Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser Redirects - Google


  • Please log in to reply

#1
ABEC329

ABEC329

    Member

  • Member
  • PipPip
  • 22 posts
Hi,
Having redirecting issues, selecting Google search redircts to site address - //789.huo99.com/ada2192_1.html --'Youdao'
Other websites show problem loading page - 'The connection was reset'
Google advertising on other websites is also effected.
Ran Malwarebytes - nothing detected.
We are part of a local rural community private FO network, everyone on this network has the same issue.
Would appreciate any help to fix this issue
Thanks ABEC

OTL log file-

OTL logfile created on: 2/04/2012 9:48:20 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SIMS\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.87 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.52% Memory free
7.73 Gb Paging File | 5.93 Gb Available in Paging File | 76.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.70 Gb Total Space | 384.16 Gb Free Space | 84.49% Space Free | Partition Type: NTFS
Drive D: | 10.96 Gb Total Space | 1.58 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 297.44 Gb Total Space | 139.95 Gb Free Space | 47.05% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 2.96 Gb Free Space | 79.34% Space Free | Partition Type: FAT32
Drive J: | 994.70 Mb Total Space | 383.98 Mb Free Space | 38.60% Space Free | Partition Type: FAT

Computer Name: SIMS-HP-PC | User Name: SIMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 09:42:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SIMS\Downloads\OTL.exe
PRC - [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 16:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/04 01:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/02 00:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/10/28 01:52:48 | 012,487,856 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/25 14:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 06:43:46 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/22 17:40:16 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/01/04 01:10:44 | 000,249,232 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2010/10/28 01:51:31 | 000,021,680 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2010/10/28 01:51:24 | 000,161,968 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2010/10/28 01:50:50 | 000,848,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\js3250.dll
MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/09 11:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/30 06:43:46 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 00:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/13 05:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 18:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 18:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/03 00:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 13:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/18 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/09 12:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/21 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 12:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 09:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 13:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE:64bit: - HKLM\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE - HKLM\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE - HKLM\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/15
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE - HKCU\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE - HKCU\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Stardoll Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.stuff.co.nz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\SIMS\AppData\Local\Roblox\Versions\version-fa4cea1530284e83\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 09:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 07:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 17:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/01 06:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/04 15:04:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/12/23 07:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 09:59:45 | 000,000,000 | ---D | M]

[2010/12/04 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Extensions
[2010/12/04 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/11 10:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions
[2011/12/11 10:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions\trash
[2011/10/17 09:05:09 | 000,003,739 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\avg-secure-search.xml
[2011/11/28 15:12:04 | 000,000,919 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\conduit.xml
[2012/01/08 12:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SIMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICNKL41.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
[2012/03/22 17:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 07:33:19 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 07:33:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/02 07:33:19 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/02 07:33:19 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/02 07:33:19 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\SIMS\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2009/06/11 09:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.239.10 192.168.1.3 192.168.239.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABBC696-EB1C-4834-886E-164895EC2725}: DhcpNameServer = 4.2.2.3 4.2.2.2 192.168.1.3 4.2.2.3 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93F847BD-BDF9-457D-BACB-8A3F39B027C0}: DhcpNameServer = 192.168.239.10 192.168.1.3 192.168.239.10
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 09:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{142cca30-088f-11e0-b7e1-4061a16155d7}\Shell - "" = AutoRun
O33 - MountPoints2\{142cca30-088f-11e0-b7e1-4061a16155d7}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/30 06:43:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/29 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\Malwarebytes
[2012/03/29 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/29 18:24:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/29 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/29 18:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/29 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/22 20:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/22 20:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/08 12:20:55 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\IcoFX2X
[2012/03/08 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IcoFX2X
[2012/03/08 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IcoFX 2
[2012/03/08 12:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IcoFX 2

========== Files - Modified Within 30 Days ==========

[2012/04/02 09:24:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 09:10:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 09:10:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 08:40:07 | 093,288,619 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/02 08:30:07 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/02 08:30:07 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/02 08:30:07 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/02 08:00:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 08:00:28 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 07:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/02 07:53:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/02 07:52:57 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/31 11:52:43 | 000,410,371 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/31 09:04:15 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/03/29 18:24:30 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malware.lnk
[2012/03/22 20:21:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/21 06:58:26 | 000,001,403 | ---- | M] () -- C:\Users\SIMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 21:53:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/20 21:53:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/15 07:47:44 | 000,431,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/08 12:29:01 | 000,002,190 | ---- | M] () -- C:\Users\SIMS\Desktop\Suffolk INFO.lnk

========== Files Created - No Company Name ==========

[2012/03/30 06:43:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 18:24:30 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malware.lnk
[2012/03/20 21:53:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/20 21:53:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/19 09:31:31 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011/06/23 18:36:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/23 18:21:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/04 09:53:41 | 000,202,451 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/12/04 09:53:41 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

========== LOP Check ==========

[2011/10/17 09:04:27 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\AVG2012
[2012/03/02 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\FileZilla
[2010/12/21 07:03:19 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Gamelab
[2012/03/08 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\IcoFX2X
[2010/12/04 07:53:11 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\PlayFirst
[2010/12/04 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Thunderbird
[2011/10/02 17:34:36 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Unity
[2010/12/18 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Western Digital
[2010/12/05 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\WildTangentv1001
[2012/03/31 09:04:15 | 000,000,544 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job
[2011/12/12 07:34:54 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I doubt we will find any malware. If everyone on the network has the same problem it's usually the router but it won't hurt to try a few scans to make sure in case it's a worm that has spread throughout the network.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


You are currently using 4.2.2.2 as a DNS. I would think it would be very slow from New Zealand. You might try using one of the tools on:
http://www.techsuppo...-dns-server.htm
to find a better one.

Let's run a few tests to see what the network is doing:
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

nslookup  google.com  >  \junk.txt
[/code]

netstat -rn  >>  >  \junk.txt

(That's -R N )

netstat  -s  >> \junk.txt

tracert  -d  google.com  >>  \junk.txt

tracert  -d  f1.com  >>  \junk.txt

(That's F ONE . COM)

ping  -n 25  google.com  >>  \junk.txt

notepad  \junk.txt

I use 2 spaces int he code boxes so you can see where one space goes. Copy and paste the text from notepad into a reply.









Ron
  • 0

#3
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Thanks for your time and advice, here are the log files requested x7. How do you make sense of all this, must take a bit of practice?!

The critical system file check answered with - no integrity violations

Greatly appreciated
Cheers ABEC

Log files-

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 18:15:39
-----------------------------
18:15:39.446 OS Version: Windows x64 6.1.7600
18:15:39.446 Number of processors: 4 586 0x2502
18:15:39.446 ComputerName: SIMS-HP-PC UserName: SIMS
18:15:44.859 Initialize success
18:20:50.278 AVAST engine defs: 12040101
18:21:01.089 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:21:01.089 Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 8
18:21:01.104 Disk 0 MBR read successfully
18:21:01.104 Disk 0 MBR scan
18:21:01.120 Disk 0 unknown MBR code
18:21:01.120 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
18:21:01.135 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465614 MB offset 206848
18:21:01.182 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11224 MB offset 953784320
18:21:01.213 Disk 0 scanning C:\Windows\system32\drivers
18:21:09.559 Service scanning
18:21:24.567 Modules scanning
18:21:26.392 AVAST engine scan C:\Windows
18:21:28.435 AVAST engine scan C:\Windows\system32
18:24:02.143 AVAST engine scan C:\Windows\system32\drivers
18:24:12.891 AVAST engine scan C:\Users\SIMS
18:37:04.999 AVAST engine scan C:\ProgramData
18:38:38.365 Scan finished successfully
18:41:05.660 Disk 0 MBR has been saved successfully to "C:\Users\SIMS\Desktop\MBR.dat"
18:41:05.676 The log file has been saved successfully to "C:\Users\SIMS\Desktop\aswMBR.txt"


ComboFix 12-04-01.01 - SIMS 02/04/2012 19:13:08.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.64.1033.18.3959.2196 [GMT 12:00]
Running from: c:\users\SIMS\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SIMS\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6DCC6C49-D53E-48CF-93DF-51A9FA7D2087}.xps
c:\windows\system\Tutil32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))
.
.
2012-04-02 07:17 . 2012-04-02 07:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-29 18:43 . 2012-03-29 18:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-29 18:43 . 2012-03-29 18:43 -------- d-----w- c:\windows\system32\Macromed
2012-03-29 06:24 . 2012-03-29 06:24 -------- d-----w- c:\users\SIMS\AppData\Roaming\Malwarebytes
2012-03-29 06:24 . 2012-03-31 22:56 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-29 06:24 . 2012-03-29 06:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 06:24 . 2012-03-29 06:24 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 06:24 . 2011-12-10 02:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 08:21 . 2012-03-22 08:21 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-22 05:40 . 2012-03-22 05:40 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-22 05:40 . 2012-03-22 05:40 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 09:29 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 09:29 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 09:29 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 00:10 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 00:10 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 00:10 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 00:10 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 00:10 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 00:10 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 00:10 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 00:10 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-14 00:10 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-14 00:10 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-03-14 00:10 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-14 00:08 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 00:08 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 00:08 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 00:08 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 00:08 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 00:08 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 00:08 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-08 00:20 . 2012-03-08 00:52 -------- d-----w- c:\users\SIMS\AppData\Roaming\IcoFX2X
2012-03-08 00:20 . 2012-03-08 00:20 -------- d-----w- c:\program files (x86)\IcoFX 2
2012-03-08 00:20 . 2012-03-08 00:20 -------- d-----w- c:\programdata\IcoFX2X
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 18:43 . 2011-05-28 20:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 09:58 . 2012-02-16 07:15 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 09:03 . 2012-02-16 07:15 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-19 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\hp\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-28 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 136176]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-11 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:43]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 00:17]
.
2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-27 00:17]
.
2012-03-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.239.10 192.168.1.3 192.168.239.10
FF - ProfilePath - c:\users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.stuff.co.nz/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BAM Screensaver - c:\windows\system32\BAM Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
.
**************************************************************************
.
Completion time: 2012-04-02 19:23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-02 07:23
.
Pre-Run: 413,952,892,928 bytes free
Post-Run: 415,323,725,824 bytes free
.
- - End Of File - - EA1DDFEA8B370024E9670CB84F5B1C6F


19:29:36.0016 2148 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
19:29:37.0014 2148 ============================================================
19:29:37.0014 2148 Current date / time: 2012/04/02 19:29:37.0014
19:29:37.0014 2148 SystemInfo:
19:29:37.0014 2148
19:29:37.0014 2148 OS Version: 6.1.7600 ServicePack: 0.0
19:29:37.0014 2148 Product type: Workstation
19:29:37.0014 2148 ComputerName: SIMS-HP-PC
19:29:37.0014 2148 UserName: SIMS
19:29:37.0014 2148 Windows directory: C:\Windows
19:29:37.0014 2148 System windows directory: C:\Windows
19:29:37.0014 2148 Running under WOW64
19:29:37.0014 2148 Processor architecture: Intel x64
19:29:37.0014 2148 Number of processors: 4
19:29:37.0014 2148 Page size: 0x1000
19:29:37.0014 2148 Boot type: Normal boot
19:29:37.0014 2148 ============================================================
19:29:37.0357 2148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:29:37.0357 2148 Drive \Device\Harddisk1\DR1 - Size: 0x4A5BF00000 (297.44 Gb), SectorSize: 0x200, Cylinders: 0x97AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:29:37.0716 2148 Drive \Device\Harddisk2\DR2 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:29:37.0716 2148 Drive \Device\Harddisk3\DR3 - Size: 0x3E300000 (0.97 Gb), SectorSize: 0x200, Cylinders: 0x7E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:29:37.0732 2148 \Device\Harddisk0\DR0:
19:29:37.0732 2148 MBR used
19:29:37.0732 2148 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:29:37.0732 2148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D67000
19:29:37.0732 2148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38D99800, BlocksNum 0x15EC000
19:29:37.0732 2148 \Device\Harddisk1\DR1:
19:29:37.0732 2148 MBR used
19:29:37.0732 2148 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x252DF000
19:29:37.0732 2148 \Device\Harddisk2\DR2:
19:29:37.0732 2148 MBR used
19:29:37.0732 2148 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
19:29:37.0732 2148 \Device\Harddisk3\DR3:
19:29:37.0732 2148 MBR used
19:29:37.0732 2148 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x1F17DF
19:29:37.0856 2148 Initialize success
19:29:37.0856 2148 ============================================================
19:31:07.0900 2404 ============================================================
19:31:07.0900 2404 Scan started
19:31:07.0900 2404 Mode: Manual; SigCheck; TDLFS;
19:31:07.0900 2404 ============================================================
19:31:08.0290 2404 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:31:08.0399 2404 1394ohci - ok
19:31:08.0430 2404 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:31:08.0446 2404 ACPI - ok
19:31:08.0461 2404 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:31:08.0524 2404 AcpiPmi - ok
19:31:08.0602 2404 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:31:08.0617 2404 AdobeARMservice - ok
19:31:08.0727 2404 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:31:08.0742 2404 AdobeFlashPlayerUpdateSvc - ok
19:31:08.0789 2404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:31:08.0820 2404 adp94xx - ok
19:31:08.0851 2404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:31:08.0867 2404 adpahci - ok
19:31:08.0914 2404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:31:08.0929 2404 adpu320 - ok
19:31:08.0992 2404 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:31:09.0070 2404 AeLookupSvc - ok
19:31:09.0117 2404 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:31:09.0148 2404 AFD - ok
19:31:09.0179 2404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:31:09.0195 2404 agp440 - ok
19:31:09.0210 2404 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:31:09.0226 2404 ALG - ok
19:31:09.0241 2404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:31:09.0257 2404 aliide - ok
19:31:09.0288 2404 AMD External Events Utility (16d2883ea6296333435df0c8b7d164b8) C:\Windows\system32\atiesrxx.exe
19:31:09.0351 2404 AMD External Events Utility - ok
19:31:09.0397 2404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:31:09.0413 2404 amdide - ok
19:31:09.0429 2404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:31:09.0460 2404 AmdK8 - ok
19:31:09.0491 2404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:31:09.0522 2404 AmdPPM - ok
19:31:09.0553 2404 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:31:09.0569 2404 amdsata - ok
19:31:09.0585 2404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:31:09.0600 2404 amdsbs - ok
19:31:09.0616 2404 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:31:09.0631 2404 amdxata - ok
19:31:09.0663 2404 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:31:09.0741 2404 AppID - ok
19:31:09.0756 2404 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:31:09.0819 2404 AppIDSvc - ok
19:31:09.0850 2404 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
19:31:09.0865 2404 Appinfo - ok
19:31:09.0912 2404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:31:09.0928 2404 arc - ok
19:31:09.0943 2404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:31:09.0943 2404 arcsas - ok
19:31:09.0975 2404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:31:10.0021 2404 AsyncMac - ok
19:31:10.0037 2404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:31:10.0053 2404 atapi - ok
19:31:10.0099 2404 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
19:31:10.0115 2404 AtiHdmiService - ok
19:31:10.0240 2404 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys
19:31:10.0380 2404 atikmdag - ok
19:31:10.0427 2404 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:31:10.0489 2404 AudioEndpointBuilder - ok
19:31:10.0489 2404 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
19:31:10.0536 2404 AudioSrv - ok
19:31:10.0708 2404 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
19:31:10.0786 2404 AVGIDSAgent - ok
19:31:10.0848 2404 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
19:31:10.0864 2404 AVGIDSDriver - ok
19:31:10.0895 2404 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
19:31:10.0911 2404 AVGIDSEH - ok
19:31:10.0926 2404 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
19:31:10.0942 2404 AVGIDSFilter - ok
19:31:10.0957 2404 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
19:31:10.0973 2404 Avgldx64 - ok
19:31:11.0004 2404 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
19:31:11.0020 2404 Avgmfx64 - ok
19:31:11.0067 2404 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
19:31:11.0067 2404 Avgrkx64 - ok
19:31:11.0113 2404 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
19:31:11.0129 2404 Avgtdia - ok
19:31:11.0223 2404 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
19:31:11.0254 2404 avgwd - ok
19:31:11.0316 2404 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
19:31:11.0379 2404 AxInstSV - ok
19:31:11.0410 2404 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:31:11.0441 2404 b06bdrv - ok
19:31:11.0472 2404 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:31:11.0503 2404 b57nd60a - ok
19:31:11.0581 2404 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:31:11.0613 2404 BBSvc - ok
19:31:11.0644 2404 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:31:11.0659 2404 BBUpdate - ok
19:31:11.0737 2404 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:31:11.0784 2404 BDESVC - ok
19:31:11.0831 2404 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:31:11.0893 2404 Beep - ok
19:31:11.0940 2404 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
19:31:12.0003 2404 BFE - ok
19:31:12.0034 2404 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
19:31:12.0065 2404 BITS - ok
19:31:12.0096 2404 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:31:12.0112 2404 blbdrive - ok
19:31:12.0159 2404 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:31:12.0190 2404 bowser - ok
19:31:12.0205 2404 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:31:12.0221 2404 BrFiltLo - ok
19:31:12.0237 2404 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:31:12.0252 2404 BrFiltUp - ok
19:31:12.0283 2404 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:31:12.0346 2404 BridgeMP - ok
19:31:12.0361 2404 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
19:31:12.0393 2404 Browser - ok
19:31:12.0408 2404 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:31:12.0455 2404 Brserid - ok
19:31:12.0471 2404 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:31:12.0486 2404 BrSerWdm - ok
19:31:12.0517 2404 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:31:12.0549 2404 BrUsbMdm - ok
19:31:12.0580 2404 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:31:12.0611 2404 BrUsbSer - ok
19:31:12.0642 2404 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:31:12.0689 2404 BTHMODEM - ok
19:31:12.0736 2404 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:31:12.0798 2404 bthserv - ok
19:31:12.0907 2404 catchme - ok
19:31:12.0970 2404 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:31:13.0048 2404 cdfs - ok
19:31:13.0079 2404 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:31:13.0095 2404 cdrom - ok
19:31:13.0141 2404 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:31:13.0204 2404 CertPropSvc - ok
19:31:13.0235 2404 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:31:13.0266 2404 circlass - ok
19:31:13.0282 2404 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:31:13.0297 2404 CLFS - ok
19:31:13.0344 2404 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:31:13.0360 2404 clr_optimization_v2.0.50727_32 - ok
19:31:13.0375 2404 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:31:13.0391 2404 clr_optimization_v2.0.50727_64 - ok
19:31:13.0453 2404 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:31:13.0469 2404 clr_optimization_v4.0.30319_32 - ok
19:31:13.0485 2404 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:31:13.0500 2404 clr_optimization_v4.0.30319_64 - ok
19:31:13.0547 2404 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:31:13.0578 2404 CmBatt - ok
19:31:13.0609 2404 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:31:13.0625 2404 cmdide - ok
19:31:13.0656 2404 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:31:13.0687 2404 CNG - ok
19:31:13.0703 2404 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:31:13.0703 2404 Compbatt - ok
19:31:13.0750 2404 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:31:13.0781 2404 CompositeBus - ok
19:31:13.0797 2404 COMSysApp - ok
19:31:13.0812 2404 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:31:13.0828 2404 crcdisk - ok
19:31:13.0875 2404 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
19:31:13.0921 2404 CryptSvc - ok
19:31:13.0953 2404 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
19:31:13.0984 2404 DcomLaunch - ok
19:31:14.0015 2404 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:31:14.0077 2404 defragsvc - ok
19:31:14.0124 2404 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:31:14.0171 2404 DfsC - ok
19:31:14.0202 2404 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
19:31:14.0265 2404 Dhcp - ok
19:31:14.0296 2404 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:31:14.0343 2404 discache - ok
19:31:14.0374 2404 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:31:14.0389 2404 Disk - ok
19:31:14.0421 2404 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
19:31:14.0467 2404 Dnscache - ok
19:31:14.0499 2404 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
19:31:14.0545 2404 dot3svc - ok
19:31:14.0577 2404 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
19:31:14.0608 2404 DPS - ok
19:31:14.0655 2404 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:31:14.0670 2404 drmkaud - ok
19:31:14.0717 2404 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:31:14.0733 2404 DXGKrnl - ok
19:31:14.0748 2404 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:31:14.0795 2404 EapHost - ok
19:31:14.0857 2404 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:31:14.0904 2404 ebdrv - ok
19:31:14.0982 2404 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
19:31:14.0998 2404 EFS - ok
19:31:15.0045 2404 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
19:31:15.0091 2404 ehRecvr - ok
19:31:15.0107 2404 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:31:15.0138 2404 ehSched - ok
19:31:15.0185 2404 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:31:15.0216 2404 elxstor - ok
19:31:15.0232 2404 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:31:15.0247 2404 ErrDev - ok
19:31:15.0294 2404 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:31:15.0341 2404 EventSystem - ok
19:31:15.0388 2404 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:31:15.0435 2404 exfat - ok
19:31:15.0450 2404 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:31:15.0481 2404 fastfat - ok
19:31:15.0544 2404 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
19:31:15.0591 2404 Fax - ok
19:31:15.0606 2404 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:31:15.0637 2404 fdc - ok
19:31:15.0637 2404 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:31:15.0684 2404 fdPHost - ok
19:31:15.0684 2404 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:31:15.0731 2404 FDResPub - ok
19:31:15.0762 2404 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:31:15.0762 2404 FileInfo - ok
19:31:15.0778 2404 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:31:15.0809 2404 Filetrace - ok
19:31:15.0825 2404 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:31:15.0840 2404 flpydisk - ok
19:31:15.0856 2404 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:31:15.0871 2404 FltMgr - ok
19:31:15.0918 2404 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
19:31:15.0949 2404 FontCache - ok
19:31:16.0012 2404 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:31:16.0027 2404 FontCache3.0.0.0 - ok
19:31:16.0059 2404 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:31:16.0074 2404 FsDepends - ok
19:31:16.0105 2404 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:31:16.0121 2404 Fs_Rec - ok
19:31:16.0137 2404 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:31:16.0152 2404 fvevol - ok
19:31:16.0183 2404 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:31:16.0199 2404 gagp30kx - ok
19:31:16.0277 2404 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:31:16.0293 2404 GamesAppService - ok
19:31:16.0371 2404 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
19:31:16.0402 2404 gpsvc - ok
19:31:16.0480 2404 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:31:16.0495 2404 gupdate - ok
19:31:16.0511 2404 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:31:16.0527 2404 gupdatem - ok
19:31:16.0573 2404 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:31:16.0605 2404 hcw85cir - ok
19:31:16.0620 2404 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:31:16.0651 2404 HDAudBus - ok
19:31:16.0683 2404 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:31:16.0698 2404 HECIx64 - ok
19:31:16.0714 2404 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:31:16.0745 2404 HidBatt - ok
19:31:16.0776 2404 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:31:16.0823 2404 HidBth - ok
19:31:16.0870 2404 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:31:16.0917 2404 HidIr - ok
19:31:16.0963 2404 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:31:17.0010 2404 hidserv - ok
19:31:17.0041 2404 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:31:17.0057 2404 HidUsb - ok
19:31:17.0073 2404 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
19:31:17.0135 2404 hkmsvc - ok
19:31:17.0151 2404 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
19:31:17.0197 2404 HomeGroupListener - ok
19:31:17.0229 2404 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
19:31:17.0260 2404 HomeGroupProvider - ok
19:31:17.0338 2404 HP Health Check Service (00b239202f7756695c8ccdf8bafa7d3d) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
19:31:17.0353 2404 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
19:31:17.0353 2404 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
19:31:17.0416 2404 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:31:17.0416 2404 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:31:17.0416 2404 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:31:17.0431 2404 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:31:17.0447 2404 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:31:17.0447 2404 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:31:17.0478 2404 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:31:17.0494 2404 hpqwmiex - ok
19:31:17.0556 2404 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:31:17.0572 2404 HpSAMD - ok
19:31:17.0665 2404 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:31:17.0697 2404 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
19:31:17.0697 2404 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
19:31:17.0775 2404 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:31:17.0837 2404 HTTP - ok
19:31:17.0868 2404 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:31:17.0884 2404 hwpolicy - ok
19:31:17.0899 2404 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:31:17.0915 2404 i8042prt - ok
19:31:17.0962 2404 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
19:31:17.0993 2404 iaStor - ok
19:31:18.0009 2404 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:31:18.0024 2404 iaStorV - ok
19:31:18.0087 2404 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:31:18.0118 2404 idsvc - ok
19:31:18.0165 2404 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:31:18.0165 2404 iirsp - ok
19:31:18.0196 2404 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
19:31:18.0258 2404 IKEEXT - ok
19:31:18.0336 2404 IntcAzAudAddService (ef75c94792187a143871fbb87611b0b7) C:\Windows\system32\drivers\RTKVHD64.sys
19:31:18.0383 2404 IntcAzAudAddService - ok
19:31:18.0399 2404 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:31:18.0399 2404 intelide - ok
19:31:18.0430 2404 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:31:18.0461 2404 intelppm - ok
19:31:18.0492 2404 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:31:18.0539 2404 IPBusEnum - ok
19:31:18.0555 2404 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:31:18.0601 2404 IpFilterDriver - ok
19:31:18.0617 2404 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
19:31:18.0664 2404 iphlpsvc - ok
19:31:18.0679 2404 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:31:18.0695 2404 IPMIDRV - ok
19:31:18.0742 2404 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:31:18.0820 2404 IPNAT - ok
19:31:18.0835 2404 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:31:18.0851 2404 IRENUM - ok
19:31:18.0867 2404 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:31:18.0882 2404 isapnp - ok
19:31:18.0913 2404 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:31:18.0929 2404 iScsiPrt - ok
19:31:18.0945 2404 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:31:18.0960 2404 kbdclass - ok
19:31:18.0960 2404 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:31:18.0991 2404 kbdhid - ok
19:31:19.0054 2404 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:31:19.0054 2404 KeyIso - ok
19:31:19.0101 2404 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:31:19.0116 2404 KSecDD - ok
19:31:19.0147 2404 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:31:19.0163 2404 KSecPkg - ok
19:31:19.0194 2404 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:31:19.0225 2404 ksthunk - ok
19:31:19.0257 2404 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:31:19.0303 2404 KtmRm - ok
19:31:19.0366 2404 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
19:31:19.0428 2404 LanmanServer - ok
19:31:19.0444 2404 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
19:31:19.0522 2404 LanmanWorkstation - ok
19:31:19.0569 2404 LightScribeService (0ee66bdf485c6828aa65c0ef5d591133) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:31:19.0600 2404 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:31:19.0600 2404 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:31:19.0662 2404 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:31:19.0740 2404 lltdio - ok
19:31:19.0771 2404 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:31:19.0803 2404 lltdsvc - ok
19:31:19.0834 2404 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:31:19.0865 2404 lmhosts - ok
19:31:19.0896 2404 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:31:19.0896 2404 LSI_FC - ok
19:31:19.0912 2404 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:31:19.0927 2404 LSI_SAS - ok
19:31:19.0943 2404 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:31:19.0959 2404 LSI_SAS2 - ok
19:31:20.0005 2404 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:31:20.0005 2404 LSI_SCSI - ok
19:31:20.0052 2404 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:31:20.0115 2404 luafv - ok
19:31:20.0161 2404 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
19:31:20.0177 2404 LVRS64 - ok
19:31:20.0286 2404 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:31:20.0380 2404 LVUVC64 - ok
19:31:20.0395 2404 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
19:31:20.0411 2404 Mcx2Svc - ok
19:31:20.0427 2404 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:31:20.0442 2404 megasas - ok
19:31:20.0458 2404 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:31:20.0473 2404 MegaSR - ok
19:31:20.0505 2404 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:31:20.0551 2404 MMCSS - ok
19:31:20.0567 2404 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:31:20.0614 2404 Modem - ok
19:31:20.0629 2404 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:31:20.0661 2404 monitor - ok
19:31:20.0692 2404 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:31:20.0692 2404 mouclass - ok
19:31:20.0723 2404 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:31:20.0770 2404 mouhid - ok
19:31:20.0801 2404 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:31:20.0817 2404 mountmgr - ok
19:31:20.0832 2404 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:31:20.0848 2404 mpio - ok
19:31:20.0863 2404 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:31:20.0895 2404 mpsdrv - ok
19:31:20.0926 2404 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
19:31:20.0973 2404 MpsSvc - ok
19:31:21.0004 2404 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:31:21.0019 2404 MRxDAV - ok
19:31:21.0066 2404 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:31:21.0082 2404 mrxsmb - ok
19:31:21.0113 2404 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:31:21.0160 2404 mrxsmb10 - ok
19:31:21.0175 2404 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:31:21.0191 2404 mrxsmb20 - ok
19:31:21.0238 2404 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:31:21.0253 2404 msahci - ok
19:31:21.0285 2404 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:31:21.0300 2404 msdsm - ok
19:31:21.0331 2404 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:31:21.0363 2404 MSDTC - ok
19:31:21.0394 2404 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:31:21.0425 2404 Msfs - ok
19:31:21.0441 2404 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:31:21.0487 2404 mshidkmdf - ok
19:31:21.0487 2404 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:31:21.0503 2404 msisadrv - ok
19:31:21.0550 2404 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:31:21.0597 2404 MSiSCSI - ok
19:31:21.0597 2404 msiserver - ok
19:31:21.0612 2404 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:31:21.0659 2404 MSKSSRV - ok
19:31:21.0659 2404 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:31:21.0721 2404 MSPCLOCK - ok
19:31:21.0737 2404 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:31:21.0768 2404 MSPQM - ok
19:31:21.0784 2404 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:31:21.0799 2404 MsRPC - ok
19:31:21.0815 2404 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:31:21.0831 2404 mssmbios - ok
19:31:21.0862 2404 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:31:21.0909 2404 MSTEE - ok
19:31:21.0924 2404 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:31:21.0940 2404 MTConfig - ok
19:31:21.0955 2404 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:31:21.0955 2404 Mup - ok
19:31:21.0987 2404 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
19:31:22.0049 2404 napagent - ok
19:31:22.0096 2404 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:31:22.0127 2404 NativeWifiP - ok
19:31:22.0158 2404 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:31:22.0189 2404 NDIS - ok
19:31:22.0189 2404 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:31:22.0236 2404 NdisCap - ok
19:31:22.0252 2404 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:31:22.0283 2404 NdisTapi - ok
19:31:22.0299 2404 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:31:22.0345 2404 Ndisuio - ok
19:31:22.0377 2404 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:31:22.0408 2404 NdisWan - ok
19:31:22.0439 2404 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:31:22.0486 2404 NDProxy - ok
19:31:22.0517 2404 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
19:31:22.0517 2404 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:31:22.0517 2404 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:31:22.0533 2404 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:31:22.0579 2404 NetBIOS - ok
19:31:22.0611 2404 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:31:22.0657 2404 NetBT - ok
19:31:22.0704 2404 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:31:22.0735 2404 Netlogon - ok
19:31:22.0782 2404 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:31:22.0829 2404 Netman - ok
19:31:22.0845 2404 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:31:22.0876 2404 netprofm - ok
19:31:22.0907 2404 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
19:31:22.0938 2404 netr28x - ok
19:31:23.0001 2404 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:31:23.0016 2404 NetTcpPortSharing - ok
19:31:23.0063 2404 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:31:23.0063 2404 nfrd960 - ok
19:31:23.0110 2404 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
19:31:23.0172 2404 NlaSvc - ok
19:31:23.0172 2404 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:31:23.0203 2404 Npfs - ok
19:31:23.0235 2404 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:31:23.0266 2404 nsi - ok
19:31:23.0297 2404 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:31:23.0328 2404 nsiproxy - ok
19:31:23.0375 2404 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:31:23.0422 2404 Ntfs - ok
19:31:23.0437 2404 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:31:23.0469 2404 Null - ok
19:31:23.0500 2404 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:31:23.0500 2404 nvraid - ok
19:31:23.0515 2404 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:31:23.0531 2404 nvstor - ok
19:31:23.0547 2404 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:31:23.0562 2404 nv_agp - ok
19:31:23.0609 2404 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:31:23.0625 2404 ohci1394 - ok
19:31:23.0687 2404 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:31:23.0703 2404 ose - ok
19:31:23.0796 2404 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:31:23.0921 2404 osppsvc - ok
19:31:23.0983 2404 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:31:24.0030 2404 p2pimsvc - ok
19:31:24.0046 2404 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:31:24.0061 2404 p2psvc - ok
19:31:24.0093 2404 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:31:24.0108 2404 Parport - ok
19:31:24.0124 2404 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:31:24.0139 2404 partmgr - ok
19:31:24.0155 2404 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:31:24.0186 2404 PcaSvc - ok
19:31:24.0186 2404 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:31:24.0202 2404 pci - ok
19:31:24.0217 2404 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:31:24.0233 2404 pciide - ok
19:31:24.0264 2404 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:31:24.0295 2404 pcmcia - ok
19:31:24.0311 2404 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:31:24.0311 2404 pcw - ok
19:31:24.0358 2404 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:31:24.0420 2404 PEAUTH - ok
19:31:24.0467 2404 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:31:24.0483 2404 PerfHost - ok
19:31:24.0529 2404 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
19:31:24.0607 2404 pla - ok
19:31:24.0654 2404 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
19:31:24.0717 2404 PlugPlay - ok
19:31:24.0748 2404 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
19:31:24.0763 2404 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:31:24.0763 2404 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:31:24.0779 2404 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:31:24.0810 2404 PNRPAutoReg - ok
19:31:24.0826 2404 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:31:24.0857 2404 PNRPsvc - ok
19:31:24.0873 2404 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
19:31:24.0919 2404 PolicyAgent - ok
19:31:24.0951 2404 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:31:24.0997 2404 Power - ok
19:31:25.0029 2404 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:31:25.0075 2404 PptpMiniport - ok
19:31:25.0091 2404 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:31:25.0122 2404 Processor - ok
19:31:25.0138 2404 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
19:31:25.0185 2404 ProfSvc - ok
19:31:25.0216 2404 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:31:25.0216 2404 ProtectedStorage - ok
19:31:25.0247 2404 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:31:25.0278 2404 Psched - ok
19:31:25.0309 2404 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:31:25.0341 2404 ql2300 - ok
19:31:25.0356 2404 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:31:25.0372 2404 ql40xx - ok
19:31:25.0403 2404 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:31:25.0419 2404 QWAVE - ok
19:31:25.0434 2404 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:31:25.0450 2404 QWAVEdrv - ok
19:31:25.0465 2404 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:31:25.0512 2404 RasAcd - ok
19:31:25.0528 2404 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:31:25.0559 2404 RasAgileVpn - ok
19:31:25.0590 2404 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:31:25.0637 2404 RasAuto - ok
19:31:25.0653 2404 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:31:25.0699 2404 Rasl2tp - ok
19:31:25.0715 2404 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
19:31:25.0762 2404 RasMan - ok
19:31:25.0793 2404 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:31:25.0824 2404 RasPppoe - ok
19:31:25.0855 2404 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:31:25.0918 2404 RasSstp - ok
19:31:25.0933 2404 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:31:25.0996 2404 rdbss - ok
19:31:26.0011 2404 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:31:26.0027 2404 rdpbus - ok
19:31:26.0074 2404 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:31:26.0105 2404 RDPCDD - ok
19:31:26.0121 2404 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:31:26.0167 2404 RDPENCDD - ok
19:31:26.0199 2404 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:31:26.0230 2404 RDPREFMP - ok
19:31:26.0261 2404 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
19:31:26.0277 2404 RDPWD - ok
19:31:26.0308 2404 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:31:26.0323 2404 rdyboost - ok
19:31:26.0355 2404 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:31:26.0386 2404 RemoteAccess - ok
19:31:26.0401 2404 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:31:26.0448 2404 RemoteRegistry - ok
19:31:26.0448 2404 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:31:26.0511 2404 RpcEptMapper - ok
19:31:26.0542 2404 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:31:26.0542 2404 RpcLocator - ok
19:31:26.0557 2404 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
19:31:26.0604 2404 RpcSs - ok
19:31:26.0635 2404 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:31:26.0682 2404 rspndr - ok
19:31:26.0713 2404 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:31:26.0745 2404 RTL8167 - ok
19:31:26.0776 2404 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:31:26.0791 2404 SamSs - ok
19:31:26.0823 2404 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:31:26.0838 2404 sbp2port - ok
19:31:26.0869 2404 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:31:26.0916 2404 SCardSvr - ok
19:31:26.0932 2404 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:31:26.0979 2404 scfilter - ok
19:31:27.0025 2404 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
19:31:27.0057 2404 Schedule - ok
19:31:27.0088 2404 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
19:31:27.0119 2404 SCPolicySvc - ok
19:31:27.0135 2404 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
19:31:27.0166 2404 SDRSVC - ok
19:31:27.0197 2404 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:31:27.0259 2404 secdrv - ok
19:31:27.0275 2404 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
19:31:27.0322 2404 seclogon - ok
19:31:27.0337 2404 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:31:27.0384 2404 SENS - ok
19:31:27.0384 2404 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:31:27.0400 2404 SensrSvc - ok
19:31:27.0431 2404 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:31:27.0447 2404 Serenum - ok
19:31:27.0462 2404 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:31:27.0478 2404 Serial - ok
19:31:27.0493 2404 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:31:27.0525 2404 sermouse - ok
19:31:27.0556 2404 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
19:31:27.0618 2404 SessionEnv - ok
19:31:27.0634 2404 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:31:27.0649 2404 sffdisk - ok
19:31:27.0665 2404 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:31:27.0665 2404 sffp_mmc - ok
19:31:27.0712 2404 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:31:27.0712 2404 sffp_sd - ok
19:31:27.0743 2404 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:31:27.0759 2404 sfloppy - ok
19:31:27.0837 2404 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:31:27.0899 2404 SharedAccess - ok
19:31:27.0915 2404 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
19:31:27.0930 2404 ShellHWDetection - ok
19:31:27.0977 2404 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:31:27.0977 2404 SiSRaid2 - ok
19:31:27.0993 2404 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:31:28.0008 2404 SiSRaid4 - ok
19:31:28.0086 2404 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:31:28.0102 2404 SkypeUpdate - ok
19:31:28.0180 2404 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:31:28.0242 2404 Smb - ok
19:31:28.0289 2404 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:31:28.0320 2404 SNMPTRAP - ok
19:31:28.0351 2404 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:31:28.0367 2404 spldr - ok
19:31:28.0383 2404 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
19:31:28.0414 2404 Spooler - ok
19:31:28.0476 2404 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
19:31:28.0570 2404 sppsvc - ok
19:31:28.0601 2404 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:31:28.0663 2404 sppuinotify - ok
19:31:28.0710 2404 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:31:28.0741 2404 srv - ok
19:31:28.0757 2404 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:31:28.0804 2404 srv2 - ok
19:31:28.0835 2404 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:31:28.0866 2404 srvnet - ok
19:31:28.0913 2404 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:31:28.0975 2404 SSDPSRV - ok
19:31:28.0991 2404 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:31:29.0022 2404 SstpSvc - ok
19:31:29.0053 2404 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:31:29.0053 2404 stexstor - ok
19:31:29.0100 2404 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:31:29.0131 2404 StillCam - ok
19:31:29.0163 2404 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
19:31:29.0209 2404 stisvc - ok
19:31:29.0225 2404 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:31:29.0241 2404 swenum - ok
19:31:29.0256 2404 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:31:29.0319 2404 swprv - ok
19:31:29.0365 2404 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
19:31:29.0412 2404 SysMain - ok
19:31:29.0428 2404 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
19:31:29.0443 2404 TabletInputService - ok
19:31:29.0459 2404 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
19:31:29.0490 2404 TapiSrv - ok
19:31:29.0506 2404 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:31:29.0537 2404 TBS - ok
19:31:29.0615 2404 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:31:29.0662 2404 Tcpip - ok
19:31:29.0740 2404 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:31:29.0771 2404 TCPIP6 - ok
19:31:29.0802 2404 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:31:29.0865 2404 tcpipreg - ok
19:31:29.0880 2404 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:31:29.0896 2404 TDPIPE - ok
19:31:29.0927 2404 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
19:31:29.0943 2404 TDTCP - ok
19:31:29.0958 2404 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:31:29.0989 2404 tdx - ok
19:31:30.0083 2404 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
19:31:30.0130 2404 TeamViewer6 - ok
19:31:30.0208 2404 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:31:30.0223 2404 TermDD - ok
19:31:30.0255 2404 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
19:31:30.0301 2404 TermService - ok
19:31:30.0317 2404 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:31:30.0333 2404 Themes - ok
19:31:30.0348 2404 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:31:30.0395 2404 THREADORDER - ok
19:31:30.0411 2404 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:31:30.0442 2404 TrkWks - ok
19:31:30.0473 2404 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
19:31:30.0489 2404 TrustedInstaller - ok
19:31:30.0520 2404 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:31:30.0567 2404 tssecsrv - ok
19:31:30.0582 2404 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:31:30.0629 2404 tunnel - ok
19:31:30.0660 2404 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:31:30.0660 2404 uagp35 - ok
19:31:30.0691 2404 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:31:30.0723 2404 udfs - ok
19:31:30.0754 2404 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:31:30.0754 2404 UI0Detect - ok
19:31:30.0785 2404 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:31:30.0785 2404 uliagpkx - ok
19:31:30.0816 2404 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:31:30.0832 2404 umbus - ok
19:31:30.0847 2404 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:31:30.0879 2404 UmPass - ok
19:31:30.0894 2404 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:31:30.0957 2404 upnphost - ok
19:31:30.0988 2404 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
19:31:31.0019 2404 usbaudio - ok
19:31:31.0050 2404 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:31:31.0097 2404 usbccgp - ok
19:31:31.0128 2404 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:31:31.0159 2404 usbcir - ok
19:31:31.0175 2404 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
19:31:31.0191 2404 usbehci - ok
19:31:31.0237 2404 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:31:31.0269 2404 usbhub - ok
19:31:31.0315 2404 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:31:31.0347 2404 usbohci - ok
19:31:31.0378 2404 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:31:31.0409 2404 usbprint - ok
19:31:31.0440 2404 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:31:31.0487 2404 USBSTOR - ok
19:31:31.0518 2404 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:31:31.0534 2404 usbuhci - ok
19:31:31.0549 2404 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:31:31.0612 2404 UxSms - ok
19:31:31.0643 2404 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
19:31:31.0659 2404 VaultSvc - ok
19:31:31.0690 2404 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:31:31.0721 2404 vdrvroot - ok
19:31:31.0737 2404 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
19:31:31.0768 2404 vds - ok
19:31:31.0783 2404 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:31:31.0799 2404 vga - ok
19:31:31.0799 2404 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:31:31.0861 2404 VgaSave - ok
19:31:31.0877 2404 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:31:31.0893 2404 vhdmp - ok
19:31:31.0908 2404 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:31:31.0924 2404 viaide - ok
19:31:31.0939 2404 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:31:31.0955 2404 volmgr - ok
19:31:31.0986 2404 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:31:32.0017 2404 volmgrx - ok
19:31:32.0017 2404 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:31:32.0033 2404 volsnap - ok
19:31:32.0064 2404 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:31:32.0064 2404 vsmraid - ok
19:31:32.0111 2404 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
19:31:32.0173 2404 VSS - ok
19:31:32.0205 2404 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:31:32.0220 2404 vwifibus - ok
19:31:32.0236 2404 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:31:32.0283 2404 vwififlt - ok
19:31:32.0298 2404 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:31:32.0314 2404 vwifimp - ok
19:31:32.0361 2404 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:31:32.0407 2404 W32Time - ok
19:31:32.0423 2404 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:31:32.0454 2404 WacomPen - ok
19:31:32.0470 2404 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:32.0532 2404 WANARP - ok
19:31:32.0532 2404 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:31:32.0563 2404 Wanarpv6 - ok
19:31:32.0626 2404 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:31:32.0673 2404 WatAdminSvc - ok
19:31:32.0719 2404 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
19:31:32.0813 2404 wbengine - ok
19:31:32.0829 2404 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:31:32.0844 2404 WbioSrvc - ok
19:31:32.0875 2404 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
19:31:32.0922 2404 wcncsvc - ok
19:31:32.0938 2404 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:31:32.0969 2404 WcsPlugInService - ok
19:31:33.0000 2404 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:31:33.0000 2404 Wd - ok
19:31:33.0047 2404 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:31:33.0063 2404 WDC_SAM - ok
19:31:33.0094 2404 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:31:33.0109 2404 Wdf01000 - ok
19:31:33.0141 2404 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:31:33.0156 2404 WdiServiceHost - ok
19:31:33.0156 2404 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:31:33.0187 2404 WdiSystemHost - ok
19:31:33.0219 2404 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
19:31:33.0250 2404 WebClient - ok
19:31:33.0265 2404 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:31:33.0312 2404 Wecsvc - ok
19:31:33.0328 2404 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:31:33.0359 2404 wercplsupport - ok
19:31:33.0375 2404 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:31:33.0421 2404 WerSvc - ok
19:31:33.0437 2404 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:31:33.0484 2404 WfpLwf - ok
19:31:33.0499 2404 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:31:33.0515 2404 WIMMount - ok
19:31:33.0531 2404 WinDefend - ok
19:31:33.0546 2404 WinHttpAutoProxySvc - ok
19:31:33.0577 2404 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:31:33.0624 2404 Winmgmt - ok
19:31:33.0671 2404 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
19:31:33.0765 2404 WinRM - ok
19:31:33.0843 2404 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:31:33.0921 2404 Wlansvc - ok
19:31:33.0967 2404 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:31:33.0983 2404 WmiAcpi - ok
19:31:34.0030 2404 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:31:34.0045 2404 wmiApSrv - ok
19:31:34.0092 2404 WMPNetworkSvc - ok
19:31:34.0139 2404 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:31:34.0170 2404 WPCSvc - ok
19:31:34.0186 2404 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
19:31:34.0217 2404 WPDBusEnum - ok
19:31:34.0248 2404 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:31:34.0295 2404 ws2ifsl - ok
19:31:34.0326 2404 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
19:31:34.0357 2404 wscsvc - ok
19:31:34.0357 2404 WSearch - ok
19:31:34.0435 2404 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
19:31:34.0529 2404 wuauserv - ok
19:31:34.0560 2404 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:31:34.0623 2404 WudfPf - ok
19:31:34.0669 2404 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:31:34.0701 2404 WUDFRd - ok
19:31:34.0716 2404 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
19:31:34.0747 2404 wudfsvc - ok
19:31:34.0763 2404 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:31:34.0794 2404 WwanSvc - ok
19:31:34.0825 2404 MBR (0x1B8) (7f371ae292a1c7637698ecb2d9ce9e10) \Device\Harddisk0\DR0
19:31:35.0013 2404 \Device\Harddisk0\DR0 - ok
19:31:35.0028 2404 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:31:35.0496 2404 \Device\Harddisk1\DR1 - ok
19:31:35.0512 2404 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
19:31:37.0805 2404 \Device\Harddisk2\DR2 - ok
19:31:37.0821 2404 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk3\DR3
19:31:39.0817 2404 \Device\Harddisk3\DR3 - ok
19:31:39.0849 2404 Boot (0x1200) (85959f28b6b0ccb15e3f61a3bb0e2a14) \Device\Harddisk0\DR0\Partition0
19:31:39.0849 2404 \Device\Harddisk0\DR0\Partition0 - ok
19:31:39.0864 2404 Boot (0x1200) (1d67d79d6b01d4ab64095c8aca297233) \Device\Harddisk0\DR0\Partition1
19:31:39.0864 2404 \Device\Harddisk0\DR0\Partition1 - ok
19:31:39.0895 2404 Boot (0x1200) (fd7ed76ff084bf8eccfca6dc8554d9f0) \Device\Harddisk0\DR0\Partition2
19:31:39.0895 2404 \Device\Harddisk0\DR0\Partition2 - ok
19:31:39.0895 2404 Boot (0x1200) (74e808ce78b282d4fa4b5d5d5e26c335) \Device\Harddisk1\DR1\Partition0
19:31:39.0895 2404 \Device\Harddisk1\DR1\Partition0 - ok
19:31:39.0911 2404 Boot (0x1200) (2d1f7823832be698e15b8f9498f5c2bf) \Device\Harddisk2\DR2\Partition0
19:31:39.0911 2404 \Device\Harddisk2\DR2\Partition0 - ok
19:31:39.0911 2404 Boot (0x1200) (d656de7764e832e9ec6a2904e75a7d2e) \Device\Harddisk3\DR3\Partition0
19:31:39.0911 2404 \Device\Harddisk3\DR3\Partition0 - ok
19:31:39.0911 2404 ============================================================
19:31:39.0911 2404 Scan finished
19:31:39.0911 2404 ============================================================
19:31:39.0927 2236 Detected object count: 7
19:31:39.0927 2236 Actual detected object count: 7
19:33:14.0260 2236 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:14.0260 2236 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:14.0260 2236 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:14.0260 2236 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:14.0260 2236 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:14.0260 2236 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:33:14.0260 2236 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:33:14.0260 2236 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:34:12.0043 4692 Deinitialize success


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.02.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
SIMS :: SIMS-HP-PC [administrator]

2/04/2012 7:47:23 p.m.
mbam-log-2012-04-02 (19-47-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196285
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


OTL logfile created on: 2/04/2012 7:56:18 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SIMS\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.87 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 67.71% Memory free
7.73 Gb Paging File | 6.16 Gb Available in Paging File | 79.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.70 Gb Total Space | 386.91 Gb Free Space | 85.09% Space Free | Partition Type: NTFS
Drive D: | 10.96 Gb Total Space | 1.58 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 297.44 Gb Total Space | 139.99 Gb Free Space | 47.07% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 2.96 Gb Free Space | 79.34% Space Free | Partition Type: FAT32
Drive J: | 994.70 Mb Total Space | 383.98 Mb Free Space | 38.60% Space Free | Partition Type: FAT

Computer Name: SIMS-HP-PC | User Name: SIMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 09:42:23 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\SIMS\Downloads\OTL.exe
PRC - [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 16:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/02 00:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2009/10/22 19:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/25 14:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
PRC - [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
PRC - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 06:43:46 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/22 17:40:16 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/10/22 19:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/02/27 20:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
MOD - [2009/02/19 18:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/09 11:56:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 13:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/30 06:43:46 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 07:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 01:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/21 14:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 16:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 00:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/10/13 05:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/11 09:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/03/11 18:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 18:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/10/07 07:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam E3500(UVC)
DRV:64bit: - [2009/10/07 07:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/03 00:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/30 13:04:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/18 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/09 12:31:52 | 006,204,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/08/21 12:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 13:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 13:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 13:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 13:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 13:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 12:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 08:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 08:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 08:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 08:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 09:48:42 | 000,702,976 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/14 13:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE:64bit: - HKLM\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE - HKLM\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE - HKLM\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/15
IE - HKCU\..\SearchScopes,DefaultScope = {24A5A82A-C01C-41BF-B060-7AD3CA5216D3}
IE - HKCU\..\SearchScopes\{24A5A82A-C01C-41BF-B060-7AD3CA5216D3}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Stardoll Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.stuff.co.nz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\SIMS\AppData\Local\Roblox\Versions\version-fa4cea1530284e83\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 09:59:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 07:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/22 17:40:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/01 06:56:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/12/04 15:04:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/12/23 07:14:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/04 09:59:45 | 000,000,000 | ---D | M]

[2010/12/04 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Extensions
[2010/12/04 15:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/12/11 10:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions
[2011/12/11 10:02:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions\trash
[2011/10/17 09:05:09 | 000,003,739 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\avg-secure-search.xml
[2011/11/28 15:12:04 | 000,000,919 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\conduit.xml
[2012/01/08 12:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SIMS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MICNKL41.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
[2012/03/22 17:40:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 07:33:19 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/10/02 07:33:19 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/02 07:33:19 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/02 07:33:19 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/02 07:33:19 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\SIMS\AppData\Local\Roblox\Versions\version-21cdb2fff9fb4df2\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2012/04/02 19:19:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.239.10 192.168.1.3 192.168.239.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABBC696-EB1C-4834-886E-164895EC2725}: DhcpNameServer = 4.2.2.3 4.2.2.2 192.168.1.3 4.2.2.3 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93F847BD-BDF9-457D-BACB-8A3F39B027C0}: DhcpNameServer = 192.168.239.10 192.168.1.3 192.168.239.10
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/19 09:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*



SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/02 19:46:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/02 19:46:03 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 19:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/02 19:42:13 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\SIMS\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/02 19:26:17 | 002,068,016 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SIMS\Desktop\tdsskiller.exe
[2012/04/02 19:19:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/02 19:12:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/02 19:12:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/02 19:12:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/02 19:12:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/02 19:12:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/02 19:12:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/02 18:43:44 | 004,453,008 | R--- | C] (Swearware) -- C:\Users\SIMS\Desktop\ComboFix.exe
[2012/04/02 17:59:14 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\SIMS\Desktop\aswMBR.exe
[2012/03/30 06:43:46 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 06:43:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/29 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\Malwarebytes
[2012/03/29 18:24:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/29 18:24:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/22 20:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/03/22 20:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/03/20 21:53:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/20 21:53:19 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/20 21:53:19 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/20 21:53:19 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/20 21:53:19 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/20 21:53:19 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/20 21:53:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/20 21:53:18 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/20 21:53:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/20 21:53:18 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/20 21:53:18 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/20 21:53:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/20 21:53:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/20 21:53:18 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/20 21:53:18 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/20 21:53:18 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/20 21:53:18 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/20 21:53:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/20 21:53:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/20 21:53:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/20 21:53:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/20 21:53:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/20 21:53:18 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/20 21:53:17 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/20 21:53:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/20 21:53:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/20 21:53:17 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/20 21:53:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/20 21:53:17 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/20 21:53:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/20 21:53:17 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/20 21:53:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/20 21:53:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/20 21:53:17 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/20 21:53:17 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/20 21:53:17 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/20 21:53:17 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/20 21:53:17 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/20 21:53:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/20 21:53:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/20 21:53:17 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/20 21:53:17 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/20 21:53:17 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/20 21:53:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/20 21:53:17 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/20 21:53:17 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/20 21:53:17 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/20 21:53:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/20 21:53:17 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/20 21:53:17 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/20 21:53:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/20 21:53:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/20 21:53:17 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/20 21:53:16 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/20 21:53:16 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/20 21:53:16 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/20 21:53:16 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/20 21:53:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/20 21:53:16 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/20 21:53:16 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/20 21:53:16 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/20 21:53:16 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/20 21:53:16 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/20 21:53:16 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/20 21:53:16 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/20 21:53:16 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/20 21:53:16 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/20 21:53:16 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/20 21:53:16 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/20 21:53:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/20 21:53:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/20 21:53:16 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/14 21:29:40 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 21:29:40 | 003,957,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 21:29:39 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 12:10:11 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/14 12:10:11 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 12:10:11 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/14 12:10:11 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/14 12:10:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/14 12:08:09 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 12:08:09 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 12:08:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 12:08:08 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 12:08:08 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/08 12:20:55 | 000,000,000 | ---D | C] -- C:\Users\SIMS\AppData\Roaming\IcoFX2X
[2012/03/08 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IcoFX2X
[2012/03/08 12:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IcoFX 2
[2012/03/08 12:20:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IcoFX 2

========== Files - Modified Within 30 Days ==========

[2012/04/02 19:46:38 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 19:46:38 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/02 19:46:04 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 19:43:38 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/02 19:43:38 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/02 19:43:38 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/02 19:43:04 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\SIMS\Desktop\mbam--setup-1.60.1.1000.exe
[2012/04/02 19:39:30 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 19:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/02 19:39:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/02 19:39:15 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/02 19:36:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 19:26:50 | 002,068,016 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SIMS\Desktop\tdsskiller.exe
[2012/04/02 19:19:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/02 19:10:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 18:44:00 | 004,453,008 | R--- | M] (Swearware) -- C:\Users\SIMS\Desktop\ComboFix.exe
[2012/04/02 18:41:05 | 000,000,512 | ---- | M] () -- C:\Users\SIMS\Desktop\MBR.dat
[2012/04/02 18:00:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\SIMS\Desktop\aswMBR.exe
[2012/04/02 11:39:38 | 093,316,310 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/02 11:39:19 | 000,413,182 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/03/31 09:04:15 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/03/30 06:43:46 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/03/30 06:43:46 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/22 20:21:56 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/03/21 06:58:26 | 000,001,403 | ---- | M] () -- C:\Users\SIMS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/20 21:53:19 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/20 21:53:19 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/20 21:53:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/20 21:53:19 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/20 21:53:19 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/20 21:53:19 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/20 21:53:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/20 21:53:18 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/20 21:53:18 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/20 21:53:18 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/20 21:53:18 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/20 21:53:18 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/20 21:53:18 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/20 21:53:18 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/20 21:53:18 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/20 21:53:18 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/20 21:53:18 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/20 21:53:18 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/20 21:53:18 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/20 21:53:18 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/20 21:53:18 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/20 21:53:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/20 21:53:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/20 21:53:18 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/20 21:53:17 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/20 21:53:17 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/20 21:53:17 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/20 21:53:17 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/20 21:53:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/20 21:53:17 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/20 21:53:17 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/20 21:53:17 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/20 21:53:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/20 21:53:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/20 21:53:17 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/20 21:53:17 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/20 21:53:17 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/20 21:53:17 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/20 21:53:17 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/20 21:53:17 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/20 21:53:17 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/20 21:53:17 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/20 21:53:17 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/20 21:53:17 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/20 21:53:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/20 21:53:17 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/20 21:53:17 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/20 21:53:17 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/20 21:53:17 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/20 21:53:17 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/20 21:53:17 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/20 21:53:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/20 21:53:17 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/20 21:53:17 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/20 21:53:16 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/20 21:53:16 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/20 21:53:16 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/20 21:53:16 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/20 21:53:16 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/20 21:53:16 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/20 21:53:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/20 21:53:16 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/20 21:53:16 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/20 21:53:16 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/20 21:53:16 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/20 21:53:16 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/20 21:53:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/20 21:53:16 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/20 21:53:16 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/20 21:53:16 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/20 21:53:16 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/20 21:53:16 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/20 21:53:16 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/20 21:53:16 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/15 07:47:44 | 000,431,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/08 12:29:01 | 000,002,190 | ---- | M] () -- C:\Users\SIMS\Desktop\Suffolk INFO.lnk

========== Files Created - No Company Name ==========

[2012/04/02 19:46:04 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 19:12:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/02 19:12:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/02 19:12:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/02 19:12:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/02 19:12:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/02 18:41:05 | 000,000,512 | ---- | C] () -- C:\Users\SIMS\Desktop\MBR.dat
[2012/03/30 06:43:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/20 21:53:18 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/20 21:53:16 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/07/19 09:31:31 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2011/06/23 18:36:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/23 18:21:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/04 09:53:41 | 000,202,451 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/12/04 09:53:41 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2010/12/04 15:23:48 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Adobe
[2010/12/02 17:52:54 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\ATI
[2011/10/17 09:04:27 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\AVG2012
[2012/03/02 12:44:28 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\FileZilla
[2010/12/21 07:03:19 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Gamelab
[2010/12/03 19:12:35 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Hewlett-Packard
[2010/12/04 10:09:23 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\HP
[2012/03/08 12:52:21 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\IcoFX2X
[2010/12/02 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Identities
[2010/12/04 07:53:11 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Macromedia
[2012/03/29 18:24:45 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Malwarebytes
[2009/07/14 19:44:38 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Media Center Programs
[2011/06/23 18:57:37 | 000,000,000 | --SD | M] -- C:\Users\SIMS\AppData\Roaming\Microsoft
[2010/12/03 20:49:43 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Mozilla
[2010/12/04 07:53:11 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\PlayFirst
[2012/04/01 22:41:21 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Skype
[2012/03/22 20:20:11 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\skypePM
[2010/12/04 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Thunderbird
[2011/10/02 17:34:36 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Unity
[2010/12/18 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\Western Digital
[2010/12/05 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\SIMS\AppData\Roaming\WildTangentv1001

< MD5 for: ATAPI.SYS >
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 13:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/10/06 18:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 18:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 18:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 18:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 17:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 13:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 17:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 17:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 17:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 17:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 18:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 18:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 00:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/10/06 18:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 18:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 17:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 18:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 17:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/21 01:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 18:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 17:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 13:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 18:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/06 18:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 18:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 18:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/10/06 17:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 13:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 13:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 13:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 13:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 13:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 13:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 00:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 13:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/14 13:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 13:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 13:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/14 13:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 13:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/21 01:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 01:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 13:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 19:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 18:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 18:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 18:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/03/22 17:40:15 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/03/22 17:40:15 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/22 17:40:15 | 000,834,704 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/20 21:53:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/20 21:53:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/20 21:53:18 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/20 21:53:19 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/03/20 21:53:19 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/22 17:40:15 | 000,834,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/22 17:40:15 | 000,834,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/22 17:40:15 | 000,834,704 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/03/22 17:40:16 | 000,924,600 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/03/22 00:21:14 | 001,049,072 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/20 21:53:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/20 21:53:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/20 21:53:16 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/20 21:53:19 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/03/20 21:53:19 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


OTL Extras logfile created on: 2/04/2012 7:56:18 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\SIMS\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

3.87 Gb Total Physical Memory | 2.62 Gb Available Physical Memory | 67.71% Memory free
7.73 Gb Paging File | 6.16 Gb Available in Paging File | 79.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.70 Gb Total Space | 386.91 Gb Free Space | 85.09% Space Free | Partition Type: NTFS
Drive D: | 10.96 Gb Total Space | 1.58 Gb Free Space | 14.45% Space Free | Partition Type: NTFS
Drive F: | 644.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 297.44 Gb Total Space | 139.99 Gb Free Space | 47.07% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 2.96 Gb Free Space | 79.34% Space Free | Partition Type: FAT32
Drive J: | 994.70 Mb Total Space | 383.98 Mb Free Space | 38.60% Space Free | Partition Type: FAT

Computer Name: SIMS-HP-PC | User Name: SIMS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5A569CBA-9BE4-EAB0-9B43-468CEA2323B7}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65E1E6AE-1DA5-51F3-80B2-8E1F4798EE90}" = ccc-utility64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E3EC7FC4-B4BF-4911-9A43-F7C753CE03F5}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PC-Doctor for Windows" = Hardware Diagnostic Tools

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A0EA5EE-B154-B71F-8F19-38D8A7880A2D}" = CCC Help Finnish
"{0DEF8C02-2EAB-4BFE-A7E0-7990665DF1A9}" = C6100
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
"{1305721F-9D11-28D6-4905-87C6E1C59483}" = CCC Help Spanish
"{13D751B7-252D-B3CC-4BA4-E9BEB44E3E52}" = CCC Help Danish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{16B9D94B-6BD5-6AD2-7524-4742D2B0FD2E}" = Catalyst Control Center InstallProxy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F766D0-ED47-1CDB-43ED-4D796523EE04}" = Catalyst Control Center Graphics Previews Vista
"{250C5899-57E3-9FCE-EC65-7D97EB26E801}" = CCC Help Thai
"{251823D1-E0F5-CF28-9228-23BB9BFA331A}" = CCC Help Japanese
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 29
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2C68C9C3-EBE9-6E0D-A1F8-2BAAA38BAB31}" = CCC Help German
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{363B792C-587F-FC44-52ED-CC96C40189DD}" = Catalyst Control Center Graphics Full New
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3F461172-D41D-D4DC-C5FF-DD55047BFB62}" = Catalyst Control Center Localization All
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{43C93F31-8A0A-D660-1EA8-A50AFC3AF08E}" = CCC Help Portuguese
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4BD5B5D2-406D-4bc5-BB10-2F0D1D367C95}" = c6100_Help
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5585CB69-5BD3-7BCB-C8E9-8801153AEA7E}" = Catalyst Control Center Graphics Previews Common
"{57A67EC6-0652-4C0A-B8D4-20CD437AD033}" = Catalyst Control Center - Branding
"{5C7C6A1A-472A-6A71-B76B-6362E7D754C1}" = CCC Help Greek
"{60A01572-96E0-0992-7D46-A14DE39DF744}" = CCC Help Hungarian
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A7B066-7B5A-D0C8-CD4A-3956F28D0F19}" = Catalyst Control Center Core Implementation
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72C13C57-30D0-A4F2-0152-93497B41B4D1}" = CCC Help Italian
"{741CFE3A-1C0B-4A7D-8E08-5D78C911C09D}" = HP Support Assistant
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82507042-E161-7BC4-C0F8-2CC89FA78B08}" = CCC Help English
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{882CB5E3-A35E-64EA-502B-B5ACBCDB0E10}" = CCC Help Chinese Standard
"{88B9E14A-8D6F-1C30-4058-3874FDC8EB2C}" = HydraVision
"{89BF497F-006C-8EDF-D631-DD571B5F34AD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{900CD40F-16D4-0823-9CC5-13C400292E70}" = ccc-core-static
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{92CB7642-7B94-0386-712C-B56625BEE89F}" = CCC Help Chinese Traditional
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A169679-3201-2C0C-9F31-D9ED7C2CF73A}" = Catalyst Control Center Graphics Light
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3F79A0-6348-1AEC-C74E-D0839CF67E66}" = CCC Help Dutch
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6667C6-1653-9F63-C529-A46BDFB752C1}" = CCC Help Norwegian
"{A447DD0F-CF77-8088-4A7E-E6EBA1AF288B}" = CCC Help Turkish
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.30" = NavDesk 7.30
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B34C21F4-19EF-226B-DFC6-CDE873D4765D}" = CCC Help Polish
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{CA68D835-CFBB-4140-310C-24E531EED00B}" = Catalyst Control Center HydraVision Full
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D5D1C55B-CF2E-6DF9-B7D1-7D459605E095}" = CCC Help Czech
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F580CD50-FEE4-BD23-6E92-06E097A62179}" = Catalyst Control Center Graphics Full Existing
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F739E726-0A18-D419-C1CF-9DD9164CB63C}" = CCC Help Korean
"{F8D69CD2-512F-2BA9-EE88-B24B3380851B}" = CCC Help Russian
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FEDF630C-92DC-3EC1-04A7-2F32B34DB801}" = CCC Help Swedish
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BAM Screensaver" = BAM Screensaver
"Cashmanager" = Cashmanager
"Google Chrome" = Google Chrome
"HP Remote Solution" = HP Remote Solution
"IcoFX 2_is1" = IcoFX 2.1
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)
"Mozilla Thunderbird (3.1.6)" = Mozilla Thunderbird (3.1.6)
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SyncBack_is1" = SyncBack
"TeamViewer 6" = TeamViewer 6
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for SIMS
"FileZilla Client" = FileZilla Client 3.5.0
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/08/2011 2:23:04 AM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 29/08/2011 2:23:35 AM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 1/09/2011 2:12:15 AM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 1/09/2011 2:13:05 AM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 2/09/2011 4:48:46 PM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 2/09/2011 4:49:16 PM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 3/09/2011 4:28:22 PM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 3/09/2011 4:28:53 PM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

Error - 9/09/2011 2:03:02 AM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\mozbackup\dll\DelZip179.dll".Error
in manifest or policy file "c:\program files (x86)\mozbackup\dll\DelZip179.dll"
on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is
invalid.

Error - 9/09/2011 2:03:46 AM | Computer Name = SIMS-HP-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.

[ Hewlett-Packard Events ]
Error - 14/07/2011 9:27:33 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 14/07/2011 9:27:34 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/08/2011 9:08:56 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 11/08/2011 9:08:56 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 13/10/2011 8:37:22 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 13/10/2011 8:37:23 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 27/10/2011 8:00:34 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 27/10/2011 8:00:34 PM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/11/2011 3:10:19 AM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

Error - 2/11/2011 3:10:19 AM | Computer Name = SIMS-HP-PC | Source = Hewlett-Packard | ID = 0
Description = en-NZ Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a(Object
A_0, EventArgs A_1)

[ Media Center Events ]
Error - 28/12/2010 3:15:28 AM | Computer Name = SIMS-PC | Source = MCUpdate | ID = 0
Description = 8:15:28 p.m. - Error connecting to the internet. 8:15:28 p.m. -
Unable to contact server..

Error - 3/01/2011 3:08:16 PM | Computer Name = SIMS-PC | Source = MCUpdate | ID = 0
Description = 8:08:16 a.m. - Error connecting to the internet. 8:08:16 a.m. -
Unable to contact server..

Error - 3/01/2011 3:08:49 PM | Computer Name = SIMS-PC | Source = MCUpdate | ID = 0
Description = 8:08:45 a.m. - Error connecting to the internet. 8:08:45 a.m. -
Unable to contact server..

Error - 18/05/2011 7:21:15 PM | Computer Name = SIMS-PC | Source = MCUpdate | ID = 0
Description = 11:21:15 a.m. - Error connecting to the internet. 11:21:15 a.m. -
Unable to contact server..

Error - 18/05/2011 7:21:48 PM | Computer Name = SIMS-PC | Source = MCUpdate | ID = 0
Description = 11:21:44 a.m. - Error connecting to the internet. 11:21:44 a.m. -
Unable to contact server..

[ System Events ]
Error - 23/03/2012 12:47:18 AM | Computer Name = SIMS-HP-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:15:16 p.m. on ?23/?03/?2012 was
unexpected.

Error - 2/04/2012 3:11:54 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7034
Description = The hpqcxs08 service terminated unexpectedly. It has done this 1
time(s).

Error - 2/04/2012 3:11:54 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7034
Description = The HP CUE DeviceDiscovery Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/04/2012 3:15:38 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/04/2012 3:17:12 AM | Computer Name = SIMS-HP-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 2/04/2012 3:17:57 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 2/04/2012 3:19:07 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 2/04/2012 3:21:15 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%31

Error - 2/04/2012 3:38:32 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Update service failed to start due to the following error:
%%1115

Error - 2/04/2012 3:38:32 AM | Computer Name = SIMS-HP-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%1747


< End of report >



Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 02/04/2012 8:27:04 p.m.

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 02/04/2012 8:10:24 a.m.
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Network tests
JUNK.txt
Server: UnKnown
Address: 192.168.239.10

Name: google.com
Addresses: 74.125.237.130
74.125.237.132
74.125.237.142
74.125.237.129
74.125.237.137
74.125.237.135
74.125.237.128
74.125.237.131
74.125.237.133
74.125.237.134
74.125.237.136

===========================================================================
Interface List
11...40 61 86 66 55 d7 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.3 192.168.1.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.100 276
192.168.1.100 255.255.255.255 On-link 192.168.1.100 276
192.168.1.255 255.255.255.255 On-link 192.168.1.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.100 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:2829:181a:86b0:3190/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2829:181a:86b0:3190/128
On-link
11 276 fe80::2832:9d03:47d2:512a/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

Tracing route to google.com [74.125.237.133]
over a maximum of 30 hops:

1 <1 ms 1 ms <1 ms 192.168.1.3
2 2 ms 1 ms 1 ms 192.168.239.10
3 2 ms 1 ms 2 ms 203.114.136.251
4 2 ms 2 ms 2 ms 203.114.128.253
5 2 ms 2 ms 2 ms 203.114.128.254
6 10 ms 9 ms 9 ms 131.203.253.65
7 10 ms 11 ms 10 ms 121.99.12.13
8 34 ms 34 ms 42 ms 72.14.214.5
9 34 ms 34 ms 35 ms 72.14.214.6
10 35 ms 35 ms 35 ms 66.249.95.234
11 36 ms 36 ms 35 ms 72.14.237.137
12 35 ms 34 ms 36 ms 74.125.237.133

Trace complete.
Unable to resolve target system name d.

Pinging google.com [74.125.237.133] with 32 bytes of data:
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=36ms TTL=53
Reply from 74.125.237.133: bytes=32 time=36ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=36ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=36ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=36ms TTL=53
Reply from 74.125.237.133: bytes=32 time=37ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=36ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53
Reply from 74.125.237.133: bytes=32 time=35ms TTL=53

Ping statistics for 74.125.237.133:
Packets: Sent = 25, Received = 25, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 37ms, Average = 35ms
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I've been doing this for at least 12 years. Mostly OJT but they do have a training program for new helpers on this site. Pretty good course from what I have heard but it does take a lot of work to get through it.

I'm not seeing any signs of an infection but also I don't see a problem with the router either so we will dig a bit deeper.

You missed a couple of commands there at the end and I want to add a new one.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

net  start  >  \junk.txt

netstat  -s  >> \junk.txt

tracert  -d  f1.com  >>  \junk.txt

(That's F ONE . COM)

notepad  \junk.txt

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Do you know what this is:
"IcoFX 2_is1" = IcoFX 2.1 ?

You installed it 2012/03/08 12:20:37


Uninstall
Bing Bar


Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..browser.search.defaultthis.engineName: "Stardoll Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
[2011/11/28 15:12:04 | 000,000,919 | ---- | M] () -- C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O32 - AutoRun File - [2009/06/19 09:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. (This is just removing some deadwood and things which might slow you down a bit.)

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

This next test will show us the health of the network. Sometimes a network will get clogged during certain hours of the day when most people are on it. Usually this is in the evening when most people are home from work but it can vary. Run it once in the morning or late at night and then once in the evening. Is there a difference in speed?

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v

Let's check the MBR to make sure it hasn't been compromised:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.
Close MBRCheck.


Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#5
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
That took a while. Have completed scans, logs as below. Eset found something in the H: drive - Portable hard drive containing backups.

Uninstalled Bing

"Do you know what this is:" Yes, my farm weighing scales (Iconix FX 21 and 41), when we moved to new PC dragged this accross, don't use it on this PC, connects with old PC.
"IcoFX 2_is1" = IcoFX 2.1 ?
You installed it 2012/03/08 12:20:37

Speedtest - Our network has recently been moved to Inspire and I see they are capping the speed to under 10mb/s. Before inspire took over we use to run at up to 90mb & av. around 70mb. Test would reguarly go off the end of the clock! The speed now will remain steady at what it is.

Posted Image

Cheers ABEC

Log Files:

These Windows services are started:

Adobe Acrobat Update Service
AMD External Events Utility
Application Experience
Application Information
AVG WatchDog
AVGIDSAgent
Background Intelligent Transfer Service
Base Filtering Engine
BBUpdate
Bing Bar Update Service
CNG Key Isolation
COM+ Event System
Computer Browser
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
DHCP Client
Diagnostic Policy Service
Diagnostic Service Host
Diagnostic System Host
Distributed Link Tracking Client
DNS Client
Extensible Authentication Protocol
Function Discovery Provider Host
Function Discovery Resource Publication
Group Policy Client
HomeGroup Listener
HomeGroup Provider
HP CUE DeviceDiscovery Service
HP Health Check Service
HP Network Devices Support
hpqcxs08
Human Interface Device Access
IP Helper
LightScribeService Direct Disc Labeling Service
Multimedia Class Scheduler
Net Driver HPZ12
Network Connections
Network List Service
Network Location Awareness
Network Store Interface Service
Peer Name Resolution Protocol
Peer Networking Grouping
Peer Networking Identity Manager
Plug and Play
Pml Driver HPZ12
Portable Device Enumerator Service
Power
Print Spooler
Program Compatibility Assistant Service
Remote Access Connection Manager
Remote Procedure Call (RPC)
RPC Endpoint Mapper
Secondary Logon
Secure Socket Tunneling Protocol Service
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery
Superfetch
System Event Notification Service
Task Scheduler
TCP/IP NetBIOS Helper
TeamViewer 6
Telephony
Themes
UPnP Device Host
User Profile Service
Windows Audio
Windows Audio Endpoint Builder
Windows Backup
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Management Instrumentation
Windows Media Player Network Sharing Service
Windows Search
Windows Update
WinHTTP Web Proxy Auto-Discovery Service
WLAN AutoConfig
Workstation

The command completed successfully.


IPv4 Statistics

Packets Received = 2060
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 14
Received Packets Delivered = 3071
Output Requests = 2561
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

IPv6 Statistics

Packets Received = 3
Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 1221
Output Requests = 1272
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 2
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 0 2
Errors 0 0
Destination Unreachable 0 2
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 0 0
Echos 0 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0

ICMPv6 Statistics

Received Sent
Messages 3 7
Errors 0 0
Destination Unreachable 0 0
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 6
Router Advertisements 3 0
Neighbor Solicitations 0 1
Neighbor Advertisements 0 0
Redirects 0 0
Router Renumberings 0 0

TCP Statistics for IPv4

Active Opens = 171
Passive Opens = 37
Failed Connection Attempts = 0
Reset Connections = 17
Current Connections = 8
Segments Received = 2151
Segments Sent = 2215
Segments Retransmitted = 20

TCP Statistics for IPv6

Active Opens = 2
Passive Opens = 2
Failed Connection Attempts = 0
Reset Connections = 2
Current Connections = 0
Segments Received = 36
Segments Sent = 36
Segments Retransmitted = 0

UDP Statistics for IPv4

Datagrams Received = 782
No Ports = 12
Receive Errors = 0
Datagrams Sent = 429

UDP Statistics for IPv6

Datagrams Received = 801
No Ports = 0
Receive Errors = 0
Datagrams Sent = 1203

Tracing route to f1.com [195.69.153.8]
over a maximum of 30 hops:

1 <1 ms 1 ms <1 ms 192.168.1.3
2 2 ms 1 ms 1 ms 192.168.239.10
3 2 ms 1 ms 1 ms 203.114.136.251
4 2 ms 2 ms 2 ms 203.114.128.253
5 2 ms 2 ms 2 ms 203.114.128.254
6 10 ms 9 ms 10 ms 131.203.253.65
7 10 ms 9 ms 10 ms 114.31.203.9
8 135 ms 135 ms 135 ms 114.31.202.43
9 11 ms 10 ms 10 ms 114.31.202.88
10 134 ms 134 ms 134 ms 114.31.202.45
11 140 ms 146 ms 149 ms 64.71.184.45
12 140 ms 139 ms 147 ms 72.52.92.118
13 200 ms 200 ms 200 ms 184.105.213.198
14 300 ms 300 ms 300 ms 72.52.92.242
15 308 ms 308 ms 308 ms 195.66.224.81
16 308 ms 309 ms 308 ms 195.69.153.8

Trace complete.


========== OTL ==========
Prefs.js: "Stardoll Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\SIMS\Downloads\cmd.bat deleted successfully.
C:\Users\SIMS\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\SIMS\Downloads\cmd.bat deleted successfully.
C:\Users\SIMS\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\SIMS\Downloads\cmd.bat deleted successfully.
C:\Users\SIMS\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\SIMS\Downloads\cmd.bat deleted successfully.
C:\Users\SIMS\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: SIMS
->Flash cache emptied: 1130947 bytes

Total Flash Files Cleaned = 1.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: SIMS
->Java cache emptied: 1 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04032012_073923

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...



Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 96.65 0 K 24 K
System 4 0.18 348 K 1,900 K
Interrupts n/a 0.55 0 K 0 K Hardware Interrupts and DPCs
smss.exe 324 532 K 1,280 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
avgrsa.exe 428 < 0.01 30,240 K 708 K AVG Resident Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
avgcsrva.exe 460 19,136 K 380 K AVG Scanning Core Module - Server Part AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
csrss.exe 748 2,388 K 4,564 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 832 1,668 K 4,672 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
services.exe 896 < 0.01 6,728 K 10,144 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 400 0.11 4,828 K 9,584 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 4540 3,104 K 6,636 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 712 < 0.01 4,548 K 8,720 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
atiesrxx.exe 1040 1,740 K 4,460 K AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
atieclxx.exe 1440 2,344 K 5,848 K AMD External Events Client Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 1088 19,612 K 22,484 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
audiodg.exe 1244 17,316 K 17,780 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1132 0.88 93,220 K 102,620 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1732 0.19 41,244 K 45,220 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1616 2,284 K 6,236 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1176 < 0.01 24,780 K 40,208 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2452 2,396 K 6,168 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
ModLEDKey.exe 2508 948 K 920 K Monitor LED Key (Unable to verify)
taskeng.exe 3484 2,404 K 6,056 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
CLMLSvc.exe 3520 0.01 30,728 K 6,220 K CyberLink MediaLibray Service CyberLink (Verified) CyberLink
wuauclt.exe 4692 2,196 K 6,512 K Windows Update Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1284 < 0.01 9,032 K 16,048 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1408 < 0.01 16,416 K 16,488 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe 1684 3,544 K 7,748 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1856 < 0.01 8,220 K 14,524 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1892 13,172 K 16,732 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
armsvc.exe 1972 1,220 K 3,988 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
avgwdsvc.exe 2008 < 0.01 7,872 K 15,104 K AVG Watchdog Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
avgnsa.exe 2800 6,476 K 3,208 K AVG Online Shield Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
avgemca.exe 2816 2,824 K 6,572 K AVG E-mail Scanner AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
LSSrvc.exe 1236 1,328 K 4,344 K LightScribe Service Hewlett-Packard Company (Unable to verify) Hewlett-Packard Company
svchost.exe 2044 3,208 K 8,112 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1492 1,348 K 3,696 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1948 1,480 K 3,820 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TeamViewer_Service.exe 2180 3,780 K 10,164 K TeamViewer Remote Control Application TeamViewer GmbH (Verified) TeamViewer GmbH
AVGIDSAgent.exe 2272 0.03 20,356 K 18,576 K AVG Identity Protection Service AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
svchost.exe 2964 0.01 4,264 K 8,084 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 3728 < 0.01 29,052 K 21,092 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3324 0.01 7,628 K 16,368 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1824 2,308 K 6,224 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 4164 12,732 K 5,344 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4260 < 0.01 11,652 K 14,592 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
HPHC_Service.exe 1712 23,344 K 14,984 K HP Health Check Service Hewlett-Packard (Unable to verify) Hewlett-Packard
svchost.exe 2524 1,720 K 4,832 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 936 5,160 K 12,040 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 944 2,700 K 4,356 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 860 0.08 2,784 K 7,616 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 928 3,200 K 7,404 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 1816 0.01 39,892 K 66,864 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
SmartMenu.exe 3940 < 0.01 7,384 K 15,864 K SmartMenu (Unable to verify)
sidebar.exe 3956 0.47 19,640 K 38,344 K Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
hpqtra08.exe 4004 5,140 K 12,240 K HP Digital Imaging Monitor Hewlett-Packard Co. (Unable to verify) Hewlett-Packard Co.
procexp.exe 3064 2,440 K 6,152 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
procexp64.exe 2500 0.70 25,384 K 42,452 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
hpsysdrv.exe 4024 964 K 3,508 K hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
BATINDICATOR.exe 4060 < 0.01 3,220 K 9,064 K HP BATTERY INDICATOR Hewlett-Packard (Unable to verify) Hewlett-Packard
HP_Remote_Solution.exe 3132 0.07 3,156 K 6,812 K HP Remote Solution Hewlett-Packard (Unable to verify) Hewlett-Packard
hpwuschd2.exe 3404 1,032 K 3,624 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
avgtray.exe 2856 0.01 6,432 K 7,292 K AVG Tray Monitor AVG Technologies CZ, s.r.o. (Verified) AVG Technologies
jusched.exe 1724 1,204 K 4,340 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems, Inc.
CNYHKEY.exe 3580 < 0.01 3,552 K 9,768 K HP LED INDICATOR Hewlett-Packard (Unable to verify) Hewlett-Packard
MOM.exe 4132 < 0.01 41,284 K 6,784 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc. (Unable to verify) Advanced Micro Devices Inc.
CCC.exe 892 0.01 57,024 K 18,120 K Catalyst Control Centre: Host application ATI Technologies Inc. (Unable to verify) ATI Technologies Inc.




MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: VT573AA-ABG s5380a
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 153):
0x02A4E000 \SystemRoot\system32\ntoskrnl.exe
0x02A05000 \SystemRoot\system32\hal.dll
0x00BC6000 \SystemRoot\system32\kdcom.dll
0x00CCC000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D10000 \SystemRoot\system32\PSHED.dll
0x00D24000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EB1000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F55000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F64000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FBB000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D82000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E6A000 \SystemRoot\System32\drivers\mountmgr.sys
0x010DC000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x012E4000 \SystemRoot\system32\drivers\amdxata.sys
0x012EF000 \SystemRoot\system32\drivers\fltmgr.sys
0x0133B000 \SystemRoot\system32\drivers\fileinfo.sys
0x01453000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0134F000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E8000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x016D5000 \SystemRoot\System32\Drivers\spldr.sys
0x013AD000 \SystemRoot\System32\drivers\rdyboost.sys
0x017DA000 \SystemRoot\System32\Drivers\mup.sys
0x017EC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01A94000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01ACE000 \SystemRoot\system32\DRIVERS\disk.sys
0x01AE4000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01B14000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01B20000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x04293000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x042BD000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x042CD000 \SystemRoot\System32\Drivers\Null.SYS
0x042D6000 \SystemRoot\System32\Drivers\Beep.SYS
0x042DD000 \SystemRoot\System32\drivers\vga.sys
0x042EB000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x04310000 \SystemRoot\System32\drivers\watchdog.sys
0x04320000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x04329000 \SystemRoot\system32\drivers\rdpencdd.sys
0x04332000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0433B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04346000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04357000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04375000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x04382000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x04000000 \SystemRoot\System32\DRIVERS\netbt.sys
0x01B38000 \SystemRoot\system32\drivers\afd.sys
0x04045000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x04050000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01BC1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04059000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x043E2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x01A00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x01A1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x01A2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x043F1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01A80000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01BE7000 \SystemRoot\System32\drivers\discache.sys
0x01435000 \SystemRoot\System32\Drivers\dfsc.sys
0x013E7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02E43000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x02E8C000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02EB2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04A0C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0504D000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05141000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05187000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x051AB000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x051BC000 \SystemRoot\system32\drivers\usbehci.sys
0x02EC8000 \SystemRoot\system32\drivers\USBPORT.SYS
0x02F1E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x02F5D000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x051CD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x051DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02F9B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x051F3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x02FBF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02E1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x010BF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x02FEE000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x00E84000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04A00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04635000 \SystemRoot\system32\DRIVERS\ks.sys
0x04678000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0468A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x046E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x046F9000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x0471A000 \SystemRoot\system32\drivers\portcls.sys
0x04757000 \SystemRoot\system32\drivers\drmk.sys
0x04779000 \SystemRoot\system32\drivers\ksthunk.sys
0x05A0A000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x0477F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05BF2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05BF4000 \SystemRoot\system32\DRIVERS\wdcsam64.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x0479A000 \SystemRoot\System32\drivers\Dxapi.sys
0x047A6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x047B4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x047D1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x047DF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05A00000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x02642000 \SystemRoot\system32\DRIVERS\lvuvc64.sys
0x02C56000 \SystemRoot\system32\drivers\usbaudio.sys
0x02C71000 \SystemRoot\system32\DRIVERS\lvrs64.sys
0x02CC0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x02CCE000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02CDB000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x0406F000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x02CE9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00680000 \SystemRoot\System32\cdd.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x02CFC000 \SystemRoot\system32\drivers\luafv.sys
0x02D1F000 \SystemRoot\system32\drivers\WudfPf.sys
0x02D40000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02D55000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02DA8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02DBB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06E8F000 \SystemRoot\system32\drivers\HTTP.sys
0x06F57000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06F75000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06F8D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06E00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06E4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06E71000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0x07291000 \SystemRoot\system32\drivers\peauth.sys
0x07337000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07342000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0736F000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07381000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x07200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07674000 \SystemRoot\System32\DRIVERS\srv.sys
0x07709000 \SystemRoot\system32\DRIVERS\udfs.sys
0x0775D000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07600000 \??\C:\Windows\system32\Drivers\PROCEXP152.SYS
0x77010000 \Windows\System32\ntdll.dll
0x477B0000 \Windows\System32\smss.exe
0xFF330000 \Windows\System32\apisetschema.dll

Processes (total 72):
0 System Idle Process
4 System
324 C:\Windows\System32\smss.exe
428 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
460 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
748 csrss.exe
832 C:\Windows\System32\wininit.exe
860 csrss.exe
896 C:\Windows\System32\services.exe
928 C:\Windows\System32\winlogon.exe
936 C:\Windows\System32\lsass.exe
944 C:\Windows\System32\lsm.exe
400 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\atiesrxx.exe
1088 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1176 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1408 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\atieclxx.exe
1684 C:\Windows\System32\taskhost.exe
1732 C:\Windows\System32\dwm.exe
1816 C:\Windows\explorer.exe
1856 C:\Windows\System32\spoolsv.exe
1892 C:\Windows\System32\svchost.exe
1972 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2008 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
2044 C:\Windows\SysWOW64\svchost.exe
1236 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1492 C:\Windows\System32\svchost.exe
1948 C:\Windows\System32\svchost.exe
2180 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2272 C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
2452 C:\Windows\System32\taskeng.exe
2508 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
2800 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
2816 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
2964 C:\Windows\System32\svchost.exe
1616 WUDFHost.exe
3484 C:\Windows\System32\taskeng.exe
3520 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3728 C:\Windows\System32\SearchIndexer.exe
3940 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3956 C:\Program Files\Windows Sidebar\sidebar.exe
4004 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
4024 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
4060 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
3132 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
3324 C:\Windows\System32\svchost.exe
3404 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
2856 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
1824 C:\Windows\System32\svchost.exe
1724 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3580 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
4164 C:\Program Files\Windows Media Player\wmpnetwk.exe
4260 C:\Windows\System32\svchost.exe
4132 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
892 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1712 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
4692 C:\Windows\System32\wuauclt.exe
2524 C:\Windows\System32\svchost.exe
3704 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2980 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2056 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
4148 C:\Windows\System32\SearchProtocolHost.exe
2208 C:\Windows\System32\SearchFilterHost.exe
4268 C:\Windows\System32\audiodg.exe
4592 dllhost.exe
3208 dllhost.exe
3300 C:\Users\SIMS\Desktop\MBRCheck.exe
3080 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000071`b3300000 (NTFS)
\\.\H: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST3500418AS, Rev: HP34
PhysicalDrive1 Model Number: WDMy Passport 070B, Rev: 1030

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: F12DBD5E65E6AE78A9B51405FF64687140CE46E2
297 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:




ESETScan log:

H:\SIMS-HP-PC\Backup Set 2012-03-14 190001\Backup Files 2012-03-21 190001\Backup files 2.zip HTML/ScrInject.B.Gen virus deleted - quarantined
H:\SIMS-HP-PC\Backup Set 2012-03-14 190001\Backup Files 2012-03-21 190001\Backup files 3.zip HTML/Iframe.B.Gen virus deleted - quarantined



[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK




QuickScan 32-bit v0.9.9.113
---------------------------
Scan date: Tue Apr 03 11:53:39 2012
Machine ID: 36379BCF



No infection found.
-------------------



Processes
---------
hpwuSchd Application 3404 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
AVG Internet Security 2856 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
CyberLink MediaLibray Service 3520 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
Firefox 724 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 4912 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
HP BATTERY INDICATOR 4060 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
HP Digital Imaging 4004 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
HP LED INDICATOR 3580 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
HP Remote Solution 3132 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HP Smart Web Printing 2208 C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
hpsysdrv Application 4024 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
Java™ Platform SE Auto Updater 2 0 1724 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


Network activity
----------------
Process firefox.exe (724) connected on port 80 (HTTP) --> 66.235.143.121
Process firefox.exe (724) connected on port 80 (HTTP) --> 66.235.143.121



Autoruns and critical files
---------------------------
hpwuSchd Application C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
HP BATTERY INDICATOR C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
HP Digital Imaging C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
HP Remote Solution C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
HpqSRmon Application C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Launch a application. C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
Microsoft Office XP C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
Windows Live® Photo Gallery C:\Windows\WLXPGSS.SCR
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
AVG Internet Security c:\program files (x86)\avg\avg2012\avgssie.dll
AVG Internet Security C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins\avgnpss.dll
AVG Internet Security C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins\avgxpl.dll
Bitdefender QuickScan C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
Java Deployment Toolkit 6.0.290.11 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U29 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
NPSWF32_11_2_202_228.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
Roblox Launcher Plugin C:\Users\SIMS\AppData\Local\Roblox\Versions\version-fa4cea1530284e83\\NPRobloxProxy.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
Unity Player C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verified) Microsoft® Windows Live Login Helper c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 870d7347421215722a5cbbb463db8377 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll
MD5: 09c8e6fa85896d6eecc095b92f799d84 C:\Program Files (x86)\AVG\AVG2012\avgdecider.dll
MD5: 283328b17265f6424d2c6686dba4ade1 C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll
MD5: 9f6d24345734fb2413c1a7dbc4bb9913 C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll
MD5: 6d440ff3f44ca72edfd6176c6d6a89c0 C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
MD5: 3e94ff7d1a2d973f7527fc6b6b70f5e7 C:\Program Files (x86)\AVG\AVG2012\avglngx.dll
MD5: 343e039c305c967478a37270209216e9 C:\Program Files (x86)\AVG\AVG2012\avglogx.dll
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll
MD5: d17a93d6a4facede137c32650fe5a902 C:\Program Files (x86)\AVG\AVG2012\avgsrmx.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files (x86)\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
MD5: 922ff22e37b61dab5e4352c3c527baf4 C:\Program Files (x86)\AVG\AVG2012\avguires.dll
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 0ee66bdf485c6828aa65c0ef5d591133 c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: 00b239202f7756695c8ccdf8bafa7d3d C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
MD5: 4298db2f9fe4fe4c96ac4528542680f8 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe
MD5: edcb55cf7135ccf9818eec413fb39410 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
MD5: 47c6523df36b5942d072f5d724a03eb8 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\HPCPQUSB.DLL
MD5: d2eeb58b35c841edae333619e0ad5b02 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe
MD5: 109e7147eb3c94dd463795149619b633 C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL
MD5: 47dce3a2fe0b34dd9f01eb4037303a3e C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
MD5: c3fb3c42db9501d330da4e84fb4de931 c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MD5: 66275e52615af9d2f18eb3442d00cfe3 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
MD5: 5dd2d09a0804cf1a9443f5a3d6fe01b0 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
MD5: d9225db92d870038f1cb95b26408bbc7 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
MD5: 384eaa703f243b6d51798ba921b799ea C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
MD5: af7038413c6506180fae58b0194a2f23 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqCPTA.dll
MD5: 1dae5c46d42b02a6d5862e1482efb390 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 4909501f53da2eb6603848944c45f524 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqddcmn.dll
MD5: 99e8eef42fe2f4af29b08c3355dd7685 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: 2c9a49f4a54fd09df13f1847ea2aedad C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
MD5: 72860972f8196ebb3c896f53d2b95470 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MD5: 00e86a80ca56510d2c9f09e8c6cc25c6 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRTA.dll
MD5: c23c087cebabb8b5cd6eb8dba08eb7f7 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
MD5: b54921381a950c8215fb363b485c432b C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
MD5: 0caf25acc9c2e8c5a5682ebdcfd01708 C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.rsc
MD5: 4e2bfc88c6e482ea9483e6fbac3eb52e C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
MD5: e5e697ab8431ee8144030f81f66d9853 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqxml2.dll
MD5: 7f57926169c1b8aba9274ea7d4b70f18 C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
MD5: 67a7e5daca78544c826b16cd8c816a5c c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
MD5: 53c62fb3b0bad66ec2026977d707a2a4 C:\Program Files (x86)\hp\Digital Imaging\smart web printing\hpswp_clipbook.exe
MD5: c05a0b625dfe1f6d25e5430746a180d1 c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
MD5: dc365b6e595683f67bc21a203432e336 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 5bc65464354a9fd3beaa28e18839734a C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 c:\program files (x86)\microsoft office\office14\urlredir.dll
MD5: ed327201724ea05d509b7939abe49e98 c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
MD5: 6204c26dcb34b2eed90d5596940d143b C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 637f2bdc0e53704d121ddd27a1f62090 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 792ad4e12d88fa5c00aef1cd47c799f4 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 34de10b73cd7fc49883194e7d3be22de C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: f999636c41c916d0155d56a85249cc64 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: 48e8dea531335d2b19a3a8447f8b004b C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: cfa3c950b2b8ee3c5034d65f2bc41197 C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: f4244f5e60a86b5c4bdea7df2a78fc7e C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: 42715cffa91f27e92f7a3ff4f9ebfe66 C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: c416c299590deeee0be11b888f883f6a C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: bbb6d09959d7530254a532a3de0b722a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 74108b60faf9d33975fec563f151dd4c C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 4b1e9f38378763c9947410fc72a8d2d3 C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 81b31aff59c953ab6470db8d1085dbee C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 1aa987a15080e19e83f0872f8fc0ffc2 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
MD5: 47aff25b68ce4885fec6cfdef8febb5c C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: d54b335c7a41bbe015a9360b038b78bc C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 7560db4cc2ad90a24bb2f823100cc0b2 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 5d8f040c8083a361d3496b06a51d3560 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: c896d6b31e08d50080495b5de76fc0b5 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: b2187594f83a69cc04e74bf878d8b5a3 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 6128e98eaaed364ed1a32708d2fd22cb C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: 8a9828975a857e477efef5a61ba45ac0 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
MD5: 602d22b8b2b090ead3eaea38180c23d6 C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
MD5: c403c5db49a0f9aaf4f2128edc0106d8 C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
MD5: 3b01606945e2e46d8b124e7d62ec39b1 C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins\avgnpss.dll
MD5: e21102c4d15bcc0e2a57ed1c71f9a3d3 C:\Users\SIMS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins\avgxpl.dll
MD5: 4d83d7fcafcf0b655b35fa97569c3e66 C:\Users\SIMS\AppData\Local\Roblox\Versions\version-fa4cea1530284e83\\NPRobloxProxy.dll
MD5: 3d3af7420b5b01f591163bb3cea89877 C:\Users\SIMS\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: a0d7918dce8f67db2ad5e41f321f68f8 C:\Users\SIMS\AppData\Roaming\Mozilla\Firefox\Profiles\micnkl41.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 47c071994c3f649f23d9cd075ac9304a C:\Windows\ehome\ehRecvr.exe
MD5: 0862495e0c825893db75ef44faea8e93 C:\Windows\Explorer.exe
MD5: 855b79451ecf62602f20eb4d5c71f99b C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 5f3bdb02d64443efca7dd9248619c962 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 225e83f591113adec764afba0ab12593 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: cb44e805bb7c0c9bc3b8a66a59bb300a C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: 0a58da99321d95944e796541a716cbf5 C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: ea93d50a341350321c96208f651408d0 C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 61490bbf4d7c399bd42af6b63960fb92 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 267aff1ea665dbe422276601989efff3 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 792fc8e77dc71a5f095c32d3a5c78ea1 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: 84cb9832f03a6aa1929636f5d9e7e298 C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3927fdfe073338428a24160e427e87a3 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 56b798396b5ad9fb064528b638a6008f C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 77895ba5c5cdcfef66419a03b6a4cdad C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 88955bce0a301ca342562be24415d9cc C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 308823c5a58a4022fedd8f4db3f99a25 C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 75959d7e5ef8fd7e7e17f40f63f3cc66 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 2ff5b43393e8f2c46135ac33e842b076 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: a5750894aefe1d57cf8c460ea4065748 C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: b3758364d42bbdba18383f010fb7cfcd C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 20f76c488929b6288733888bffe62f65 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: 11e5a68a159bf13bcf0538bec894e0ce C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 5cccf830959345f0b8bcc2a0dfac11b5 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: daef44b6ff4aec4533bab3761310d4a5 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 62ad339f7420b022509edac1d9fd7ba1 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: c13d2932297d3597fea7b6902efc117d C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: cdc1f7b46fc7b0b8c88df0cfbda2eb2c C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: 69ac43aae61eec7625726b377ccaaa13 C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: 5710b9bd7a3e4f716402b8119004eb48 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: a2903ece1d115fea38bb07e01c122b5e C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 7fb5696ebcb8131ad2e2defe5f19c4b5 C:\Windows\System32\davclnt.dll
MD5: 62390f4ace9e2b63e3ca26b7f7497897 C:\Windows\system32\DNSAPI.dll
MD5: c8d0195d1a684eee2eec3bcd4a2c8f60 C:\Windows\system32\dwrite.dll
MD5: 2af58d15edc06ec6fdacce1f19482bbf C:\Windows\system32\Explorer.exe
MD5: 8898c95862d03d16b2a06db4db6bb6b2 C:\Windows\system32\explorerframe.dll
MD5: bd669749eaeff96773b5f8d0a43e0068 C:\Windows\System32\msxml3.dll
MD5: 9141fe8d904ce682a3bdcfae96bb04ef C:\Windows\system32\ntshrui.dll
MD5: 71402c7923f6b7f8acb48e50f35463e7 C:\Windows\system32\SearchIndexer.exe
MD5: b4c246937bdb3e50b24698ee811074bf C:\Windows\system32\Secur32.dll
MD5: 25819a6361f10c30905b5d0fdb8dca42 C:\Windows\system32\t2embed.dll
MD5: 6d9b75275c3e3a5f51aef81affadb2b6 C:\Windows\System32\wcncsvc.dll
MD5: bb5ec38f8d4600119b4720bc5d4211f1 C:\Windows\System32\webclnt.dll
MD5: cc9bbcfc715fbedf7ae476106fe653e9 C:\Windows\System32\winhttp.dll
MD5: 0c2ae180d8c35f723ba13a16aa9ac453 C:\Windows\system32\XmlLite.dll
MD5: e702ed19c332c1f12c1403d100e2f4f3 C:\Windows\syswow64\CFGMGR32.dll
MD5: 6c9c05d5344b9ab80e9180fc859bc45a C:\Windows\syswow64\DEVOBJ.dll
MD5: 490fc0d07f7c0468e232ab8e8e956719 c:\windows\syswow64\ieframe.dll
MD5: cdf5b6aec538e02d5579e2e791042a1a C:\Windows\syswow64\iertutil.dll
MD5: 3a1c55c0c951f0fdc413d69f7adf2278 C:\Windows\SysWOW64\jscript.dll
MD5: 4ea99f1644627b1ebad99d0b93cdee1c C:\Windows\syswow64\kernel32.dll
MD5: 2bf12696f4ac8afcfc06ead6f8d2db4c C:\Windows\syswow64\KERNELBASE.dll
MD5: 0d4c486a24a711a45fd83acdf4d18506 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 045084e4f10d31e71057fe741d87fdb0 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MD5: 6df3ea6fb1d0521127377f454081abea C:\Windows\SysWOW64\msscript.ocx
MD5: f8a61b2e713309b4616d107919bdab6e C:\Windows\syswow64\msvcrt.dll
MD5: db6dd54a93522ca3572d04b56c5db890 C:\Windows\SysWOW64\ntdll.dll
MD5: e2c2d8c982316c8abf800c6ce3f28fab C:\Windows\syswow64\ole32.dll
MD5: 705c210efc5564be49eb026bd7aff27a C:\Windows\syswow64\OLEAUT32.dll
MD5: 11535b22cfcc1f4d16c8d11289682ba3 C:\Windows\syswow64\SHELL32.dll
MD5: 44a6fbe9877ca69bd8b3b16c0a20fe1e C:\Windows\syswow64\SspiCli.dll
MD5: 79f14b5df9e17e12193337ed4ee1c491 C:\Windows\syswow64\urlmon.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 1d94fa7c81d2ffe494af094619ba706f C:\Windows\syswow64\WININET.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: d3ead1cf16ba729a7f7c9a5d94aa7c05 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_ebfb56996c72aefc\COMCTL32.DLL
MD5: 4b8dd8541c0e26602005dd0137333615 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\COMCTL32.dll
MD5: a551e42377585c3ba8604f821d918936 C:\Windows\WLXPGSS.SCR


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.62 KB recvd
Scanned 311 files and modules - 28 seconds

==============================================================================
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
When you ran aswMBR it created a file "C:\Users\SIMS\Desktop\MBR.dat" could you rename it to MBR.txt and attach it to your next post?

Otherwise I don't see anything at all in your logs. Is there a separate router at your location? Can you bypass it and connect directly to the Fiber Optic modem? Do you still have a problem? Sometimes we have to reset the router. There is usually a Reset button on the back. You hold it in for 10-30 seconds and it resets the router back to factory. If you have a wireless connection you will need to reset the encryption on it after a reset and you should immediately change the default password to something else.
  • 0

#7
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Not sure where the router is based, will have to talk to the person who set up the network. One of the neighbours has a all the hardware where it joins the FO line, I imagine it might be amongst that?
Will our personal routers have issues as well? We have a hardwired/wireless router, (don't use the wireless at present) will this have issues?

Cheers ABEC

Does this below make any sense?

MBR.txt (.dat renamed)

lets try again

Edited by ABEC329, 03 April 2012 - 12:20 AM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I need for you to attach the MBR file not copy and paste it. As you can see it is not an ASCII file. Click on the Browse button at the bottom of the reply and point it at the file then hit Attach This File.

I would start with your own router and see if resetting it helps. You should give the wireless WPA2 encryption or turn it off. Otherwise someone can just drive by and hack it. The big router should be looked at by who ever supports the thing. It seems unlikely that it could have been compromised but it's possible. If it were my router I would look for new static routes. Also if it is using a routing protocol on the links to the clients there is a possibility that an infected client could poison the routing table by advertising a bogus route with a low metric. (I have no idea why anyone would use a routing protocol on client links like yours but it might be on by default.) You don't want it reset to factory. Nothing will work then. (I used to work on the big Cisco routers back before I retired.)
  • 0

#9
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
OK that makes more sense!Attached File  MBR.txt   512bytes   23 downloads
  • 0

#10
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Our tech man who set up the system has replied with this, does it make sense to you??
Cheers ABEC

----------------------------------------------------------------------------
You will need to share this with all the users on the network.
(and possibly do it all at the same time, so that an existing infection
will not re-infect everyone.)

Download this.:- http://technet.micro...ernals/bb896653
(it is basically a fancy process controller for Microsoft, and you can see ALL process's
as well as the hidden ones.)

Kill the DLG.exe process you can see.

Open Windows explorer, hit folders, select C:drive, hit "search"
Look for "DLG" (only type D-L-G)

hit search

C:\Program Files\Digital Line Detect\ contains DLG.exe and DLG.ini

delete them with extreme prejudice.

also delete C:\Windows\Prefetch\DLG.EXE-26114BC1.pf
(your numbers may vary).

delete all the DLG.ini files.

delete Firefox.
download a new version of Firefox (3.6.can't remember)
(but don't install it yet.)

open windows explorer -
download and (or if you already have it) update SpyBot - Search and destroy.

It will find something called "iZip.toolbar"

Immunize and delete.

Reboot your machine
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
The mbr.txt file is clean. I submitted it to virustotal.com and got 0/41 on it so no anti-virus company thinks it's bad even tho MBRCheck didn't recognize it. Also looked at it in hex editor and it seems normal.

Don't see any dlg.exe on your system so I think he's barking up the wrong tree. (It's actually a valid program so it's probably not the cause.) Your system is pretty clean per my logs and ESET and BitDefender. The download he asked you to run is Process Explorer which we ran several posts ago. Firefox is now at 11.0 or maybe 12.0. If you think it's an add-on to Firefox (tho it looks clean) you can just run it in its safe mode:
http://support.mozil...US/kb/Safe Mode

Ask him if he is accepting routing protocol advertisements from the clients.
  • 0

#12
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Hopefully you are still watching this. If you don't think we've got any malware, is there an explanation for the issue we have got? We still have the same problem!

Is it possible for a single member of our network to have the problem/malware which effects everyone on the system?

One of our members does not use a router at home and still has the same problem which tells me the problem is not household router related??

What to do next?? Any suggestions greatly appreciated.

Cheers ABEC
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I'm still here.

Can't say anything about your neighbor with no router. Haven't looked at his system.

I can see an infected PC sending out routing protocol advertisements and corrupting the main router. That's why I asked if the main router was accepting routing advertisements from clients. There is really no reason for RIP (a routing protocol) or any other routing protocol to be used on the links to clients but it is possible that it was turned on by default or by mistake.

My feeling is that it is not in the PC.

Did you try my suggestion of bypassing your home router?

Did you ever use one of the DNS checking programs on the http://www.techsuppo...-dns-server.htm ?

If not do so now and make sure you choose one which is not your own router or part of your big router's network even if it is not the fastest. Just make sure it is in New Zealand and preferably on the same island.

See if that makes a difference.



Another test:

Close all programs and have a browser with a single tab open. Go to Google.com
Wait 2 minutes.
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

netstat  -s  >  \junk.txt
netstat  -an  >>  \junk.txt

now switch over to a browser and do a search (preferably for something that usually fails). Before clicking on the link go back to the Command Prompt and hit the up arrow and then Enter. This will bring up the last command line and run it or you can just retype it.

netstat  -an  >>  \junk.txt



go back to the browser and click on one of the links to finish your search.
go back to the Command Prompt and hit the up arrow and then Enter. (This will bring up the last command line (netstat -an etc)and run it or you can just retype it.)

netstat  -an  >>  \junk.txt

netstat  -s  >>  \junk.txt

(note the double > this time)

notepad  \junk.txt

Copy and paste the text from notepad. Also tell me what you searched for, what URL did it show you after the search and finally what URL did you get to when you clicked on a link.
  • 0

#14
ABEC329

ABEC329

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Ron,
Have done the latest test pasted below.

Search was not done as can't use google.com, but had google.com in address bar, then refreshed came up with 'The conection was reset'

Have checked other effected sites we seem to no longer get redirected to the 'Youdao' site(Chinesse writing site) but get a 'reset'

As to the other info - I have bypassed and reset our home router no changes.
- the DNS stuff, I looked at it, was getting late into the night decided to give it a miss. Read all the info about what a DNS is and what to do, not to sure as to what I would be doing?!! Our FO system (via Inspire) and and my ISP are different companies, will this have any effect? Can I change the DNS anyway?
- I haven't asked about 'accepting routing advertisements from clients'. Did not want to annoy the tech man with tricky questions I don't really understand? I will forward these questions in your last reply to him.

Hope this is useful, if you need me to redo the test below I could use a different search engine and do searches from that? I have to go chase some sheep now, will catch up later.

Cheers ABEC
-----------------------------------------------

IPv4 Statistics

Packets Received = 1786
Received Header Errors = 0
Received Address Errors = 3
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 26
Received Packets Delivered = 4164
Output Requests = 3172
Routing Discards = 0
Discarded Output Packets = 4
Output Packet No Route = 11
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

IPv6 Statistics

Packets Received = 21
Received Header Errors = 0
Received Address Errors = 12
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 3177
Output Requests = 3323
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 13
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 2 2
Errors 0 0
Destination Unreachable 1 2
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 0 0
Echos 1 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0

ICMPv6 Statistics

Received Sent
Messages 9 27
Errors 0 0
Destination Unreachable 0 0
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 24
Router Advertisements 9 0
Neighbor Solicitations 0 3
Neighbor Advertisements 0 0
Redirects 0 0
Router Renumberings 0 0

TCP Statistics for IPv4

Active Opens = 114
Passive Opens = 42
Failed Connection Attempts = 6
Reset Connections = 28
Current Connections = 4
Segments Received = 2312
Segments Sent = 2318
Segments Retransmitted = 21

TCP Statistics for IPv6

Active Opens = 9
Passive Opens = 9
Failed Connection Attempts = 0
Reset Connections = 10
Current Connections = 0
Segments Received = 1628
Segments Sent = 1628
Segments Retransmitted = 0

UDP Statistics for IPv4

Datagrams Received = 1041
No Ports = 24
Receive Errors = 0
Datagrams Sent = 910

UDP Statistics for IPv6

Datagrams Received = 1077
No Ports = 0
Receive Errors = 0
Datagrams Sent = 1569

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49156 127.0.0.1:49157 ESTABLISHED
TCP 127.0.0.1:49157 127.0.0.1:49156 ESTABLISHED
TCP 127.0.0.1:49188 127.0.0.1:49189 ESTABLISHED
TCP 127.0.0.1:49189 127.0.0.1:49188 ESTABLISHED
TCP 192.168.1.100:139 0.0.0.0:0 LISTENING
TCP 192.168.1.100:2869 192.168.1.1:33185 TIME_WAIT
TCP 192.168.1.100:2869 192.168.1.1:33186 TIME_WAIT
TCP 192.168.1.100:2869 192.168.1.1:33187 TIME_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:3587 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49158 [::]:0 LISTENING
TCP [::]:49159 [::]:0 LISTENING
UDP 0.0.0.0:427 *:*
UDP 0.0.0.0:3544 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:55638 *:*
UDP 0.0.0.0:57551 *:*
UDP 0.0.0.0:60722 *:*
UDP 0.0.0.0:61563 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:59783 *:*
UDP 192.168.1.100:137 *:*
UDP 192.168.1.100:138 *:*
UDP 192.168.1.100:427 *:*
UDP 192.168.1.100:1900 *:*
UDP 192.168.1.100:59365 *:*
UDP 192.168.1.100:59782 *:*
UDP [::]:3540 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:55639 *:*
UDP [::]:57552 *:*
UDP [::]:60723 *:*
UDP [::1]:1900 *:*
UDP [::1]:59781 *:*
UDP [fe80::2832:9d03:47d2:512a%11]:1900 *:*
UDP [fe80::2832:9d03:47d2:512a%11]:59780 *:*

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5939 0.0.0.0:0 LISTENING
TCP 127.0.0.1:49156 127.0.0.1:49157 ESTABLISHED
TCP 127.0.0.1:49157 127.0.0.1:49156 ESTABLISHED
TCP 127.0.0.1:49188 127.0.0.1:49189 ESTABLISHED
TCP 127.0.0.1:49189 127.0.0.1:49188 ESTABLISHED
TCP 192.168.1.100:139 0.0.0.0:0 LISTENING
TCP 192.168.1.100:2869 192.168.1.1:33189 TIME_WAIT
TCP 192.168.1.100:2869 192.168.1.1:33190 TIME_WAIT
TCP 192.168.1.100:2869 192.168.1.1:33191 TIME_WAIT
TCP 192.168.1.100:2869 192.168.1.1:33192 TIME_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:3587 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49158 [::]:0 LISTENING
TCP [::]:49159 [::]:0 LISTENING
UDP 0.0.0.0:427 *:*
UDP 0.0.0.0:3544 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:55638 *:*
UDP 0.0.0.0:57551 *:*
UDP 0.0.0.0:60722 *:*
UDP 0.0.0.0:61563 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:59783 *:*
UDP 192.168.1.100:137 *:*
UDP 192.168.1.100:138 *:*
UDP 192.168.1.100:427 *:*
UDP 192.168.1.100:1900 *:*
UDP 192.168.1.100:59365 *:*
UDP 192.168.1.100:59782 *:*
UDP [::]:3540 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:55639 *:*
UDP [::]:57552 *:*
UDP [::]:60723 *:*
UDP [::1]:1900 *:*
UDP [::1]:59781 *:*
UDP [fe80::2832:9d03:47d2:512a%11]:1900 *:*
UDP [fe80::2832:9d03:47d2:512a%11]:59780 *:*

IPv4 Statistics

Packets Received = 2188
Received Header Errors = 0
Received Address Errors = 3
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 26
Received Packets Delivered = 4632
Output Requests = 3489
Routing Discards = 0
Discarded Output Packets = 4
Output Packet No Route = 11
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

IPv6 Statistics

Packets Received = 21
Received Header Errors = 0
Received Address Errors = 12
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 0
Received Packets Delivered = 3538
Output Requests = 3691
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 13
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 2 2
Errors 0 0
Destination Unreachable 1 2
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 0 0
Echos 1 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0

ICMPv6 Statistics

Received Sent
Messages 9 27
Errors 0 0
Destination Unreachable 0 0
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 24
Router Advertisements 9 0
Neighbor Solicitations 0 3
Neighbor Advertisements 0 0
Redirects 0 0
Router Renumberings 0 0

TCP Statistics for IPv4

Active Opens = 143
Passive Opens = 51
Failed Connection Attempts = 6
Reset Connections = 30
Current Connections = 4
Segments Received = 2577
Segments Sent = 2573
Segments Retransmitted = 21

TCP Statistics for IPv6

Active Opens = 9
Passive Opens = 9
Failed Connection Attempts = 0
Reset Connections = 10
Current Connections = 0
Segments Received = 1628
Segments Sent = 1628
Segments Retransmitted = 0

UDP Statistics for IPv4

Datagrams Received = 1210
No Ports = 24
Receive Errors = 0
Datagrams Sent = 960

UDP Statistics for IPv6

Datagrams Received = 1325
No Ports = 0
Receive Errors = 0
Datagrams Sent = 1937
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Definitely change the DNS. You can use any that respond to a request. Doesn't have to be your ISP's. In the US I would just have you use 8.8.8.8 which is Google's free DNS but it's a long way from NZ so thought you would be better using one in NZ (and I don't offhand know one in NZ) but if you can't connect to Google.com then it is definitely time to try it. I just found 27.110.120.30 which is supposed to be in NZ so let's do it:


1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 27.110.120.30 in the Preferred DNS server and 8.8.8.8 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

ipconfig /flushdns


Now see if you can get to google.com

Which browser are you using?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP