrjd31s.dll -- (ldlcserv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\scanwscs.dll -- (L1e)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\admservice.dll -- (kwatchsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bwmservice.dll -- (kpf4)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\avfilter.dll -- (KLOGNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\licensemanagersocket.dll -- (k750bus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WmHidLo.dll -- (jsdaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vpctcom.dll -- (JRAID)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\VIAPFD.dll -- (JiaoCap)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ibmasrex.dll -- (iolodmv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\USIUDF.dll -- (iolo_srv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hkmsvc.dll -- (Invoker)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SymIM.dll -- (ino_flpy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lirsgt.dll -- (imonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RVIEG01.dll -- (ikhlayer)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\akshasp.dll -- (ikfilesec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZSMC301b.dll -- (ifxspmgtsrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vulfntrs.dll -- (ifp800)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MA-620.dll -- (icraplus)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ProcObsrv.dll -- (iAimFP7)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gv3.dll -- (iaantmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\redbook.dll -- (i2omgmt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\volsnap.dll -- (HWIONT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HFACSVC.dll -- (HSX_DP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\k750mdfl.dll -- (hsvcmod)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\https-admserv61.dll -- (HssSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\cwafreportscheduler.dll -- (hSONYPVh)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rslinxng.dll -- (hsfhwazl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mcredirector.dll -- (hpwirelessmgr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\msmpsvc.dll -- (hpqddsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bt3cser.dll -- (hf30service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s616mdfl.dll -- (hcmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lxce_device.dll -- (hap17v2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lanmanserver.dll -- (HabuFltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snpstd2.dll -- (GVCplDrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\hamachi.dll -- (gs30s)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ultra66.dll -- (FVXSCSI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ARPolicy.dll -- (ftrtsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RadProbe.dll -- (FTDIBUS)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se2Cnd5.dll -- (flashpnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\GTSCSER.dll -- (FireTDI)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s125bus.dll -- (fasttrackinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\oracleservicelocalora.dll -- (F700imd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfng32.dll -- (epfwtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\disk.dll -- (ELacpi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\comhost.dll -- (eeyeevnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavfnsvr.dll -- (dwusbdnt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ifxspmgtsrv.dll -- (dvd-ram_service)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\snare.dll -- (dsncservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mraid35x.dll -- (DSI_SiUSBXp_3_1)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\gusvc.dll -- (driverhardwarev2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\kl1.dll -- (dpc_srv_webcast)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vulfnths.dll -- (dot4ufd)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\naimagent32.dll -- (DNE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\symc8xx.dll -- (dmload)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ageremodemaudio.dll -- (d-link_st3402)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aslm75.dll -- (dlbx_device)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SMCB000.dll -- (dklogger)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\itmrtsvc.dll -- (DivisCTP)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pavdrv.dll -- (digictrl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\omniusbl.dll -- (Dfs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\fsks.dll -- (DeviceScanner)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ZY202_XP.dll -- (DcCam)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\papyjoy.dll -- (dbmang)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\btkrnl.dll -- (dbmanagerscheduler)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\RecAgent.dll -- (db2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CTDevice_Srv.dll -- (CVPNDRVA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk23.dll -- (curtainssyssvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonbidirectionalservice.dll -- (ctusfsyn)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\V0070VID.dll -- (CTMMOUNT)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\DN2AKNET.dll -- (CTHWIUT.DLL)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rupsmon.dll -- (crystaloutputfileserver)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asapiw2k.dll -- (cq_mem)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wmdmpmsn.dll -- (cpsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Xyz777s.dll -- (cpqvcagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\revudfservice.dll -- (cpqdmi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xpadminserver.dll -- (contentindex)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\i2omgmt.dll -- (contentfilter)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NICM.dll -- (CoachVc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\raspti.dll -- (CnxTrUsb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mysql.dll -- (client32)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nscirda.dll -- (cfsvcs)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\asapiw2k.dll -- (centennialiptransferagent)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\CnxTrLan.dll -- (CE3)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MXOPSWD.dll -- (CDRPDACC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pxfhserd.dll -- (CdaC15BA)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\PSSdk21.dll -- (CcmExec)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\usbvideo.dll -- (cbidf)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nuvvid2.dll -- (caccprovsp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\sfhlp01.dll -- (bthpan)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\xpadminserver.dll -- (btcsrusb)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\anio.dll -- (bocdrive)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AKSIFDH.dll -- (bmuservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nhcDriverDevice.dll -- (bgsvcgen)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mnmsrvc.dll -- (bgmainsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\Ld51ocnucsnp.dll -- (bdrsdrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ATIVXSTW.dll -- (bb-run)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\rimusb.dll -- (backupexecrpcservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\S7oppilx.dll -- (backupclientsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\TSHWMDTCP.dll -- (b57w2k)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vaiomediaplatform-photoserver-appserver.dll -- (avsvcmonitor)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\euq_monitor.dll -- (avsinc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\db2.dll -- (avg7rsw)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\wdm_au8820.dll -- (avc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\epsonstatusagent2.dll -- (Atmuni)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\lmimaint.dll -- (atksgt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\igfx.dll -- (ATKGFNEXSrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w3svc.dll -- (ATIBTXBAR)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\STV672.dll -- (atchksrv)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vtserver.dll -- (aswtdi)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vmusb.dll -- (aslm75)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\AVRec.dll -- (arp1394)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\NETGEAR_MA111.dll -- (armoucfltr)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mgmt.dll -- (ARCSOFTVIRTUALCAPTURE)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\w810mgmt.dll -- (application)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\prfldsvc.dll -- (apache2)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\a016bus.dll -- (Amsmpu4p)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nuvvid2.dll -- (ami0nt)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\bgs_sdservice.dll -- (aexnsclient)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\vwlogger.dll -- (adsservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (admjoy)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\emAudio.dll -- (ACDaemon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\aeclienthostservice.dll -- (abnetmon)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\mediaviewer.dll -- (3comtftp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\HSFHWALI.dll -- (3combootp)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\nv_agp.dll -- ({6080a529-897e-4629-a488-aba0c29b635e})
SRV - [2012/11/16 18:08:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/24 09:50:38 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/04 14:52:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Josh\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/29 12:40:52 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/07/08 23:47:00 | 001,172,992 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/06/05 18:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2007/08/16 12:49:48 | 000,552,448 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

 

[Gobbler]

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 03 89 63 59 53 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {A690E7CF-96BA-4C0E-843A-981EC88EF834}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{A690E7CF-96BA-4C0E-843A-981EC88EF834}: "URL" = http://www.google.com/search?q={sea...tartIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}: C:\Program Files\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/17 20:02:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/17 19:54:05 | 000,000,000 | ---D | M]

[2012/02/05 07:02:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Extensions
[2012/11/16 22:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l200lb69.default\extensions
[2012/11/18 11:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/18 11:02:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/10/24 09:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 09:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 09:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/11/17 22:20:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F420228-8517-46CE-ABA2-E5374B8143C9}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB818722-AC78-459A-A451-6CA7FD0BF4F8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3ACA713-E556-4469-BAF0-3EE34FF95898}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\23.0.1271.64\npchrome_frame.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/21 17:09:18 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2012/11/18 11:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012/11/18 11:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/18 11:02:05 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/11/18 11:02:04 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/11/18 11:02:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/11/18 11:02:04 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/11/18 10:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/18 10:48:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/18 04:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012/11/18 04:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/11/18 04:38:55 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/11/18 04:38:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/18 04:38:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/18 04:38:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/11/18 04:38:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/11/18 04:38:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/18 04:38:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/11/18 04:38:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/11/18 04:38:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/18 04:38:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/11/18 04:38:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/18 04:38:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/11/18 04:38:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/18 04:38:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/11/18 04:38:36 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2012/11/18 04:38:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2012/11/18 04:37:54 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/11/18 04:37:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/11/18 04:36:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2012/11/18 04:35:50 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/11/18 04:35:50 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/11/18 04:35:50 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2012/11/18 04:35:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2012/11/18 04:35:49 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2012/11/18 04:35:36 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/11/18 04:35:33 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012/11/18 04:35:28 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/11/18 04:35:27 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/11/18 04:35:24 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/11/18 04:35:20 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012/11/18 04:35:17 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/11/18 03:03:49 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/11/18 03:03:49 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/11/18 03:03:21 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/11/18 03:03:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/11/18 03:03:20 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/11/18 03:02:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/11/18 03:02:16 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/11/18 03:02:15 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/11/18 03:02:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/11/18 03:02:15 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/11/18 03:02:14 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/11/18 03:02:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/11/18 03:02:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/11/17 22:20:39 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/17 21:24:50 | 000,000,000 | ---D | C] -- C:\Users\Josh\AppData\Local\temp
[2012/11/17 21:00:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/17 21:00:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/17 21:00:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/17 20:48:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 20:43:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/17 19:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/17 19:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/17 19:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2012/11/17 19:51:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/17 19:50:51 | 000,000,000 | ---D | C] -- C:\Mozilla Plugins
[2012/11/17 19:50:49 | 000,000,000 | ---D | C] -- C:\iTunesMiniPlayer.Resources
[2012/11/17 19:50:48 | 000,000,000 | ---D | C] -- C:\iTunesHelper.Resources
[2012/11/17 19:49:09 | 000,000,000 | ---D | C] -- C:\iTunes.Resources
[2012/11/17 19:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/17 19:49:05 | 000,000,000 | ---D | C] -- C:\CD Configuration
[2012/11/17 19:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/17 19:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/11/17 19:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/11/17 17:56:49 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\TDSSKiller.exe
[2012/11/16 22:53:51 | 000,000,000 | ---D | C] -- C:\Users\Josh\Desktop\RK_Quarantine
[2012/11/15 21:54:44 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files - Modified Within 30 Days ==========

[2012/11/22 09:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/22 08:36:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/21 21:36:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/21 17:13:44 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 17:13:44 | 000,013,936 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/21 17:02:29 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/21 17:02:29 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/21 16:56:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/21 16:56:09 | 2414,284,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/18 11:05:41 | 000,410,872 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/18 11:01:55 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/11/18 11:01:55 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/11/18 11:01:55 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/11/18 11:01:54 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/11/18 11:01:54 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/11/18 03:07:32 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/17 22:20:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/17 20:02:22 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 19:54:01 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/17 19:51:09 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/17 18:02:13 | 000,000,512 | ---- | M] () -- C:\Users\Josh\Desktop\MBR.dat
[2012/11/16 18:08:16 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/16 18:08:16 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/11/15 21:30:45 | 000,001,091 | ---- | M] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Josh\Desktop\TDSSKiller.exe
[2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2012/11/18 03:03:50 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/18 03:03:20 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/17 21:00:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/17 21:00:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/17 21:00:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/17 21:00:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/17 21:00:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/17 20:02:22 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/17 19:54:01 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/17 19:51:09 | 000,001,393 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/17 18:02:13 | 000,000,512 | ---- | C] () -- C:\Users\Josh\Desktop\MBR.dat
[2012/11/15 21:30:45 | 000,001,091 | ---- | C] () -- C:\Users\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/10/24 20:28:05 | 000,186,844 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/10/06 18:35:01 | 029,360,128 | ---- | C] () -- C:\Users\Josh\ios_5_gm_seed__ipad_2__9a334.dmg
[2011/10/06 17:37:34 | 751,482,123 | ---- | C] () -- C:\Users\Josh\ios_5_gm_seed__ipad_2__9a334.7z
[2011/08/05 10:24:53 | 000,007,605 | ---- | C] () -- C:\Users\Josh\AppData\Local\Resmon.ResmonCfg
[2011/08/04 16:04:44 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/08/04 16:03:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== ZeroAccess Check ==========

[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :OTL >

< O2 - BHO: (TBSB07898 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll File not found >

< @Alternate Data Stream - 168 bytes -> C:\Users\Josh\Desktop\signature.jpeg:3or4kl4x13tuuug3Byamue2s4b >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [emptyjava] >

< [emptyflash] >

< [Reboot] >

========== Alternate Data Streams ==========

 

[Gobbler]

Sorry it's taken so long to get back to the post very busy with work, Happy Gobble Gobble.

 

[Broni]

OTL log is incorrect.
You clicked on "Scan" button instead of "Fix" button.
Redo.

 

[Gobbler]

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully.
ADS C:\Users\Josh\Desktop\signature.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Josh
->Temp folder emptied: 1430398 bytes
->Temporary Internet Files folder emptied: 159717251 bytes
->Java cache emptied: 25905 bytes
->FireFox cache emptied: 335714009 bytes
->Google Chrome cache emptied: 6288918 bytes
->Flash cache emptied: 95478 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26933744 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 506.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Josh
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Josh
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11222012_094000

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[Gobbler]

AdwCleaner v2.008 - Logfile created 11/22/2012 at 09:48:47
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Josh - JOSH-PC
# Boot Mode : Normal
# Running from : C:\Users\Josh\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Josh\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\l200lb69.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Josh\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5363 octets] - [22/11/2012 09:37:49]
AdwCleaner[R2].txt - [5212 octets] - [22/11/2012 09:45:11]
AdwCleaner[S1].txt - [5253 octets] - [22/11/2012 09:48:47]

########## EOF - C:\AdwCleaner[S1].txt - [5313 octets] ##########