Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Redirect Virus/Malware please help, tried everything


  • Please log in to reply

#1
atwitsend8745

atwitsend8745

    New Member

  • Member
  • Pip
  • 5 posts
I would greatly appreciate your help with this problem which is driving me crazy. I have worked through the Geeks to Go "google redirect fix guide" on this website to no avail. For two weeks my computer has been redirecting me to shopping sites instead of any link that I click on from search results. It fits the description of the search engine redirect virus but I have not been able to detect it on any of the MANY antispyware/malware/virus programs which I have run. It even happens when in safe mode and happens on internet explorer and mozilla. OTL log is pasted at the very end of this.

Some of the sites I get redirected to are....
http://int.ask.com/w...&qsrc=999&l=dis
http://www.wholesale...kipeducose.html
www.outrate.net/shopping/storid...etc


Im running windows 7 ...here are the steps I have taken so far and every scan came up completely clean but redirect still occurs:
-Ran TDSS Killer
-Malwarebytes AntiMalware-Complete scan
-Ran AVG rootkit and full comp scan
-ran CCleaner
-Ran GooredFix.exe
-Ran McAfee Security Scan Plus
-Ran PC Tools Spyware Doctor scan
-Ran Spybot Search and Destroy
-Ran Erunt and pasted: :Filesipconfig /flushdns /c:Commands[purity][resethosts][emptytemp][CREATERESTOREPOINT][EMPTYFLASH][Reboot]
-Ran Lavasoft Adaware - Something popped up on adware saying "spyware.alexa" once but it supposedly cleaned it and it has not come up on any scans since then and cant find a log of its detection. Dont know if that means anything.

*note, i have tried these scans both in and out of safemode with no results

OTL LOG
OTL logfile created on: 5/18/2012 5:34:28 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Abel Levin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 72.10% Memory free
15.83 Gb Paging File | 13.47 Gb Available in Paging File | 85.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 546.75 Gb Free Space | 80.52% Space Free | Partition Type: NTFS

Computer Name: ASL-PC | User Name: Abel Levin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 17:06:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.exe
PRC - [2012/04/27 09:30:10 | 000,109,296 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Creative\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/03/20 13:49:20 | 002,670,008 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012/03/20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012/03/13 12:17:38 | 000,274,328 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.271\SSScheduler.exe
PRC - [2012/02/20 11:25:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/13 11:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/01 23:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/11/01 23:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/11/01 23:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 11:25:57 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/04/22 12:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2011/04/21 22:32:12 | 000,235,112 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/01 23:40:34 | 000,087,176 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/11/01 23:40:30 | 000,057,480 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/11/01 23:40:24 | 000,248,968 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Creative\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/20 13:49:22 | 001,118,648 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/03/20 12:20:52 | 000,571,320 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012/03/20 11:11:50 | 000,402,336 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/03/13 12:17:38 | 000,237,272 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.271\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/28 17:52:02 | 002,152,152 | ---- | M] (Lavasoft Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/01 23:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/10/29 14:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 13:50:18 | 000,251,528 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PCTSD64.sys -- (PCTSD)
DRV:64bit: - [2012/03/20 12:21:14 | 000,085,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2012/03/16 12:15:42 | 000,426,104 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/22 12:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 05:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 05:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/17 13:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/13 13:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 10:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 12:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/12 22:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/10/11 23:40:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {11D3DD3E-FBD3-4D08-868D-E1BD6514D539}
IE:64bit: - HKLM\..\SearchScopes\{11D3DD3E-FBD3-4D08-868D-E1BD6514D539}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {11D3DD3E-FBD3-4D08-868D-E1BD6514D539}
IE - HKLM\..\SearchScopes\{11D3DD3E-FBD3-4D08-868D-E1BD6514D539}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {11D3DD3E-FBD3-4D08-868D-E1BD6514D539}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...S&ver=4.0.0.125
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/07/30 15:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 21:37:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/02 03:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/07 13:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/05/04 20:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\Firefox\ [2012/05/06 20:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 11:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/07 13:43:13 | 000,000,000 | ---D | M]

[2011/11/12 15:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abel Levin\AppData\Roaming\Mozilla\Extensions
[2012/05/14 11:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abel Levin\AppData\Roaming\Mozilla\Firefox\Profiles\01pjn6kz.default\extensions
[2011/11/12 15:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/14 11:33:43 | 000,185,022 | ---- | M] () (No name found) -- C:\USERS\ABEL LEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01PJN6KZ.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012/05/04 03:18:09 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\ABEL LEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01PJN6KZ.DEFAULT\EXTENSIONS\ZBZGNRJTHN@ZBZGNRJTHN.ORG.XPI
[2012/02/20 11:25:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/12 14:41:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 14:41:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2012/05/04 21:07:33 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (TBLayoutBHO Class) - {008f6853-9cb4-41c5-a950-39d55e5e06ba} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Amazon Browser Bar) - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Creative\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.gwu.edu/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D235A6-42FD-4F77-BFC5-AC818D124B47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CABD8B7C-C2D6-4653-B322-B085CB9790E4}: DhcpNameServer = 10.10.2.4 192.168.123.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{152c5940-ed41-11e0-96a7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{152c5940-ed41-11e0-96a7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 17:13:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Abel Levin\Desktop\GooredFix.exe
[2012/05/18 17:07:21 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.com
[2012/05/18 17:05:59 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.exe
[2012/05/14 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\GooredFix Backups
[2012/05/14 17:09:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/14 17:08:35 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTM.exe
[2012/05/14 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\REG BACKUP 5_14_12
[2012/05/14 17:06:02 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\ERUNT
[2012/05/14 17:04:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Abel Levin\Desktop\hijackthis.exe
[2012/05/14 16:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/05/14 16:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/05/14 16:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/05/07 01:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/07 01:09:52 | 178,789,312 | ---- | C] (Kaspersky Lab) -- C:\Users\Abel Levin\Desktop\kaspersko.exe
[2012/05/06 22:30:07 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\registry backup 5_6_12
[2012/05/06 20:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/05/06 20:39:16 | 004,165,104 | ---- | C] (PC Tools) -- C:\Users\Abel Levin\Desktop\SDAV_Online_aff_GenericRevenueWire_207_2.exe
[2012/05/06 20:38:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 20:04:24 | 000,667,720 | ---- | C] (Webroot) -- C:\Users\Abel Levin\Desktop\wsainstall.exe
[2012/05/04 23:55:22 | 002,271,160 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0546.old
[2012/05/04 23:55:22 | 002,271,160 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2012/05/04 23:55:22 | 001,681,336 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2012/05/04 23:55:22 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0546.old
[2012/05/04 23:55:22 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2012/05/04 23:55:22 | 000,085,192 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/05/04 23:55:02 | 000,339,608 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/05/04 23:55:02 | 000,145,432 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/05/04 23:54:59 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/05/04 23:54:58 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/05/04 23:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/04 23:52:48 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/05/04 23:52:48 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/05/04 23:52:47 | 000,426,104 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/05/04 23:52:46 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/05/04 23:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/04 23:52:34 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\AppData\Roaming\TestApp
[2012/05/04 23:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/04 23:49:32 | 004,165,584 | ---- | C] (PC Tools) -- C:\Users\Abel Levin\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
[2012/05/04 21:36:46 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\AppData\Roaming\Malwarebytes
[2012/05/04 21:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/04 21:31:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/04 21:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/04 21:31:08 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\testing.exe
[2012/05/04 21:25:40 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/04 21:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/05/04 21:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2012/05/04 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/05/04 21:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/05/04 20:37:51 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Abel Levin\Desktop\TDSSKiller.exe
[2012/05/03 13:58:41 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\pr pics to upload
[2012/05/02 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics Add-in
[2012/04/27 11:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/27 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\roboform backup 4_27_12
[2012/04/24 11:43:43 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Documents\Solmetric
[2012/04/24 11:43:39 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\AppData\Roaming\Solmetric
[2012/04/24 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solmetric
[2012/04/24 11:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solmetric
[2012/04/24 11:34:56 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2012/04/23 17:48:11 | 001,400,984 | ---- | C] (Juniper Networks, Inc.) -- C:\Users\Abel Levin\Desktop\JuniperSetupClientInstaller.exe
[2 C:\Users\Abel Levin\Desktop\*.tmp files -> C:\Users\Abel Levin\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 17:27:12 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 17:27:12 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 17:20:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 17:19:59 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/05/18 17:19:27 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 17:18:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 17:18:50 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/18 17:16:00 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Abel Levin\Desktop\GooredFix.exe
[2012/05/18 17:07:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.com
[2012/05/18 17:06:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.exe
[2012/05/18 10:47:23 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/18 10:47:23 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/18 10:47:23 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/15 03:27:01 | 000,466,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/15 03:06:37 | 001,648,772 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/14 17:08:35 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTM.exe
[2012/05/14 17:05:41 | 000,513,320 | ---- | M] () -- C:\Users\Abel Levin\Desktop\erunt.zip
[2012/05/14 17:04:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Abel Levin\Desktop\hijackthis.exe
[2012/05/14 16:44:01 | 000,002,166 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/05/14 16:44:01 | 000,002,166 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/05/14 11:34:14 | 098,133,237 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/14 11:31:54 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/07 01:11:12 | 178,789,312 | ---- | M] (Kaspersky Lab) -- C:\Users\Abel Levin\Desktop\kaspersko.exe
[2012/05/06 22:46:54 | 008,399,438 | ---- | M] () -- C:\Users\Abel Levin\Desktop\ewido-setup_4.0.0.172.exe
[2012/05/06 20:40:41 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/05/06 20:39:17 | 004,165,104 | ---- | M] (PC Tools) -- C:\Users\Abel Levin\Desktop\SDAV_Online_aff_GenericRevenueWire_207_2.exe
[2012/05/06 20:04:24 | 000,667,720 | ---- | M] (Webroot) -- C:\Users\Abel Levin\Desktop\wsainstall.exe
[2012/05/04 23:54:59 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012/05/04 23:49:32 | 004,165,584 | ---- | M] (PC Tools) -- C:\Users\Abel Levin\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
[2012/05/04 21:31:45 | 000,001,246 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 21:31:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\testing.exe
[2012/05/04 21:25:41 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/04 20:33:54 | 002,055,783 | ---- | M] () -- C:\Users\Abel Levin\Desktop\tdsskiller.zip
[2012/05/02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Abel Levin\Desktop\TDSSKiller.exe
[2012/04/28 11:19:55 | 000,151,297 | ---- | M] () -- C:\Users\Abel Levin\Desktop\painting with lauren 2.JPG
[2012/04/28 11:19:28 | 000,135,318 | ---- | M] () -- C:\Users\Abel Levin\Desktop\painting with lauren.JPG
[2012/04/28 03:08:43 | 000,149,217 | ---- | M] () -- C:\Users\Abel Levin\Desktop\homeless.jpg
[2012/04/27 12:28:33 | 003,761,781 | ---- | M] () -- C:\Users\Abel Levin\Documents\Untitled.png
[2012/04/27 11:17:36 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/27 10:25:17 | 000,006,963 | ---- | M] () -- C:\Users\Abel Levin\Desktop\PUERTO RICO - Shortcut.lnk
[2012/04/27 09:42:36 | 000,164,641 | ---- | M] () -- C:\Users\Abel Levin\Documents\roboform receipt.png
[2012/04/27 09:30:02 | 012,510,240 | ---- | M] (Siber Systems) -- C:\Users\Abel Levin\Desktop\AiRoboForm-cnetc.exe
[2012/04/27 08:55:06 | 000,314,583 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/24 11:43:39 | 000,003,120 | ---- | M] () -- C:\Windows\VAD9J83G.ocx
[2012/04/24 11:43:39 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\NFUIYIPR.ocx
[2012/04/24 11:43:38 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Solmetric SunEye.lnk
[2012/04/24 11:41:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012/04/23 17:48:13 | 001,400,984 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Abel Levin\Desktop\JuniperSetupClientInstaller.exe
[2 C:\Users\Abel Levin\Desktop\*.tmp files -> C:\Users\Abel Levin\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/18 17:19:47 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/05/18 16:54:18 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/05/14 17:05:38 | 000,513,320 | ---- | C] () -- C:\Users\Abel Levin\Desktop\erunt.zip
[2012/05/14 16:44:01 | 000,002,166 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/05/14 16:43:56 | 000,002,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/05/06 22:46:51 | 008,399,438 | ---- | C] () -- C:\Users\Abel Levin\Desktop\ewido-setup_4.0.0.172.exe
[2012/05/06 20:40:41 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor with AntiVirus.lnk
[2012/05/04 23:55:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll0546.old
[2012/05/04 23:55:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012/05/04 23:55:22 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2012/05/04 23:55:22 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2012/05/04 23:55:22 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2012/05/04 23:55:22 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2012/05/04 23:54:59 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
[2012/05/04 23:52:48 | 001,648,772 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/04 21:31:45 | 000,001,246 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 20:33:53 | 002,055,783 | ---- | C] () -- C:\Users\Abel Levin\Desktop\tdsskiller.zip
[2012/04/28 11:19:55 | 000,151,297 | ---- | C] () -- C:\Users\Abel Levin\Desktop\painting with lauren 2.JPG
[2012/04/28 11:19:28 | 000,135,318 | ---- | C] () -- C:\Users\Abel Levin\Desktop\painting with lauren.JPG
[2012/04/28 03:08:43 | 000,149,217 | ---- | C] () -- C:\Users\Abel Levin\Desktop\homeless.jpg
[2012/04/27 12:28:33 | 003,761,781 | ---- | C] () -- C:\Users\Abel Levin\Documents\Untitled.png
[2012/04/27 11:17:36 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/27 10:25:17 | 000,006,963 | ---- | C] () -- C:\Users\Abel Levin\Desktop\PUERTO RICO - Shortcut.lnk
[2012/04/27 09:42:36 | 000,164,641 | ---- | C] () -- C:\Users\Abel Levin\Documents\roboform receipt.png
[2012/04/24 11:43:39 | 000,003,120 | ---- | C] () -- C:\Windows\VAD9J83G.ocx
[2012/04/24 11:43:39 | 000,003,120 | ---- | C] () -- C:\Windows\SysNative\NFUIYIPR.ocx
[2012/04/24 11:43:38 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Solmetric SunEye.lnk
[2012/04/24 11:41:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012/04/24 11:35:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/23 12:08:02 | 000,007,609 | ---- | C] () -- C:\Users\Abel Levin\AppData\Local\Resmon.ResmonCfg
[2012/02/06 16:46:57 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\Unwise32.exe
[2012/02/06 16:46:43 | 000,000,594 | ---- | C] () -- C:\Windows\DTOOLS.INI
[2011/10/15 01:29:19 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/15 01:29:19 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/11 23:52:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/14 00:07:06 | 000,005,632 | ---- | C] () -- C:\Users\Abel Levin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 13:38:36 | 000,172,086 | ---- | C] () -- C:\Windows\hpoins37.dat
[2011/09/07 13:38:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2011/08/17 08:39:51 | 000,507,066 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2011/08/17 08:38:39 | 008,667,136 | ---- | C] () -- C:\Windows\SysWow64\Awesomium.dll
[2011/07/30 16:17:34 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/30 16:16:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/30 16:16:28 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/30 16:16:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/10 12:10:51 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/01 23:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/11/01 23:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/11/01 23:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll

========== LOP Check ==========

[2012/01/02 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\Audacity
[2011/09/22 10:33:45 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\AVG2012
[2011/12/03 13:08:26 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\DAEMON Tools Lite
[2012/05/04 20:46:47 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\Dropbox
[2011/08/05 10:01:50 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\Fingertapps
[2011/09/13 14:23:34 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\Juniper Networks
[2011/10/06 09:24:56 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\LolClient
[2012/01/06 19:43:52 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\Origin
[2011/08/06 13:01:56 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\PCDr
[2011/09/06 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\RoboForm
[2012/05/04 20:46:59 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\Solmetric
[2012/05/04 23:52:34 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\TestApp
[2012/03/08 01:16:22 | 000,000,000 | ---D | M] -- C:\Users\Abel Levin\AppData\Roaming\uTorrent
[2009/07/14 01:08:49 | 000,022,922 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Documents\pge.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Documents\P 2_27_10.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Documents\p 1_1_10.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Desktop\IMG00276.jpg:Roxio EMC Stream
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

< End of report >
  • 0

Advertisement


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
atwitsend8745

atwitsend8745

    New Member

  • Member
  • Pip
  • 5 posts
Ron,
Thanks a lot! Im still working on all of these steps. I just ran into a very strange file in my startup processes that ive never noticed before this started happening.
Is this anything? C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

looks suspicious no?

I will keep working on your instructions. Thanks again!!!
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
urlredir.dll is a Microsoft Office file (Microsoft Office Document Cache Handler) so leave it alone.
  • 0

#5
atwitsend8745

atwitsend8745

    New Member

  • Member
  • Pip
  • 5 posts
Followed all the instructions. I dont think it found anything unfortunately. Here are all the logs you asked for. Thanks again!

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-21 08:38:52
-----------------------------
08:38:52.512 OS Version: Windows x64 6.1.7601 Service Pack 1
08:38:52.512 Number of processors: 8 586 0x2A07
08:38:52.512 ComputerName: ASL-PC UserName:
08:38:54.852 Initialize success
08:41:52.880 AVAST engine defs: 12052100
08:42:45.561 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
08:42:45.561 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
08:42:45.577 Disk 0 MBR read successfully
08:42:45.577 Disk 0 MBR scan
08:42:45.577 Disk 0 Windows VISTA default MBR code
08:42:45.592 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
08:42:45.592 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 20000 MB offset 212992
08:42:45.608 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695299 MB offset 41172992
08:42:45.639 Disk 0 scanning C:\Windows\system32\drivers
08:42:52.363 Service scanning
08:43:06.995 Modules scanning
08:43:10.958 AVAST engine scan C:\Windows
08:43:14.577 AVAST engine scan C:\Windows\system32
08:45:00.330 AVAST engine scan C:\Windows\system32\drivers
08:45:11.421 AVAST engine scan C:\Users\Abel Levin
08:52:37.832 AVAST engine scan C:\ProgramData
08:53:56.331 Scan finished successfully
09:21:35.347 Disk 0 MBR has been saved successfully to "C:\Users\Abel Levin\Desktop\virus\files to give to forum expert\MBR.dat"
09:21:35.347 The log file has been saved successfully to "C:\Users\Abel Levin\Desktop\virus\files to give to forum expert\aswMBRlog.txt"

----------------------------------
ComboFix 12-05-20.06 - Abel Levin 05/21/2012 10:12:11.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6281 [GMT -4:00]
Running from: c:\users\Abel Levin\Desktop\2ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Public\AlexaNSISPlugin.3648.dll
c:\windows\SysWow64\sqlite3.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))
.
.
2012-05-14 21:09 . 2012-05-14 21:09 -------- d-----w- C:\_OTM
2012-05-13 16:06 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-13 16:06 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-13 16:06 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 16:06 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-13 16:06 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-13 16:06 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-13 16:06 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 16:06 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 16:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-13 16:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-07 05:37 . 2012-05-07 05:37 -------- d-----w- c:\programdata\Kaspersky Lab
2012-05-07 00:38 . 2012-05-07 00:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-05 03:55 . 2012-03-20 16:21 149432 ----a-w- c:\windows\SGDetectionTool.dll0546.old
2012-05-05 03:55 . 2012-03-20 16:21 2271160 ----a-w- c:\windows\PCTBDCore.dll0546.old
2012-05-05 03:55 . 2012-03-20 16:20 767928 ----a-w- c:\windows\BDTSupport.dll0546.old
2012-05-05 03:54 . 2012-03-20 17:49 14776 ----a-w- c:\windows\system32\drivers\pctBTFix64.sys
2012-05-05 03:54 . 2012-05-05 03:54 -------- d-----w- c:\program files (x86)\PC Tools
2012-05-05 03:52 . 2012-05-21 13:30 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-05-05 03:52 . 2012-03-20 17:50 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-05-05 03:52 . 2012-05-05 03:54 -------- d-----w- c:\programdata\PC Tools
2012-05-05 03:52 . 2012-05-05 03:52 -------- d-----w- c:\users\Abel Levin\AppData\Roaming\TestApp
2012-05-05 01:36 . 2012-05-05 01:36 -------- d-----w- c:\users\Abel Levin\AppData\Roaming\Malwarebytes
2012-05-05 01:31 . 2012-05-05 01:31 -------- d-----w- c:\programdata\Malwarebytes
2012-05-05 01:31 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 01:05 . 2012-05-05 01:05 -------- d-----w- c:\program files (x86)\Amazon
2012-05-05 01:05 . 2012-05-21 13:28 -------- d-----w- c:\program files (x86)\Amazon Browser Bar
2012-05-05 01:05 . 2012-05-18 21:23 -------- d-----w- c:\programdata\STOPzilla!
2012-05-05 01:05 . 2012-05-18 21:23 -------- d-----w- c:\program files (x86)\STOPzilla!
2012-05-05 00:53 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BE96E4-0310-4704-8D59-6835D0C4D3EB}\mpengine.dll
2012-05-02 20:32 . 2012-05-02 20:32 -------- d-----w- c:\program files (x86)\Microsoft Mathematics Add-in
2012-04-27 13:26 . 2012-04-27 13:27 -------- d-----w- c:\users\Abel Levin\roboform backup 4_27_12
2012-04-24 15:43 . 2012-05-05 00:46 -------- d-----w- c:\users\Abel Levin\AppData\Roaming\Solmetric
2012-04-24 15:43 . 2012-05-05 00:44 -------- d-----w- c:\program files (x86)\Solmetric
2012-04-24 15:34 . 2012-04-24 15:36 -------- d-----w- c:\windows\WindowsMobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 06:46 . 2012-04-11 07:02 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 07:02 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 07:02 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 07:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 07:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 07:02 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 07:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 07:06 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 07:06 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 07:06 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 07:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 07:06 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 07:06 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 07:06 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 07:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-26 20:11 . 2012-02-26 20:11 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-04-27 109296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 03:40 147080 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/30 14:34;c:\program files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 135664]
R4 MBAMService;MBAMService;c:\program files (x86)\Creative\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-22 2009704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-22 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 07:44]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-02 07:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Abel Levin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-04-22 312936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Abel Levin\AppData\Roaming\Mozilla\Firefox\Profiles\01pjn6kz.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
SafeBoot-14814266.sys
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Amazon Browser Bar - c:\program files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.Uninstall.exe
AddRemove-PALISADEBK11 - c:\windows\system32\unwise32.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-21 10:24:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-21 14:24
.
Pre-Run: 588,728,037,376 bytes free
Post-Run: 588,384,145,408 bytes free
.
- - End Of File - - 25B2EF1AF04BD26170B934A518D41B5A
---------------------------
OTL Extras logfile created on: 5/21/2012 1:48:06 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Abel Levin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.91% Memory free
15.83 Gb Paging File | 13.51 Gb Available in Paging File | 85.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 547.65 Gb Free Space | 80.66% Space Free | Partition Type: NTFS

Computer Name: ASL-PC | User Name: Abel Levin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B1738F-4CB7-456B-8DF3-1013CA94A595}" = rport=139 | protocol=6 | dir=out | app=system |
"{04BB3307-90F1-4220-AD2E-05F360AB91BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0919A97A-A868-4E7E-80C7-A8617D163959}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12CB50EE-CBEE-4256-948E-38440A977C3C}" = lport=445 | protocol=6 | dir=in | app=system |
"{1C55466E-32AD-409F-B266-AE8A0509442F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26B4E11A-6ECD-4EA2-9295-7749B7CA4AD2}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2BAE527F-B96E-4FC1-9A0A-CF37BE9E108B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C96A9C7-881D-4372-9ECA-4617E3FFD63E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{636000C3-A820-4AAE-A2AD-FDDE44AB8FCE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6E16D7D5-AC59-4550-8181-A229AD75BD7C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7CEC2EBC-570C-4EAC-ADCB-0BAC1E2DCC78}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80330A3E-CFD0-482C-A6B0-BFD1CACF8953}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9166C5F0-26EB-4131-BA60-E07E70940168}" = rport=10243 | protocol=6 | dir=out | app=system |
"{96768E73-8D24-486B-9337-0E568C1CA61E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AB7CA36-E3B8-4052-9237-A757102FF5BE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9E56E469-D296-4AA7-A504-E6B7FD9C7A3D}" = lport=138 | protocol=17 | dir=in | app=system |
"{A7659164-1D2B-4D6F-982B-2D45230A1D05}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC129238-94C5-4426-A581-6DE2D990C937}" = lport=139 | protocol=6 | dir=in | app=system |
"{C516A0DF-D902-4705-A4B0-EEE1C88E880D}" = rport=137 | protocol=17 | dir=out | app=system |
"{C873FB21-12FE-4A8E-B108-0F9301D2545C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{D10779E5-9AF5-46AB-9274-9A561D847914}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{D3081FB2-932E-4326-A118-3873A131E221}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EBC27A7A-0C4C-4DDB-8DFE-F9703C41DDB9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ED437B45-BED1-4D52-B477-146CC6DBE37F}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF2201BE-6A0E-4916-92EB-A33138CBC731}" = rport=445 | protocol=6 | dir=out | app=system |
"{FDFB09EB-CD03-46E4-98E1-84ADCF71FD51}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F2507F-EB39-4ECE-8E11-F6D312933432}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{115D3712-DE73-4CA5-882D-6CFEC8BB8D89}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{11689151-95F2-47EA-A5B5-5EB02D4E5331}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{11E41A28-E37C-41EF-8EA6-9170FADC68CD}" = protocol=6 | dir=in | app=c:\users\abel levin\appdata\roaming\dropbox\bin\dropbox.exe |
"{1302607D-5BB3-40D2-A05F-69B278B94490}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{180BA857-FD37-4704-BC04-9B59EF225018}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1E586B0F-EDD6-4D75-9D13-191B0E5710CC}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{22439247-0A2C-4640-9D85-3B640C02B35C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{228868B1-9C51-44BB-BE4B-5309A57B72B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{27CF3921-B3E0-4B91-88EB-93FC01A954A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2B20AE14-BB87-48B5-9708-23F4FE1DE4BC}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{2B2BCA61-6346-4129-8967-E39C8BE774C0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{319B8AFA-2589-4FD8-BCDD-1B25FB6AA184}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{3356E6C5-7AE2-4B1F-B6D8-D086D5DA5D99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{363D13C6-D2EE-4128-9573-B8EE7493F147}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{386FEADD-BAA7-4EFA-A7B6-6CF5E7D55511}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3AFDBCBE-6FB3-412B-89F5-BA27E10F53B4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{410B5141-87D4-4311-BA1E-ABFF214EF9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{436CF27F-BF92-4DA3-8550-899EB234550E}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{44FF48AE-4DE1-4FD6-83D7-F017D16AAA84}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{4594D555-C939-46AB-ACFC-6A86F55A0DEB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{45DB8C83-98EC-46B1-9EB4-8A0DFC7F06A9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{48504100-6FFE-42B3-BFC2-A101486FCFFA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4D6A9C4F-1B6C-46B7-9630-C217CD44CA4C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{4DFC7DE8-FE8E-48DC-A163-B4EB3CB6223B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"{4F4DAE9B-35D6-4D62-BAEF-5E7CC2B28F31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50B215CE-05D7-4466-8D9A-4D2AD28C6151}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{53C20819-D024-4AF6-9376-553B3B4A5102}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{53CA59B7-61AF-461F-97D2-3B01B08B2ADB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{554DED5A-9169-45B6-BE37-1A139844BF53}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{56BB4E40-3057-40E9-B1F2-895D5F793206}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5833C2E0-4F07-4F3E-8D10-50B772B26CC7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{5A9A5411-C034-427D-9AEA-25E9056F2D77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{5B899B53-21DD-47F4-B6D7-00700BDE0AB7}" = protocol=6 | dir=in | app=c:\program files (x86)\solmetric\suneye\ipstub.exe |
"{5F29A092-F15E-461E-8E29-E247B5247510}" = protocol=6 | dir=out | app=system |
"{6238FF40-ECEA-4B75-BEF4-E4A29864DC9C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{6368D201-9344-4C1C-BF52-BB5FFF6EE8B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{65E06448-9EB0-4D21-A050-B91E7B8F62F2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{68B95000-24B0-49FB-8C12-BB8E2C44D89D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{69D3B615-D049-4B64-B93E-AE8B2788A886}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6DA6994F-1FDA-462F-BA5F-1D8935EAD35C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{6E78A858-48AA-40AC-9CD3-429D4E0DCB38}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{786802CD-8564-460C-B908-A5E18F0F57A0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{7BA739AB-8618-44A9-9AA6-2741A40B26AF}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{7D6F389D-5D3A-4DDF-9C39-5829ADA7FFD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7E492BD3-D0DC-4D64-9905-E97E563DF334}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7EA24D5C-A147-4C2E-8859-2C8BFE86954D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{826ED6E8-1889-45E7-B7F5-2F1D58E3C67B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8273AA06-3C9A-4923-B43C-7B8EC21BAD52}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{836F1FFA-18A2-4B19-A1D5-F836ECBD75E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{87EEDCC1-55D0-4C90-821E-78D46A8F211C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{886659E8-CDE3-4500-904A-17C3951E8555}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8B703BD1-2081-4768-9047-FFBCF1A876DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8F896F91-7704-412F-8357-0EB951ECA9BC}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{929B209C-48D3-4118-B8B0-F4784FB8AD59}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{938DB041-0C7A-4154-B55C-08A159CC5398}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{97B04290-96FC-49E6-A76A-461AC0AD12A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{9AEF7DC8-ED59-49B6-8F85-4BA53A5EC843}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9BBA0B93-0148-4BC5-B16F-20FE94D6C2A9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CFF20F8-F360-4B3B-B642-26E27AB750CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{9EC49BF8-3128-48D0-A47C-826ACF330F18}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{A11E170F-3A56-421D-96BE-3DF329CDB642}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A5A7ACD8-9776-49C0-BA05-99F105185765}" = protocol=17 | dir=in | app=c:\program files (x86)\solmetric\suneye\ipstub.exe |
"{A730B191-960E-4910-B914-4DD6CB8999EF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A7B9570B-15BD-402B-B9F2-038B3EF9BE74}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A89938C5-8DFA-4318-A04D-E5679BDE9C5D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9158FAF-922C-4F50-883D-2A84AB497E1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{AAEE49C5-C952-4A3C-900F-25F3E9A84472}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{ADF7D551-0113-4FF0-BA50-DB5837AA45AC}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{B59767DC-015D-4F94-B1E8-F0BD697A56C1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B653E2BA-6452-4EB2-A068-5ED6EA757C11}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B89A5DAB-349B-47E4-AE8B-9912A0FDB6BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{B9DEED93-D8E1-4F17-9F5E-BA3F177B6ECB}" = protocol=17 | dir=in | app=c:\users\abel levin\appdata\roaming\dropbox\bin\dropbox.exe |
"{BC5A8EE7-1CCF-4D8F-BB72-F96CF88A7EC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BEE54924-FD01-46A5-9367-9704286F47CB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{BF246DB2-26DA-470E-9BB9-14C2A8C632CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6A03379-86AC-458B-BA05-4C5A24F32D47}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CB7BC80B-21BF-4091-90CE-7F091B614621}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{CDF000A5-2C6E-430D-876C-9E3A3E487E5B}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{CF308CFE-3877-4A7C-93B3-3761720C072E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DB2DF21F-4194-4DE2-BBB8-55B332FBC510}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{DCC10C24-2665-4743-95DE-450BB074A203}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E27D595F-30FE-4F24-BB2B-F64FAE3F2644}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{EADF43A5-980B-4EED-BD48-1C049F5D038E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{EDED5E3B-8F67-44F1-848D-F20D20E10685}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEE69B91-CD75-43CA-A859-901DDF806F45}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{F7EB7FE7-18B6-4192-8DBF-DD316E99853C}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{F9E1E9EB-395B-4CFD-B694-412361747D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"{FD5269D3-01AB-4857-B299-09B06B0D046F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FD696E6C-6720-4FDF-AB4D-2965527BA93C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{4120C49E-4D6A-4F13-ABC3-8A0F218092A4}C:\games\aclauncher.exe" = protocol=6 | dir=in | app=c:\games\aclauncher.exe |
"TCP Query User{4C05660C-FB5E-4494-98E8-F154EB90319A}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"TCP Query User{52F7D323-FF03-4A0A-9A62-3F79AF79F01C}C:\users\abel levin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\abel levin\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{8A31DCCA-8323-4632-969C-C189F6C72CAF}C:\games\acclient.exe" = protocol=6 | dir=in | app=c:\games\acclient.exe |
"TCP Query User{C11601CA-287B-42D0-8FE5-950B4E0353A8}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{F8D42586-1004-4F37-BBC0-194FDEBDC755}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{2D30646F-6DE1-4B15-9101-8A82E0F93A19}C:\users\abel levin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\abel levin\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{409F2DFC-F879-4A31-B547-B7DDA146676F}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{867A1C81-5C27-4FAF-B8D0-9305C332BB0F}C:\games\aclauncher.exe" = protocol=17 | dir=in | app=c:\games\aclauncher.exe |
"UDP Query User{A92540CB-739D-4DB1-8390-9A7539747161}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{AF1726F4-BBF3-401B-AECE-7A8EE8ADCC85}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe |
"UDP Query User{DF0C650F-B612-4C18-98D7-BCC9A85CE090}C:\games\acclient.exe" = protocol=17 | dir=in | app=c:\games\acclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{2C5BEF49-4219-4751-9106-39604462939D}" = Face Recognition
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile Device Center Driver Update
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{A800FCC9-8E1E-4D84-9CED-47870701FDE1}" = HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{C43C57C2-092C-4BB2-9371-C7342EF0CBA5}" = AVG 2012
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1829BE5-F305-4576-9593-C66FC7E0B008}" = iCloud
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08067AFD-4ECE-4454-80B4-31C859D4EDC1}" = F4400
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 29
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{6127968F-398E-45E2-A487-0A3BD89D3F4F}" = Decal 3.0 (Alpha 8: 2.9.6.0)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A835C187-691C-4827-BCEA-1611179C96B9}" = DJ_AIO_05_F4400_Software_Min
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AI RoboForm" = RoboForm 7-7-5 (All Users)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"PALISADEBK11" = Palisade Numerical Tools - Book Version
"Solmetric SunEye" = Solmetric SunEye
"SystemRequirementsLab" = System Requirements Lab
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2012 12:45:34 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/16/2012 10:46:09 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/17/2012 9:37:44 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/18/2012 11:56:11 AM | Computer Name = ASL-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2012 9:50:15 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/24/2012 11:55:57 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/26/2012 11:48:19 AM | Computer Name = ASL-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/26/2012 12:03:10 PM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/27/2012 9:00:19 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/27/2012 11:52:48 AM | Computer Name = ASL-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 5/7/2012 1:38:05 AM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/7/2012 1:38:05 AM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/7/2012 1:38:05 AM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/7/2012 1:40:02 AM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv

Error - 5/7/2012 1:50:35 AM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 5/7/2012 9:52:40 PM | Computer Name = ASL-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:01:44 AM on ?5/?7/?2012 was unexpected.

Error - 5/7/2012 9:52:54 PM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv

Error - 5/9/2012 12:07:03 PM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv

Error - 5/9/2012 11:51:59 PM | Computer Name = ASL-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:49:47 PM on ?5/?9/?2012 was unexpected.

Error - 5/9/2012 11:52:13 PM | Computer Name = ASL-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
is3srv


< End of report >
-------
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Abel Levin :: ASL-PC [administrator]

5/21/2012 1:39:13 PM
mbam-log-2012-05-21 (13-39-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224964
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
-----------------------------------

OTL logfile created on: 5/21/2012 1:48:06 PM - Run 2
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Abel Levin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.92 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.91% Memory free
15.83 Gb Paging File | 13.51 Gb Available in Paging File | 85.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.00 Gb Total Space | 547.65 Gb Free Space | 80.66% Space Free | Partition Type: NTFS

Computer Name: ASL-PC | User Name: Abel Levin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/21 13:45:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.exe
PRC - [2012/04/27 09:30:10 | 000,109,296 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/01/07 09:36:44 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011/04/22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/13 11:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/11/01 23:40:30 | 002,006,664 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
PRC - [2010/11/01 23:40:30 | 000,093,832 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2010/11/01 23:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe


========== Modules (No Company Name) ==========

MOD - [2010/12/17 11:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/01 23:40:34 | 000,087,176 | ---- | M] () -- C:\Windows\SysWOW64\FAIEExtension.dll
MOD - [2010/11/01 23:40:30 | 000,057,480 | ---- | M] () -- C:\Windows\SysWOW64\FAib.dll
MOD - [2010/11/01 23:40:24 | 000,248,968 | ---- | M] () -- C:\Windows\SysWOW64\FACrashRpt.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/23 02:01:26 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/22 12:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/21 22:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/01 23:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Auto | Running] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/10/29 14:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/06/23 01:28:04 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/22 12:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 05:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 05:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/12/17 13:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/13 13:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 10:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/10/15 12:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/12 22:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/09/24 21:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {11D3DD3E-FBD3-4D08-868D-E1BD6514D539}
IE:64bit: - HKLM\..\SearchScopes\{11D3DD3E-FBD3-4D08-868D-E1BD6514D539}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {11D3DD3E-FBD3-4D08-868D-E1BD6514D539}
IE - HKLM\..\SearchScopes\{11D3DD3E-FBD3-4D08-868D-E1BD6514D539}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {11D3DD3E-FBD3-4D08-868D-E1BD6514D539}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...S&ver=4.0.0.125
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/07/30 15:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/05/21 13:43:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/02 03:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/07 13:43:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012/05/04 20:47:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/21 13:43:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 11:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/09/07 13:43:13 | 000,000,000 | ---D | M]

[2011/11/12 15:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abel Levin\AppData\Roaming\Mozilla\Extensions
[2012/05/14 11:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abel Levin\AppData\Roaming\Mozilla\Firefox\Profiles\01pjn6kz.default\extensions
[2011/11/12 15:07:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/14 11:33:43 | 000,185,022 | ---- | M] () (No name found) -- C:\USERS\ABEL LEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01PJN6KZ.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2012/05/04 03:18:09 | 000,004,733 | ---- | M] () (No name found) -- C:\USERS\ABEL LEVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01PJN6KZ.DEFAULT\EXTENSIONS\ZBZGNRJTHN@ZBZGNRJTHN.ORG.XPI
[2012/02/20 11:25:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/12 14:41:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/12 14:41:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: RoboForm Plugin for Google Chrome/Opera/etc. (Enabled) = C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Abel Levin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2012/05/21 10:21:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FAStartup] File not found
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.gwu.edu/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22D235A6-42FD-4F77-BFC5-AC818D124B47}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CABD8B7C-C2D6-4653-B322-B085CB9790E4}: DhcpNameServer = 10.10.2.4 192.168.123.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/05/21 13:45:41 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.exe
[2012/05/21 13:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/05/21 13:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/21 13:32:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/21 13:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/21 10:39:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/21 10:24:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/21 10:11:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/21 10:11:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/21 10:11:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/21 10:11:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/21 10:11:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/20 18:05:17 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\4mbam-setup-1.61.0.1400.exe
[2012/05/20 18:05:16 | 004,499,706 | R--- | C] (Swearware) -- C:\Users\Abel Levin\Desktop\2ComboFix.exe
[2012/05/20 18:05:16 | 002,126,424 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Abel Levin\Desktop\3tdsskiller.exe
[2012/05/20 18:05:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Abel Levin\Desktop\1aswMBR.exe
[2012/05/20 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\virus
[2012/05/20 17:57:24 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\Desktop may 20 2012
[2012/05/18 17:13:51 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Abel Levin\Desktop\GooredFix.exe
[2012/05/18 17:07:21 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.com
[2012/05/14 17:25:10 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\GooredFix Backups
[2012/05/14 17:09:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/05/14 17:08:35 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTM.exe
[2012/05/14 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\REG BACKUP 5_14_12
[2012/05/14 17:06:02 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\ERUNT
[2012/05/14 17:04:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Abel Levin\Desktop\hijackthis.exe
[2012/05/13 12:06:53 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/13 12:06:47 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/13 12:06:47 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/13 12:06:46 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/07 01:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/05/07 01:09:52 | 178,789,312 | ---- | C] (Kaspersky Lab) -- C:\Users\Abel Levin\Desktop\kaspersko.exe
[2012/05/06 22:30:07 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\registry backup 5_6_12
[2012/05/06 20:39:16 | 004,165,104 | ---- | C] (PC Tools) -- C:\Users\Abel Levin\Desktop\SDAV_Online_aff_GenericRevenueWire_207_2.exe
[2012/05/06 20:38:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/06 20:04:24 | 000,667,720 | ---- | C] (Webroot) -- C:\Users\Abel Levin\Desktop\wsainstall.exe
[2012/05/04 23:55:22 | 002,271,160 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0546.old
[2012/05/04 23:55:22 | 000,149,432 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0546.old
[2012/05/04 23:54:59 | 000,014,776 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctBTFix64.sys
[2012/05/04 23:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/05/04 23:52:46 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/05/04 23:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/05/04 23:52:34 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\AppData\Roaming\TestApp
[2012/05/04 23:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/05/04 23:49:32 | 004,165,584 | ---- | C] (PC Tools) -- C:\Users\Abel Levin\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
[2012/05/04 21:36:46 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\AppData\Roaming\Malwarebytes
[2012/05/04 21:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/04 21:31:08 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\testing.exe
[2012/05/04 21:25:40 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/04 21:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/05/04 21:05:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2012/05/04 21:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012/05/04 21:05:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2012/05/04 20:37:51 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Abel Levin\Desktop\TDSSKiller.exe
[2012/05/03 13:58:41 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Desktop\pr pics to upload
[2012/05/02 16:32:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics Add-in
[2012/04/27 11:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/27 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\roboform backup 4_27_12
[2012/04/24 11:43:43 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\Documents\Solmetric
[2012/04/24 11:43:39 | 000,000,000 | ---D | C] -- C:\Users\Abel Levin\AppData\Roaming\Solmetric
[2012/04/24 11:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solmetric
[2012/04/24 11:43:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Solmetric
[2012/04/24 11:34:56 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2 C:\Users\Abel Levin\Desktop\*.tmp files -> C:\Users\Abel Levin\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/21 13:45:41 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.exe
[2012/05/21 13:43:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 13:43:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 13:42:24 | 098,750,945 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/21 13:36:25 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/21 13:36:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/21 13:36:10 | 2079,985,663 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/21 13:32:49 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 10:21:42 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/21 10:20:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/21 09:21:00 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/20 14:50:34 | 000,061,440 | ---- | M] ( ) -- C:\Users\Abel Levin\Desktop\5VEW.exe
[2012/05/20 14:48:36 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\4mbam-setup-1.61.0.1400.exe
[2012/05/20 14:46:34 | 002,126,424 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Abel Levin\Desktop\3tdsskiller.exe
[2012/05/20 14:45:30 | 004,499,706 | R--- | M] (Swearware) -- C:\Users\Abel Levin\Desktop\2ComboFix.exe
[2012/05/20 14:44:52 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Abel Levin\Desktop\1aswMBR.exe
[2012/05/19 11:09:29 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/19 11:09:29 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/19 11:09:29 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/18 17:19:59 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/05/18 17:16:00 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Abel Levin\Desktop\GooredFix.exe
[2012/05/18 17:07:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTL.com
[2012/05/15 03:27:01 | 000,466,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/15 03:06:37 | 001,648,772 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/14 17:08:35 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Abel Levin\Desktop\OTM.exe
[2012/05/14 17:05:41 | 000,513,320 | ---- | M] () -- C:\Users\Abel Levin\Desktop\erunt.zip
[2012/05/14 17:04:38 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Abel Levin\Desktop\hijackthis.exe
[2012/05/07 01:11:12 | 178,789,312 | ---- | M] (Kaspersky Lab) -- C:\Users\Abel Levin\Desktop\kaspersko.exe
[2012/05/06 22:46:54 | 008,399,438 | ---- | M] () -- C:\Users\Abel Levin\Desktop\ewido-setup_4.0.0.172.exe
[2012/05/06 20:39:17 | 004,165,104 | ---- | M] (PC Tools) -- C:\Users\Abel Levin\Desktop\SDAV_Online_aff_GenericRevenueWire_207_2.exe
[2012/05/06 20:04:24 | 000,667,720 | ---- | M] (Webroot) -- C:\Users\Abel Levin\Desktop\wsainstall.exe
[2012/05/04 23:49:32 | 004,165,584 | ---- | M] (PC Tools) -- C:\Users\Abel Levin\Desktop\SD_Online_aff_GenericRevenueWire_207.exe
[2012/05/04 21:31:08 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\testing.exe
[2012/05/04 21:25:41 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Abel Levin\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/04 20:33:54 | 002,055,783 | ---- | M] () -- C:\Users\Abel Levin\Desktop\tdsskiller.zip
[2012/05/02 10:00:04 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Abel Levin\Desktop\TDSSKiller.exe
[2012/04/28 03:08:43 | 000,149,217 | ---- | M] () -- C:\Users\Abel Levin\Desktop\homeless.jpg
[2012/04/27 12:28:33 | 003,761,781 | ---- | M] () -- C:\Users\Abel Levin\Documents\Untitled.png
[2012/04/27 11:17:36 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/27 10:25:17 | 000,006,963 | ---- | M] () -- C:\Users\Abel Levin\Desktop\PUERTO RICO - Shortcut.lnk
[2012/04/27 09:42:36 | 000,164,641 | ---- | M] () -- C:\Users\Abel Levin\Documents\roboform receipt.png
[2012/04/27 08:55:06 | 000,314,583 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/24 11:43:39 | 000,003,120 | ---- | M] () -- C:\Windows\VAD9J83G.ocx
[2012/04/24 11:43:39 | 000,003,120 | ---- | M] () -- C:\Windows\SysNative\NFUIYIPR.ocx
[2012/04/24 11:43:38 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Solmetric SunEye.lnk
[2012/04/24 11:41:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2 C:\Users\Abel Levin\Desktop\*.tmp files -> C:\Users\Abel Levin\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/21 13:32:49 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/21 10:11:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/21 10:11:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/21 10:11:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/21 10:11:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/21 10:11:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/20 18:05:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Abel Levin\Desktop\5VEW.exe
[2012/05/18 17:19:47 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/05/14 17:05:38 | 000,513,320 | ---- | C] () -- C:\Users\Abel Levin\Desktop\erunt.zip
[2012/05/06 22:46:51 | 008,399,438 | ---- | C] () -- C:\Users\Abel Levin\Desktop\ewido-setup_4.0.0.172.exe
[2012/05/04 23:55:22 | 000,767,928 | ---- | C] () -- C:\Windows\BDTSupport.dll0546.old
[2012/05/04 23:52:48 | 001,648,772 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/04 20:33:53 | 002,055,783 | ---- | C] () -- C:\Users\Abel Levin\Desktop\tdsskiller.zip
[2012/04/28 03:08:43 | 000,149,217 | ---- | C] () -- C:\Users\Abel Levin\Desktop\homeless.jpg
[2012/04/27 12:28:33 | 003,761,781 | ---- | C] () -- C:\Users\Abel Levin\Documents\Untitled.png
[2012/04/27 11:17:36 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/27 10:25:17 | 000,006,963 | ---- | C] () -- C:\Users\Abel Levin\Desktop\PUERTO RICO - Shortcut.lnk
[2012/04/27 09:42:36 | 000,164,641 | ---- | C] () -- C:\Users\Abel Levin\Documents\roboform receipt.png
[2012/04/24 11:43:39 | 000,003,120 | ---- | C] () -- C:\Windows\VAD9J83G.ocx
[2012/04/24 11:43:39 | 000,003,120 | ---- | C] () -- C:\Windows\SysNative\NFUIYIPR.ocx
[2012/04/24 11:43:38 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Solmetric SunEye.lnk
[2012/04/24 11:41:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2012/04/24 11:35:34 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2012/02/23 12:08:02 | 000,007,609 | ---- | C] () -- C:\Users\Abel Levin\AppData\Local\Resmon.ResmonCfg
[2012/02/06 16:46:57 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\Unwise32.exe
[2012/02/06 16:46:43 | 000,000,594 | ---- | C] () -- C:\Windows\DTOOLS.INI
[2011/10/15 01:29:19 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/10/15 01:29:19 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/10/11 23:52:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/14 00:07:06 | 000,005,632 | ---- | C] () -- C:\Users\Abel Levin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/07 13:38:36 | 000,172,086 | ---- | C] () -- C:\Windows\hpoins37.dat
[2011/09/07 13:38:36 | 000,000,558 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2011/08/17 08:38:39 | 008,667,136 | ---- | C] () -- C:\Windows\SysWow64\Awesomium.dll
[2011/07/30 16:17:34 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/30 16:16:31 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/30 16:16:28 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/30 16:16:20 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/02/10 12:10:51 | 000,773,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/11/01 23:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/11/01 23:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/11/01 23:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll

========== Custom Scans ==========

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Documents\pge.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Documents\P 2_27_10.txt:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Abel Levin\Documents\p 1_1_10.txt:Roxio EMC Stream
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
----
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/05/2012 5:58:10 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/05/2012 9:17:08 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 21/05/2012 9:16:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

----------
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/05/2012 6:00:11 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/05/2012 9:17:28 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Could I see the tdsskiller log?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

Copy the text in the code box by highlighting and Ctrl + c


:OTL
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...S&ver=4.0.0.125
[2012/02/12 14:41:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
fs_rec.sys
wintrust.dll
imagehlp.dll
wmi.dll
mshtml.tlb
jscript9.dll
inetcpl.cpl
wininet.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Run Scan.

You should get one log. Please copy and paste it to a reply.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).


In Firefox, click on Firefox then hover over the Help and then click on Restart Firefox with Add-ons Disabled.

Click OK when it asks you if you are sure.

Firefox will restart and you will get an option to make permanent changes. Just Continue. Are you still getting redirected?


Sometimes the bug is actually in the router. How do you connect to the Internet? Cable/DSL Modem then router. If so: reset the router by holding down the reset button on the back for 30 seconds. (This will kill off any encryption you may use on your wireless so may need to connect with a cable and redo it. Good time to change the password too.)
  • 0

#7
atwitsend8745

atwitsend8745

    New Member

  • Member
  • Pip
  • 5 posts
Heres the tdsskiller log, sorry about that.

10:33:47.0342 3644 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
10:33:47.0358 3644 ============================================================
10:33:47.0358 3644 Current date / time: 2012/05/21 10:33:47.0358
10:33:47.0358 3644 SystemInfo:
10:33:47.0358 3644
10:33:47.0358 3644 OS Version: 6.1.7601 ServicePack: 1.0
10:33:47.0358 3644 Product type: Workstation
10:33:47.0358 3644 ComputerName: ASL-PC
10:33:47.0358 3644 UserName: Abel Levin
10:33:47.0358 3644 Windows directory: C:\Windows
10:33:47.0358 3644 System windows directory: C:\Windows
10:33:47.0358 3644 Running under WOW64
10:33:47.0358 3644 Processor architecture: Intel x64
10:33:47.0358 3644 Number of processors: 8
10:33:47.0358 3644 Page size: 0x1000
10:33:47.0358 3644 Boot type: Normal boot
10:33:47.0358 3644 ============================================================
10:33:47.0639 3644 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:33:47.0654 3644 ============================================================
10:33:47.0654 3644 \Device\Harddisk0\DR0:
10:33:47.0654 3644 MBR partitions:
10:33:47.0654 3644 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000
10:33:47.0654 3644 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x54E01EF0
10:33:47.0654 3644 ============================================================
10:33:47.0685 3644 C: <-> \Device\Harddisk0\DR0\Partition1
10:33:47.0685 3644 ============================================================
10:33:47.0685 3644 Initialize success
10:33:47.0685 3644 ============================================================
10:34:13.0472 4052 ============================================================
10:34:13.0472 4052 Scan started
10:34:13.0472 4052 Mode: Manual; SigCheck; TDLFS;
10:34:13.0472 4052 ============================================================
10:34:13.0878 4052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:34:13.0940 4052 1394ohci - ok
10:34:13.0987 4052 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
10:34:14.0003 4052 Acceler - ok
10:34:14.0049 4052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:34:14.0065 4052 ACPI - ok
10:34:14.0081 4052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:34:14.0143 4052 AcpiPmi - ok
10:34:14.0252 4052 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:34:14.0268 4052 AdobeARMservice - ok
10:34:14.0315 4052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:34:14.0330 4052 adp94xx - ok
10:34:14.0393 4052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:34:14.0408 4052 adpahci - ok
10:34:14.0439 4052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:34:14.0455 4052 adpu320 - ok
10:34:14.0486 4052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:34:14.0502 4052 AeLookupSvc - ok
10:34:14.0564 4052 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
10:34:14.0564 4052 AERTFilters - ok
10:34:14.0642 4052 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:34:14.0673 4052 AFD - ok
10:34:14.0689 4052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:34:14.0689 4052 agp440 - ok
10:34:14.0720 4052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:34:14.0751 4052 ALG - ok
10:34:14.0767 4052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:34:14.0783 4052 aliide - ok
10:34:14.0783 4052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:34:14.0798 4052 amdide - ok
10:34:14.0814 4052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:34:14.0814 4052 AmdK8 - ok
10:34:14.0829 4052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:34:14.0861 4052 AmdPPM - ok
10:34:14.0923 4052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:34:14.0939 4052 amdsata - ok
10:34:14.0985 4052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:34:15.0001 4052 amdsbs - ok
10:34:15.0032 4052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:34:15.0048 4052 amdxata - ok
10:34:15.0048 4052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:34:15.0126 4052 AppID - ok
10:34:15.0141 4052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:34:15.0188 4052 AppIDSvc - ok
10:34:15.0235 4052 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:34:15.0251 4052 Appinfo - ok
10:34:15.0313 4052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:34:15.0313 4052 arc - ok
10:34:15.0360 4052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:34:15.0375 4052 arcsas - ok
10:34:15.0469 4052 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:34:15.0469 4052 aspnet_state - ok
10:34:15.0485 4052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:34:15.0516 4052 AsyncMac - ok
10:34:15.0563 4052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:34:15.0578 4052 atapi - ok
10:34:15.0641 4052 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:34:15.0672 4052 AudioEndpointBuilder - ok
10:34:15.0672 4052 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:34:15.0703 4052 AudioSrv - ok
10:34:16.0031 4052 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
10:34:16.0077 4052 AVGIDSAgent - ok
10:34:16.0171 4052 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:34:16.0187 4052 AVGIDSDriver - ok
10:34:16.0218 4052 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:34:16.0218 4052 AVGIDSEH - ok
10:34:16.0233 4052 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:34:16.0249 4052 AVGIDSFilter - ok
10:34:16.0311 4052 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
10:34:16.0311 4052 Avgldx64 - ok
10:34:16.0358 4052 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
10:34:16.0358 4052 Avgmfx64 - ok
10:34:16.0405 4052 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
10:34:16.0405 4052 Avgrkx64 - ok
10:34:16.0452 4052 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
10:34:16.0467 4052 Avgtdia - ok
10:34:16.0608 4052 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
10:34:16.0623 4052 avgwd - ok
10:34:16.0670 4052 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:34:16.0764 4052 AxInstSV - ok
10:34:16.0842 4052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:34:16.0857 4052 b06bdrv - ok
10:34:16.0920 4052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:34:16.0951 4052 b57nd60a - ok
10:34:16.0982 4052 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:34:17.0029 4052 BDESVC - ok
10:34:17.0045 4052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:34:17.0091 4052 Beep - ok
10:34:17.0185 4052 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:34:17.0216 4052 BFE - ok
10:34:17.0310 4052 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
10:34:17.0341 4052 BITS - ok
10:34:17.0388 4052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:34:17.0388 4052 blbdrive - ok
10:34:17.0419 4052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:34:17.0466 4052 bowser - ok
10:34:17.0481 4052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:34:17.0497 4052 BrFiltLo - ok
10:34:17.0497 4052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:34:17.0513 4052 BrFiltUp - ok
10:34:17.0544 4052 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:34:17.0559 4052 BridgeMP - ok
10:34:17.0591 4052 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:34:17.0622 4052 Browser - ok
10:34:17.0653 4052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:34:17.0715 4052 Brserid - ok
10:34:17.0731 4052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:34:17.0762 4052 BrSerWdm - ok
10:34:17.0793 4052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:34:17.0793 4052 BrUsbMdm - ok
10:34:17.0809 4052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:34:17.0825 4052 BrUsbSer - ok
10:34:17.0840 4052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:34:17.0856 4052 BTHMODEM - ok
10:34:17.0887 4052 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:34:17.0918 4052 bthserv - ok
10:34:17.0949 4052 catchme - ok
10:34:17.0965 4052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:34:17.0996 4052 cdfs - ok
10:34:18.0027 4052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:34:18.0059 4052 cdrom - ok
10:34:18.0090 4052 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:34:18.0137 4052 CertPropSvc - ok
10:34:18.0137 4052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:34:18.0152 4052 circlass - ok
10:34:18.0199 4052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:34:18.0215 4052 CLFS - ok
10:34:18.0308 4052 CLKMSVC10_9EC60124 (730bf325e4cc1e3935b81943ac6da216) c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
10:34:18.0324 4052 CLKMSVC10_9EC60124 - ok
10:34:18.0402 4052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:34:18.0417 4052 clr_optimization_v2.0.50727_32 - ok
10:34:18.0449 4052 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:34:18.0464 4052 clr_optimization_v2.0.50727_64 - ok
10:34:18.0527 4052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:34:18.0527 4052 clr_optimization_v4.0.30319_32 - ok
10:34:18.0589 4052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:34:18.0605 4052 clr_optimization_v4.0.30319_64 - ok
10:34:18.0667 4052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:34:18.0698 4052 CmBatt - ok
10:34:18.0729 4052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:34:18.0729 4052 cmdide - ok
10:34:18.0792 4052 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:34:18.0823 4052 CNG - ok
10:34:18.0854 4052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:34:18.0854 4052 Compbatt - ok
10:34:18.0885 4052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:34:18.0917 4052 CompositeBus - ok
10:34:18.0948 4052 COMSysApp - ok
10:34:18.0963 4052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:34:18.0963 4052 crcdisk - ok
10:34:19.0010 4052 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:34:19.0041 4052 CryptSvc - ok
10:34:19.0073 4052 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:34:19.0119 4052 CtClsFlt - ok
10:34:19.0151 4052 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
10:34:19.0197 4052 dc3d - ok
10:34:19.0244 4052 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:34:19.0275 4052 DcomLaunch - ok
10:34:19.0338 4052 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:34:19.0369 4052 defragsvc - ok
10:34:19.0400 4052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:34:19.0447 4052 DfsC - ok
10:34:19.0494 4052 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:34:19.0541 4052 Dhcp - ok
10:34:19.0556 4052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:34:19.0603 4052 discache - ok
10:34:19.0665 4052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:34:19.0665 4052 Disk - ok
10:34:19.0697 4052 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:34:19.0743 4052 Dnscache - ok
10:34:19.0775 4052 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:34:19.0821 4052 dot3svc - ok
10:34:19.0884 4052 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:34:19.0899 4052 Dot4 - ok
10:34:19.0931 4052 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:34:19.0962 4052 Dot4Print - ok
10:34:19.0993 4052 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:34:20.0040 4052 dot4usb - ok
10:34:20.0071 4052 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:34:20.0102 4052 DPS - ok
10:34:20.0149 4052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:34:20.0180 4052 drmkaud - ok
10:34:20.0227 4052 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:34:20.0274 4052 dsNcAdpt - ok
10:34:20.0399 4052 dsNcService (bc4851b8cd478b93fcaedb95052a824d) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:34:20.0414 4052 dsNcService - ok
10:34:20.0508 4052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:34:20.0523 4052 DXGKrnl - ok
10:34:20.0555 4052 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:34:20.0601 4052 EapHost - ok
10:34:20.0804 4052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:34:20.0835 4052 ebdrv - ok
10:34:20.0945 4052 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:34:20.0945 4052 EFS - ok
10:34:21.0038 4052 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:34:21.0101 4052 ehRecvr - ok
10:34:21.0116 4052 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:34:21.0116 4052 ehSched - ok
10:34:21.0179 4052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:34:21.0194 4052 elxstor - ok
10:34:21.0210 4052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:34:21.0225 4052 ErrDev - ok
10:34:21.0288 4052 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:34:21.0319 4052 EventSystem - ok
10:34:21.0475 4052 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:34:21.0491 4052 EvtEng - ok
10:34:21.0584 4052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:34:21.0600 4052 exfat - ok
10:34:21.0662 4052 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys
10:34:21.0678 4052 FACAP - ok
10:34:21.0943 4052 FAService (69ce05be48cd9fb80b108be872be3a74) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
10:34:22.0005 4052 FAService ( UnsignedFile.Multi.Generic ) - warning
10:34:22.0005 4052 FAService - detected UnsignedFile.Multi.Generic (1)
10:34:22.0099 4052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:34:22.0146 4052 fastfat - ok
10:34:22.0224 4052 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:34:22.0271 4052 Fax - ok
10:34:22.0302 4052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:34:22.0333 4052 fdc - ok
10:34:22.0349 4052 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:34:22.0364 4052 fdPHost - ok
10:34:22.0380 4052 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:34:22.0427 4052 FDResPub - ok
10:34:22.0458 4052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:34:22.0473 4052 FileInfo - ok
10:34:22.0473 4052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:34:22.0505 4052 Filetrace - ok
10:34:22.0520 4052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:34:22.0520 4052 flpydisk - ok
10:34:22.0567 4052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:34:22.0583 4052 FltMgr - ok
10:34:22.0676 4052 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:34:22.0692 4052 FontCache - ok
10:34:22.0754 4052 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:34:22.0754 4052 FontCache3.0.0.0 - ok
10:34:22.0785 4052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:34:22.0801 4052 FsDepends - ok
10:34:22.0832 4052 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:34:22.0832 4052 Fs_Rec - ok
10:34:22.0863 4052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:34:22.0879 4052 fvevol - ok
10:34:22.0910 4052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:34:22.0910 4052 gagp30kx - ok
10:34:23.0019 4052 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:34:23.0051 4052 gpsvc - ok
10:34:23.0191 4052 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:34:23.0207 4052 gupdate - ok
10:34:23.0253 4052 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:34:23.0253 4052 gupdatem - ok
10:34:23.0285 4052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:34:23.0331 4052 hcw85cir - ok
10:34:23.0347 4052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:34:23.0378 4052 HDAudBus - ok
10:34:23.0409 4052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:34:23.0441 4052 HidBatt - ok
10:34:23.0472 4052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:34:23.0503 4052 HidBth - ok
10:34:23.0550 4052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:34:23.0550 4052 HidIr - ok
10:34:23.0597 4052 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
10:34:23.0643 4052 hidserv - ok
10:34:23.0690 4052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:34:23.0706 4052 HidUsb - ok
10:34:23.0768 4052 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:34:23.0799 4052 hkmsvc - ok
10:34:23.0862 4052 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:34:23.0893 4052 HomeGroupListener - ok
10:34:23.0924 4052 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:34:23.0971 4052 HomeGroupProvider - ok
10:34:24.0143 4052 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:34:24.0158 4052 hpqcxs08 - ok
10:34:24.0205 4052 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:34:24.0205 4052 hpqddsvc - ok
10:34:24.0267 4052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:34:24.0283 4052 HpSAMD - ok
10:34:24.0345 4052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:34:24.0392 4052 HTTP - ok
10:34:24.0423 4052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:34:24.0439 4052 hwpolicy - ok
10:34:24.0470 4052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:34:24.0470 4052 i8042prt - ok
10:34:24.0533 4052 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
10:34:24.0548 4052 iaStor - ok
10:34:24.0642 4052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:34:24.0657 4052 iaStorV - ok
10:34:24.0782 4052 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:34:24.0798 4052 idsvc - ok
10:34:25.0359 4052 igfx (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:34:25.0500 4052 igfx - ok
10:34:25.0625 4052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:34:25.0625 4052 iirsp - ok
10:34:25.0703 4052 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:34:25.0749 4052 IKEEXT - ok
10:34:25.0827 4052 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
10:34:25.0890 4052 Impcd - ok
10:34:26.0077 4052 IntcAzAudAddService (8fed6428fde53d7f4c105095f22524be) C:\Windows\system32\drivers\RTKVHD64.sys
10:34:26.0108 4052 IntcAzAudAddService - ok
10:34:26.0202 4052 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:34:26.0217 4052 IntcDAud - ok
10:34:26.0249 4052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:34:26.0249 4052 intelide - ok
10:34:26.0264 4052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:34:26.0295 4052 intelppm - ok
10:34:26.0327 4052 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:34:26.0373 4052 IPBusEnum - ok
10:34:26.0405 4052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:34:26.0420 4052 IpFilterDriver - ok
10:34:26.0483 4052 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:34:26.0514 4052 iphlpsvc - ok
10:34:26.0545 4052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:34:26.0576 4052 IPMIDRV - ok
10:34:26.0607 4052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:34:26.0639 4052 IPNAT - ok
10:34:26.0654 4052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:34:26.0670 4052 IRENUM - ok
10:34:26.0685 4052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:34:26.0685 4052 isapnp - ok
10:34:26.0717 4052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:34:26.0732 4052 iScsiPrt - ok
10:34:26.0748 4052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:34:26.0748 4052 kbdclass - ok
10:34:26.0763 4052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:34:26.0795 4052 kbdhid - ok
10:34:26.0841 4052 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:26.0857 4052 KeyIso - ok
10:34:26.0873 4052 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:34:26.0873 4052 KSecDD - ok
10:34:26.0919 4052 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:34:26.0935 4052 KSecPkg - ok
10:34:26.0935 4052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:34:26.0982 4052 ksthunk - ok
10:34:27.0029 4052 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:34:27.0075 4052 KtmRm - ok
10:34:27.0138 4052 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
10:34:27.0185 4052 LanmanServer - ok
10:34:27.0231 4052 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:34:27.0263 4052 LanmanWorkstation - ok
10:34:27.0341 4052 Lavasoft Kernexplorer - ok
10:34:27.0387 4052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:34:27.0419 4052 lltdio - ok
10:34:27.0465 4052 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:34:27.0497 4052 lltdsvc - ok
10:34:27.0497 4052 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:34:27.0528 4052 lmhosts - ok
10:34:27.0590 4052 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:34:27.0606 4052 LMS - ok
10:34:27.0637 4052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:34:27.0653 4052 LSI_FC - ok
10:34:27.0715 4052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:34:27.0715 4052 LSI_SAS - ok
10:34:27.0746 4052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:34:27.0762 4052 LSI_SAS2 - ok
10:34:27.0777 4052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:34:27.0793 4052 LSI_SCSI - ok
10:34:27.0809 4052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:34:27.0855 4052 luafv - ok
10:34:27.0887 4052 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:34:27.0902 4052 MBAMProtector - ok
10:34:28.0027 4052 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Creative\Malwarebytes' Anti-Malware\mbamservice.exe
10:34:28.0043 4052 MBAMService - ok
10:34:28.0121 4052 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
10:34:28.0136 4052 mcdbus - ok
10:34:28.0167 4052 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:34:28.0183 4052 Mcx2Svc - ok
10:34:28.0199 4052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:34:28.0199 4052 megasas - ok
10:34:28.0230 4052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:34:28.0245 4052 MegaSR - ok
10:34:28.0277 4052 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:34:28.0277 4052 MEIx64 - ok
10:34:28.0292 4052 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:34:28.0339 4052 MMCSS - ok
10:34:28.0370 4052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:34:28.0401 4052 Modem - ok
10:34:28.0433 4052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:34:28.0464 4052 monitor - ok
10:34:28.0495 4052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:34:28.0511 4052 mouclass - ok
10:34:28.0526 4052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:34:28.0542 4052 mouhid - ok
10:34:28.0573 4052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:34:28.0589 4052 mountmgr - ok
10:34:28.0604 4052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:34:28.0620 4052 mpio - ok
10:34:28.0635 4052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:34:28.0667 4052 mpsdrv - ok
10:34:28.0713 4052 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:34:28.0776 4052 MpsSvc - ok
10:34:28.0838 4052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:34:28.0869 4052 MRxDAV - ok
10:34:28.0916 4052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:34:28.0932 4052 mrxsmb - ok
10:34:28.0994 4052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:34:28.0994 4052 mrxsmb10 - ok
10:34:29.0041 4052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:34:29.0057 4052 mrxsmb20 - ok
10:34:29.0103 4052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:34:29.0119 4052 msahci - ok
10:34:29.0135 4052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:34:29.0150 4052 msdsm - ok
10:34:29.0197 4052 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:34:29.0213 4052 MSDTC - ok
10:34:29.0228 4052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:34:29.0244 4052 Msfs - ok
10:34:29.0244 4052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:34:29.0275 4052 mshidkmdf - ok
10:34:29.0291 4052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:34:29.0291 4052 msisadrv - ok
10:34:29.0322 4052 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:34:29.0353 4052 MSiSCSI - ok
10:34:29.0353 4052 msiserver - ok
10:34:29.0369 4052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:34:29.0384 4052 MSKSSRV - ok
10:34:29.0384 4052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:29.0431 4052 MSPCLOCK - ok
10:34:29.0462 4052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:34:29.0509 4052 MSPQM - ok
10:34:29.0540 4052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:34:29.0556 4052 MsRPC - ok
10:34:29.0571 4052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:34:29.0571 4052 mssmbios - ok
10:34:29.0587 4052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:34:29.0618 4052 MSTEE - ok
10:34:29.0649 4052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:34:29.0649 4052 MTConfig - ok
10:34:29.0665 4052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:34:29.0681 4052 Mup - ok
10:34:29.0727 4052 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
10:34:29.0743 4052 MyWiFiDHCPDNS - ok
10:34:29.0821 4052 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:34:29.0868 4052 napagent - ok
10:34:29.0930 4052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:34:29.0977 4052 NativeWifiP - ok
10:34:30.0071 4052 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
10:34:30.0086 4052 NDIS - ok
10:34:30.0117 4052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:34:30.0149 4052 NdisCap - ok
10:34:30.0164 4052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:30.0180 4052 NdisTapi - ok
10:34:30.0195 4052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:30.0211 4052 Ndisuio - ok
10:34:30.0227 4052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:30.0273 4052 NdisWan - ok
10:34:30.0305 4052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:34:30.0320 4052 NDProxy - ok
10:34:30.0383 4052 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:34:30.0383 4052 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:34:30.0383 4052 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:34:30.0398 4052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:34:30.0429 4052 NetBIOS - ok
10:34:30.0476 4052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:34:30.0492 4052 NetBT - ok
10:34:30.0539 4052 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:30.0554 4052 Netlogon - ok
10:34:30.0601 4052 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:34:30.0632 4052 Netman - ok
10:34:30.0710 4052 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:30.0726 4052 NetMsmqActivator - ok
10:34:30.0726 4052 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:30.0726 4052 NetPipeActivator - ok
10:34:30.0757 4052 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:34:30.0788 4052 netprofm - ok
10:34:30.0788 4052 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:30.0804 4052 NetTcpActivator - ok
10:34:30.0804 4052 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:30.0804 4052 NetTcpPortSharing - ok
10:34:31.0209 4052 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
10:34:31.0319 4052 NETwNs64 - ok
10:34:31.0397 4052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:34:31.0397 4052 nfrd960 - ok
10:34:31.0443 4052 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:34:31.0490 4052 NlaSvc - ok
10:34:31.0506 4052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:34:31.0537 4052 Npfs - ok
10:34:31.0537 4052 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:34:31.0568 4052 nsi - ok
10:34:31.0568 4052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:34:31.0599 4052 nsiproxy - ok
10:34:31.0755 4052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:34:31.0771 4052 Ntfs - ok
10:34:31.0865 4052 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:34:31.0865 4052 NuidFltr - ok
10:34:31.0880 4052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:34:31.0896 4052 Null - ok
10:34:31.0943 4052 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
10:34:31.0989 4052 nusb3hub - ok
10:34:32.0036 4052 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:34:32.0067 4052 nusb3xhc - ok
10:34:32.0598 4052 nvlddmkm (573b0941a37aebee96085d56a103f57b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:34:32.0723 4052 nvlddmkm - ok
10:34:32.0769 4052 nvpciflt (43af7ebeac2ab623468e32caddcb61a4) C:\Windows\system32\DRIVERS\nvpciflt.sys
10:34:32.0785 4052 nvpciflt - ok
10:34:32.0832 4052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:34:32.0832 4052 nvraid - ok
10:34:32.0879 4052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:34:32.0894 4052 nvstor - ok
10:34:32.0925 4052 NvStUSB (9e01b716c8085f7adb1cdc10103ceef8) C:\Windows\system32\drivers\nvstusb.sys
10:34:32.0925 4052 NvStUSB - ok
10:34:33.0019 4052 NVSvc (c500760572c6059918fb0c960967695b) C:\Windows\system32\nvvsvc.exe
10:34:33.0035 4052 NVSvc - ok
10:34:33.0206 4052 nvUpdatusService (f28169a7adf7b41809cf92d369e744f0) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:34:33.0222 4052 nvUpdatusService - ok
10:34:33.0347 4052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:34:33.0362 4052 nv_agp - ok
10:34:33.0409 4052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:34:33.0456 4052 ohci1394 - ok
10:34:33.0518 4052 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:34:33.0534 4052 ose - ok
10:34:33.0877 4052 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:34:33.0939 4052 osppsvc - ok
10:34:34.0002 4052 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:34:34.0049 4052 p2pimsvc - ok
10:34:34.0080 4052 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:34:34.0095 4052 p2psvc - ok
10:34:34.0142 4052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:34:34.0158 4052 Parport - ok
10:34:34.0220 4052 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
10:34:34.0220 4052 partmgr - ok
10:34:34.0251 4052 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:34:34.0283 4052 PcaSvc - ok
10:34:34.0329 4052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:34:34.0329 4052 pci - ok
10:34:34.0407 4052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:34:34.0407 4052 pciide - ok
10:34:34.0439 4052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:34:34.0454 4052 pcmcia - ok
10:34:34.0501 4052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:34:34.0501 4052 pcw - ok
10:34:34.0595 4052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:34:34.0641 4052 PEAUTH - ok
10:34:34.0719 4052 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:34:34.0751 4052 PerfHost - ok
10:34:34.0860 4052 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:34:34.0907 4052 pla - ok
10:34:34.0985 4052 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:34:35.0031 4052 PlugPlay - ok
10:34:35.0094 4052 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:34:35.0109 4052 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:34:35.0109 4052 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:34:35.0109 4052 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:34:35.0125 4052 PNRPAutoReg - ok
10:34:35.0156 4052 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:34:35.0172 4052 PNRPsvc - ok
10:34:35.0234 4052 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
10:34:35.0234 4052 Point64 - ok
10:34:35.0297 4052 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:34:35.0343 4052 PolicyAgent - ok
10:34:35.0390 4052 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:34:35.0437 4052 Power - ok
10:34:35.0484 4052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:34:35.0531 4052 PptpMiniport - ok
10:34:35.0546 4052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:34:35.0577 4052 Processor - ok
10:34:35.0624 4052 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:34:35.0671 4052 ProfSvc - ok
10:34:35.0702 4052 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:35.0718 4052 ProtectedStorage - ok
10:34:35.0733 4052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:34:35.0749 4052 Psched - ok
10:34:35.0780 4052 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:34:35.0780 4052 PxHlpa64 - ok
10:34:35.0811 4052 qicflt (0928bd20273625622722fe1de5bbde57) C:\Windows\system32\DRIVERS\qicflt.sys
10:34:35.0811 4052 qicflt - ok
10:34:35.0921 4052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:34:35.0952 4052 ql2300 - ok
10:34:36.0077 4052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:34:36.0092 4052 ql40xx - ok
10:34:36.0123 4052 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:34:36.0139 4052 QWAVE - ok
10:34:36.0155 4052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:34:36.0155 4052 QWAVEdrv - ok
10:34:36.0248 4052 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
10:34:36.0264 4052 RapiMgr - ok
10:34:36.0279 4052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:34:36.0311 4052 RasAcd - ok
10:34:36.0326 4052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:34:36.0357 4052 RasAgileVpn - ok
10:34:36.0373 4052 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:34:36.0404 4052 RasAuto - ok
10:34:36.0435 4052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:36.0482 4052 Rasl2tp - ok
10:34:36.0545 4052 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:34:36.0591 4052 RasMan - ok
10:34:36.0623 4052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:36.0669 4052 RasPppoe - ok
10:34:36.0701 4052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:34:36.0716 4052 RasSstp - ok
10:34:36.0763 4052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:34:36.0779 4052 rdbss - ok
10:34:36.0794 4052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:34:36.0825 4052 rdpbus - ok
10:34:36.0857 4052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:36.0903 4052 RDPCDD - ok
10:34:36.0919 4052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:34:36.0935 4052 RDPENCDD - ok
10:34:36.0950 4052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:34:36.0981 4052 RDPREFMP - ok
10:34:37.0013 4052 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:34:37.0075 4052 RDPWD - ok
10:34:37.0106 4052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:34:37.0122 4052 rdyboost - ok
10:34:37.0247 4052 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:34:37.0247 4052 RegSrvc - ok
10:34:37.0278 4052 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:34:37.0309 4052 RemoteAccess - ok
10:34:37.0356 4052 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:34:37.0387 4052 RemoteRegistry - ok
10:34:37.0543 4052 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
10:34:37.0559 4052 RoxMediaDB12OEM - ok
10:34:37.0590 4052 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
10:34:37.0605 4052 RoxWatch12 - ok
10:34:37.0683 4052 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:34:37.0699 4052 RpcEptMapper - ok
10:34:37.0730 4052 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:34:37.0730 4052 RpcLocator - ok
10:34:37.0777 4052 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
10:34:37.0808 4052 RpcSs - ok
10:34:37.0824 4052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:34:37.0871 4052 rspndr - ok
10:34:37.0964 4052 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:34:37.0980 4052 RTL8167 - ok
10:34:38.0027 4052 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:38.0042 4052 SamSs - ok
10:34:38.0058 4052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:34:38.0073 4052 sbp2port - ok
10:34:38.0120 4052 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:34:38.0151 4052 SCardSvr - ok
10:34:38.0183 4052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:34:38.0229 4052 scfilter - ok
10:34:38.0323 4052 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:34:38.0354 4052 Schedule - ok
10:34:38.0385 4052 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:34:38.0401 4052 SCPolicySvc - ok
10:34:38.0417 4052 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:34:38.0463 4052 SDRSVC - ok
10:34:38.0495 4052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:34:38.0526 4052 secdrv - ok
10:34:38.0557 4052 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:34:38.0588 4052 seclogon - ok
10:34:38.0635 4052 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
10:34:38.0682 4052 SENS - ok
10:34:38.0729 4052 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:34:38.0760 4052 SensrSvc - ok
10:34:38.0807 4052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:34:38.0838 4052 Serenum - ok
10:34:38.0869 4052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:34:38.0900 4052 Serial - ok
10:34:38.0947 4052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:34:38.0978 4052 sermouse - ok
10:34:39.0025 4052 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:34:39.0072 4052 SessionEnv - ok
10:34:39.0087 4052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:34:39.0087 4052 sffdisk - ok
10:34:39.0103 4052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:34:39.0134 4052 sffp_mmc - ok
10:34:39.0165 4052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:34:39.0197 4052 sffp_sd - ok
10:34:39.0228 4052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:34:39.0243 4052 sfloppy - ok
10:34:39.0306 4052 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:34:39.0321 4052 SharedAccess - ok
10:34:39.0368 4052 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:34:39.0399 4052 ShellHWDetection - ok
10:34:39.0415 4052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:34:39.0431 4052 SiSRaid2 - ok
10:34:39.0431 4052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:34:39.0446 4052 SiSRaid4 - ok
10:34:39.0462 4052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:34:39.0477 4052 Smb - ok
10:34:39.0509 4052 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:34:39.0555 4052 SNMPTRAP - ok
10:34:39.0587 4052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:34:39.0587 4052 spldr - ok
10:34:39.0649 4052 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:34:39.0680 4052 Spooler - ok
10:34:39.0930 4052 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:34:39.0977 4052 sppsvc - ok
10:34:40.0055 4052 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:34:40.0086 4052 sppuinotify - ok
10:34:40.0133 4052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:34:40.0179 4052 srv - ok
10:34:40.0226 4052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:34:40.0257 4052 srv2 - ok
10:34:40.0289 4052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:34:40.0304 4052 srvnet - ok
10:34:40.0335 4052 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:34:40.0351 4052 SSDPSRV - ok
10:34:40.0382 4052 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:34:40.0398 4052 SstpSvc - ok
10:34:40.0429 4052 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
10:34:40.0445 4052 stdcfltn - ok
10:34:40.0523 4052 Stereo Service (0683504bbb3ffc0a73d9d217b63dd0e0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
10:34:40.0538 4052 Stereo Service - ok
10:34:40.0554 4052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:34:40.0569 4052 stexstor - ok
10:34:40.0616 4052 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:34:40.0632 4052 stisvc - ok
10:34:40.0679 4052 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
10:34:40.0679 4052 stllssvr - ok
10:34:40.0694 4052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:34:40.0694 4052 swenum - ok
10:34:40.0788 4052 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:34:40.0835 4052 swprv - ok
10:34:40.0975 4052 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
10:34:40.0991 4052 SynTP - ok
10:34:41.0162 4052 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:34:41.0209 4052 SysMain - ok
10:34:41.0287 4052 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:34:41.0303 4052 TabletInputService - ok
10:34:41.0334 4052 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:34:41.0349 4052 TapiSrv - ok
10:34:41.0381 4052 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:34:41.0396 4052 TBS - ok
10:34:41.0537 4052 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
10:34:41.0552 4052 Tcpip - ok
10:34:41.0739 4052 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
10:34:41.0755 4052 TCPIP6 - ok
10:34:41.0833 4052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:34:41.0864 4052 tcpipreg - ok
10:34:41.0880 4052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:34:41.0895 4052 TDPIPE - ok
10:34:41.0927 4052 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:34:41.0942 4052 TDTCP - ok
10:34:41.0958 4052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:34:41.0973 4052 tdx - ok
10:34:41.0989 4052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
10:34:42.0005 4052 TermDD - ok
10:34:42.0051 4052 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:34:42.0083 4052 TermService - ok
10:34:42.0098 4052 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:34:42.0098 4052 Themes - ok
10:34:42.0129 4052 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:34:42.0145 4052 THREADORDER - ok
10:34:42.0176 4052 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:34:42.0207 4052 TrkWks - ok
10:34:42.0301 4052 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:34:42.0332 4052 TrustedInstaller - ok
10:34:42.0363 4052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:42.0410 4052 tssecsrv - ok
10:34:42.0473 4052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:34:42.0488 4052 TsUsbFlt - ok
10:34:42.0504 4052 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:34:42.0504 4052 TsUsbGD - ok
10:34:42.0551 4052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:34:42.0597 4052 tunnel - ok
10:34:42.0644 4052 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
10:34:42.0644 4052 TurboB - ok
10:34:42.0707 4052 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
10:34:42.0707 4052 TurboBoost - ok
10:34:42.0722 4052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:34:42.0738 4052 uagp35 - ok
10:34:42.0769 4052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:34:42.0816 4052 udfs - ok
10:34:42.0847 4052 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:34:42.0878 4052 UI0Detect - ok
10:34:42.0925 4052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:34:42.0925 4052 uliagpkx - ok
10:34:42.0956 4052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:34:42.0987 4052 umbus - ok
10:34:43.0019 4052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:34:43.0050 4052 UmPass - ok
10:34:43.0268 4052 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:34:43.0299 4052 UNS - ok
10:34:43.0409 4052 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:34:43.0455 4052 upnphost - ok
10:34:43.0533 4052 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:43.0580 4052 usbccgp - ok
10:34:43.0611 4052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:34:43.0611 4052 usbcir - ok
10:34:43.0643 4052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:34:43.0658 4052 usbehci - ok
10:34:43.0721 4052 usbhub (8b892002d7b79312821169a14317ab86) C:\Windows\system32\DRIVERS\usbhub.sys
10:34:43.0767 4052 usbhub - ok
10:34:43.0814 4052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:34:43.0830 4052 usbohci - ok
10:34:43.0845 4052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:34:43.0877 4052 usbprint - ok
10:34:43.0923 4052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:34:43.0939 4052 usbscan - ok
10:34:44.0001 4052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:34:44.0048 4052 USBSTOR - ok
10:34:44.0095 4052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:34:44.0126 4052 usbuhci - ok
10:34:44.0173 4052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:34:44.0189 4052 usbvideo - ok
10:34:44.0220 4052 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:34:44.0267 4052 UxSms - ok
10:34:44.0313 4052 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:44.0329 4052 VaultSvc - ok
10:34:44.0360 4052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:34:44.0376 4052 vdrvroot - ok
10:34:44.0454 4052 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:34:44.0501 4052 vds - ok
10:34:44.0532 4052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:44.0532 4052 vga - ok
10:34:44.0547 4052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:34:44.0594 4052 VgaSave - ok
10:34:44.0672 4052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:34:44.0688 4052 vhdmp - ok
10:34:44.0719 4052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:34:44.0735 4052 viaide - ok
10:34:44.0766 4052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:34:44.0766 4052 volmgr - ok
10:34:44.0828 4052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:34:44.0828 4052 volmgrx - ok
10:34:44.0953 4052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:34:44.0969 4052 volsnap - ok
10:34:45.0000 4052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:34:45.0015 4052 vsmraid - ok
10:34:45.0171 4052 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:34:45.0218 4052 VSS - ok
10:34:45.0327 4052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:34:45.0343 4052 vwifibus - ok
10:34:45.0359 4052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:34:45.0405 4052 vwififlt - ok
10:34:45.0421 4052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:34:45.0437 4052 vwifimp - ok
10:34:45.0483 4052 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:34:45.0515 4052 W32Time - ok
10:34:45.0530 4052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:34:45.0561 4052 WacomPen - ok
10:34:45.0593 4052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:45.0639 4052 WANARP - ok
10:34:45.0655 4052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:45.0671 4052 Wanarpv6 - ok
10:34:45.0795 4052 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:34:45.0811 4052 WatAdminSvc - ok
10:34:45.0920 4052 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:34:45.0983 4052 wbengine - ok
10:34:46.0061 4052 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:34:46.0092 4052 WbioSrvc - ok
10:34:46.0217 4052 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
10:34:46.0232 4052 WcesComm - ok
10:34:46.0279 4052 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:34:46.0310 4052 wcncsvc - ok
10:34:46.0341 4052 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:34:46.0357 4052 WcsPlugInService - ok
10:34:46.0373 4052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:34:46.0373 4052 Wd - ok
10:34:46.0419 4052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:34:46.0435 4052 Wdf01000 - ok
10:34:46.0451 4052 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:34:46.0513 4052 WdiServiceHost - ok
10:34:46.0513 4052 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:34:46.0529 4052 WdiSystemHost - ok
10:34:46.0544 4052 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
10:34:46.0544 4052 wdkmd - ok
10:34:46.0575 4052 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:34:46.0622 4052 WebClient - ok
10:34:46.0653 4052 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:34:46.0700 4052 Wecsvc - ok
10:34:46.0716 4052 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:34:46.0747 4052 wercplsupport - ok
10:34:46.0763 4052 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:34:46.0809 4052 WerSvc - ok
10:34:46.0825 4052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:34:46.0856 4052 WfpLwf - ok
10:34:46.0887 4052 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:34:46.0887 4052 WimFltr - ok
10:34:46.0903 4052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:34:46.0903 4052 WIMMount - ok
10:34:46.0965 4052 WinDefend - ok
10:34:46.0965 4052 WinHttpAutoProxySvc - ok
10:34:47.0028 4052 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:34:47.0059 4052 Winmgmt - ok
10:34:47.0199 4052 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:34:47.0231 4052 WinRM - ok
10:34:47.0355 4052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:34:47.0371 4052 WinUsb - ok
10:34:47.0433 4052 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:34:47.0480 4052 Wlansvc - ok
10:34:47.0527 4052 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:34:47.0543 4052 wlcrasvc - ok
10:34:47.0683 4052 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:34:47.0699 4052 wlidsvc - ok
10:34:47.0777 4052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:34:47.0808 4052 WmiAcpi - ok
10:34:47.0855 4052 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:34:47.0855 4052 wmiApSrv - ok
10:34:47.0886 4052 WMPNetworkSvc - ok
10:34:47.0901 4052 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:34:47.0933 4052 WPCSvc - ok
10:34:47.0948 4052 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:34:47.0948 4052 WPDBusEnum - ok
10:34:47.0979 4052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:34:47.0995 4052 ws2ifsl - ok
10:34:48.0011 4052 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
10:34:48.0042 4052 wscsvc - ok
10:34:48.0057 4052 WSearch - ok
10:34:48.0213 4052 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:34:48.0260 4052 wuauserv - ok
10:34:48.0338 4052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:34:48.0385 4052 WudfPf - ok
10:34:48.0416 4052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:48.0447 4052 WUDFRd - ok
10:34:48.0494 4052 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:34:48.0510 4052 wudfsvc - ok
10:34:48.0588 4052 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:34:48.0619 4052 WwanSvc - ok
10:34:48.0666 4052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:34:49.0040 4052 \Device\Harddisk0\DR0 - ok
10:34:49.0040 4052 Boot (0x1200) (3246a901dd6c10bbe21df021cc1b8685) \Device\Harddisk0\DR0\Partition0
10:34:49.0040 4052 \Device\Harddisk0\DR0\Partition0 - ok
10:34:49.0071 4052 Boot (0x1200) (887283dad51f5ec7d226b0f64c44139c) \Device\Harddisk0\DR0\Partition1
10:34:49.0071 4052 \Device\Harddisk0\DR0\Partition1 - ok
10:34:49.0071 4052 ============================================================
10:34:49.0071 4052 Scan finished
10:34:49.0071 4052 ============================================================
10:34:49.0071 1436 Detected object count: 3
10:34:49.0071 1436 Actual detected object count: 3
10:36:37.0429 1436 FAService ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:37.0429 1436 FAService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:37.0429 1436 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:37.0429 1436 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:37.0429 1436 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:36:37.0429 1436 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:36:40.0487 1460 Deinitialize success
  • 0

#8
atwitsend8745

atwitsend8745

    New Member

  • Member
  • Pip
  • 5 posts
At the begining of your post you mention "copy the text into the code box" but didnt mention which program to do it in. Am I missing something? I just wanted to be extra careful and check with you first. Thanks!
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 13,200 posts
  • MVP
Not into the code box. Copy the text in the code box. The code box is the area with a different color just below where I say:

Copy the text in the code box by highlighting and Ctrl + c


I just want you to copy the text. I tell you later where to paste it.

This is the stuff in the code box:

:OTL
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-re...S&ver=4.0.0.125
[2012/02/12 14:41:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]



Then we want to start up OTL as Admin and paste the copied text into Custom Scans/Fixes box

Then click on RUN FIX button (NOT THE QUICK SCAN button!) at the top

The second time we do the same but we press the Run Scan button.
  • 0

Advertisement




Similar Topics: Redirect Virus/Malware please help, tried everything     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured