Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

All protection limited or down


  • Please log in to reply

#31
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I must add, Im just browsing the internet settings, firewall are turned on but for "home or work private networks", its not connected.
Also, HP connection manager recognises when a LAN cable or wifi connection is available or plugged in, but no physical access to the internet.
  • 0

Advertisements


#32
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
Probably easier to fix if we can work with the PC connected with a cable to the router rather than with the wireless so hook it up and then:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

net  start  >>  \newjunk.txt

ipconfig  /all  >>  \newjunk.txt

netsh  winsock  reset catalog  >>  \newjunkt.txt

netsh  winsock  show  catalog  >>  \newjunk.txt

reg  query  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip  /s  >>  \newjunk.txt

reg  query  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP  /s  >> \newjunk.txt

netsh  int  ip  reset  reset.log  \newjunk2.txt

netsh  int  ipv4  reset  \newjunk3.txt

This should create three files: C:\newjunk.txt, C:\newjunk2.txt, C:\newjunk3.txt

Move them to your good PC and attach them.
  • 0

#33
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
netsh int ipv4 reset \newjunk3.txt

error

Theres no user specified settings to be reset.


  • 0

#34
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
newjunk.txt

These Windows services are started:

AMD External Events Utility
Andrea ST Filters Service
Application Information
Audio Service
AVG WatchDog
Background Intelligent Transfer Service
Base Filtering Engine
Bluetooth Device Monitor
Bluetooth Media Service
Bluetooth OBEX Service
Bluetooth Support Service
Bonjour Service
COM+ Event System
Credential Manager
Cryptographic Services
DCOM Server Process Launcher
Desktop Window Manager Session Manager
Distributed Link Tracking Client
DNS Client
Easybits Services for Windows
EPSON V3 Service4(01)
Extensible Authentication Protocol
Group Policy Client
HP Client Services
HP Connection Manager 4.0 Service
HP Quick Synchronization Service
HP Service
HP Software Framework Service
HP Support Assistant Service
HPWMISVC
IconMan_R
IKE and AuthIP IPsec Keying Modules
Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service
Intel® PROSet/Wireless Event Log
Intel® PROSet/Wireless Registry Service
Intel® Rapid Storage Technology
Intel© Centrino© Wireless Bluetooth© 3.0 + High Speed Service
IP Helper
iPod Service
IPsec Policy Agent
Microsoft Antimalware Service
Multimedia Class Scheduler
Network Connections
Network Store Interface Service
Plug and Play
Power
Print Spooler
Program Compatibility Assistant Service
Protected Storage
Rapport Management Service
Remote Procedure Call (RPC)
RosettaStoneDaemon
RPC Endpoint Mapper
Security Accounts Manager
Security Center
Server
Shell Hardware Detection
SSDP Discovery
Superfetch
System Event Notification Service
Tablet PC Input Service
TCP/IP NetBIOS Helper
Themes
UPnP Device Host
User Profile Service
vToolbarUpdater11.2.0
Windows Audio
Windows Audio Endpoint Builder
Windows Driver Foundation - User-mode Driver Framework
Windows Event Log
Windows Firewall
Windows Font Cache Service
Windows Image Acquisition (WIA)
Windows Live ID Sign-in Assistant
Windows Management Instrumentation
Windows Presentation Foundation Font Cache 3.0.0.0
Windows Search
Windows Update
WLAN AutoConfig
Workstation

The command completed successfully.


Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Service Flags: 0x20066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 3
Protocol: 0
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD RfComm [Bluetooth]
Provider ID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1008
Version: 2
Address Family: 32
Max Address Length: 30
Min Address Length: 30
Socket Type: 1
Protocol: 3
Service Flags: 0x20026
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1009
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Service Flags: 0x20066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1010
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1011
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCPv6 Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1004
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Service Flags: 0x22066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1005
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Service Flags: 0x22066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDPv6 Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1006
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Service Flags: 0x22609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1007
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Service Flags: 0x22609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD Tcpip [TCP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Service Flags: 0x20066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD Tcpip [UDP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD Tcpip [RAW/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 3
Protocol: 0
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD RfComm [Bluetooth]
Provider ID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1008
Version: 2
Address Family: 32
Max Address Length: 30
Min Address Length: 30
Socket Type: 1
Protocol: 3
Service Flags: 0x20026
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1009
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Service Flags: 0x20066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1010
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1011
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Service Flags: 0x20609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: RSVP TCPv6 Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1004
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Service Flags: 0x22066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1005
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Service Flags: 0x22066
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: RSVP UDPv6 Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1006
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Service Flags: 0x22609
Protocol Chain Length: 1

Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider (32)
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: %SystemRoot%\system32\mswsock.dll
Catalog Entry ID: 1007
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Service Flags: 0x22609
Protocol Chain Length: 1

Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness Legacy (NLAv1) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: E-mail Naming Shim Provider
Provider ID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Name Space: 37
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: PNRP Cloud Namespace Provider
Provider ID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Name Space: 39
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: PNRP Name Namespace Provider
Provider ID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Name Space: 38
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Bluetooth Namespace
Provider ID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Name Space: 16
Active: 1
Version: 0


Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0



HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip
BootFlags REG_DWORD 0x1
DisplayName REG_SZ @%SystemRoot%\system32\tcpipcfg.dll,-50003
Group REG_SZ PNP_TDI
ImagePath REG_EXPAND_SZ System32\drivers\tcpip.sys
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x0
Tag REG_DWORD 0x3
Type REG_DWORD 0x1
NdisMajorVersion REG_DWORD 0x6
NdisMinorVersion REG_DWORD 0x14
Description REG_SZ @%SystemRoot%\system32\tcpipcfg.dll,-50003

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Linkage
Bind REG_MULTI_SZ \Device\{46045219-FB00-4EDA-A64B-55E3DFEB19C0}\0\Device\{22023BB7-0902-44FD-B203-23D861160B80}\0\Device\{D470E946-DF3A-4954-BC76-4F449E67C648}\0\Device\{8541CBBC-0C09-4728-8AAD-B7F29078B0C5}\0\Device\{7EF8433A-EB58-4A4C-AF19-B925408A5872}
Route REG_MULTI_SZ "{46045219-FB00-4EDA-A64B-55E3DFEB19C0}"\0"{22023BB7-0902-44FD-B203-23D861160B80}"\0"{D470E946-DF3A-4954-BC76-4F449E67C648}"\0"{8541CBBC-0C09-4728-8AAD-B7F29078B0C5}"\0"{7EF8433A-EB58-4A4C-AF19-B925408A5872}"
Export REG_MULTI_SZ \Device\Tcpip_{46045219-FB00-4EDA-A64B-55E3DFEB19C0}\0\Device\Tcpip_{22023BB7-0902-44FD-B203-23D861160B80}\0\Device\Tcpip_{D470E946-DF3A-4954-BC76-4F449E67C648}\0\Device\Tcpip_{8541CBBC-0C09-4728-8AAD-B7F29078B0C5}\0\Device\Tcpip_{7EF8433A-EB58-4A4C-AF19-B925408A5872}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters
SearchList REG_SZ
UseDomainNameDevolution REG_DWORD 0x1
DeadGWDetectDefault REG_DWORD 0x1
DontAddDefaultGatewayDefault REG_DWORD 0x0
DataBasePath REG_EXPAND_SZ %SystemRoot%\System32\drivers\etc
NameServer REG_SZ
ForwardBroadcasts REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Adapters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Adapters\{22023BB7-0902-44FD-B203-23D861160B80}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Adapters\{46045219-FB00-4EDA-A64B-55E3DFEB19C0}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Adapters\{7EF8433A-EB58-4A4C-AF19-B925408A5872}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Adapters\{8541CBBC-0C09-4728-8AAD-B7F29078B0C5}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Adapters\{D470E946-DF3A-4954-BC76-4F449E67C648}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\DNSRegisteredAdapters

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces\{22023bb7-0902-44fd-b203-23d861160b80}
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces\{46045219-fb00-4eda-a64b-55e3dfeb19c0}
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x1
DhcpIPAddress REG_SZ 0.0.0.0
DhcpSubnetMask REG_SZ 255.0.0.0
DhcpServer REG_SZ 255.255.255.255
Lease REG_DWORD 0x0
LeaseObtainedTime REG_DWORD 0x0
T1 REG_DWORD 0x0
T2 REG_DWORD 0x0
LeaseTerminatesTime REG_DWORD 0x0
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces\{7EF8433A-EB58-4A4C-AF19-B925408A5872}
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x1
DhcpIPAddress REG_SZ 192.168.1.100
DhcpSubnetMask REG_SZ 255.255.255.0
DhcpServer REG_SZ 192.168.1.254
Lease REG_DWORD 0x15180
LeaseObtainedTime REG_DWORD 0x4fee52c9
T1 REG_DWORD 0x4feefb89
T2 REG_DWORD 0x4fef7a19
LeaseTerminatesTime REG_DWORD 0x4fefa449
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x1
DhcpNetworkHint REG_SZ D4950294E4455425E45445
DhcpInterfaceOptions REG_BINARY 0300000000000000040000000000000049A4EF4FC0A801FE0600000000000000040000000000000049A4EF4FC0A801FE0F00000000000000060000000000000049A4EF4F636F6E66696700000100000000000000040000000000000049A4EF4FFFFFFF003300000000000000040000000000000049A4EF4F000151803600000000000000040000000000000049A4EF4FC0A801FE3500000000000000010000000000000049A4EF4F05000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces\{8541cbbc-0c09-4728-8aad-b7f29078b0c5}
EnableDHCP REG_DWORD 0x1
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x1
DhcpIPAddress REG_SZ 0.0.0.0
DhcpSubnetMask REG_SZ 255.0.0.0
DhcpServer REG_SZ 255.255.255.255
Lease REG_DWORD 0x0
LeaseObtainedTime REG_DWORD 0x0
T1 REG_DWORD 0x0
T2 REG_DWORD 0x0
LeaseTerminatesTime REG_DWORD 0x0
AddressType REG_DWORD 0x0
IsServerNapAware REG_DWORD 0x0
DhcpConnForceBroadcastFlag REG_DWORD 0x0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Interfaces\{d470e946-df3a-4954-bc76-4f449e67c648}
EnableDHCP REG_DWORD 0x0
NameServer REG_SZ
Domain REG_SZ
RegistrationEnabled REG_DWORD 0x1
RegisterAdapterName REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\PersistentRoutes

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Parameters\Winsock
UseDelayedAcceptance REG_DWORD 0x0
HelperDllName REG_EXPAND_SZ %SystemRoot%\System32\wshtcpip.dll
MaxSockAddrLength REG_DWORD 0x10
MinSockAddrLength REG_DWORD 0x10
Mapping REG_BINARY 08000000030000000200000001000000060000000200000001000000000000000200000000000000060000000200000002000000110000000200000002000000000000000200000000000000110000000200000003000000FF000000020000000300000000000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Performance
Close REG_SZ CloseTcpIpPerformanceData
Collect REG_SZ CollectTcpIpPerformanceData
Library REG_EXPAND_SZ %SystemRoot%\System32\Perfctrs.dll
Open REG_SZ OpenTcpIpPerformanceData
Object List REG_SZ 502 510 546 548 582 638 658 1530 1532 1534

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\ServiceProvider
Class REG_DWORD 0x8
DnsPriority REG_DWORD 0x7d0
HostsPriority REG_DWORD 0x1f4
LocalPriority REG_DWORD 0x1f3
NetbtPriority REG_DWORD 0x7d1
ProviderPath REG_EXPAND_SZ %SystemRoot%\System32\wsock32.dll
Name REG_SZ TCP/IP

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpip\Enum
0 REG_SZ Root\LEGACY_TCPIP\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

newjunkt.txt

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

Attached Thumbnails

  • jkinner.png

Edited by ypkx, 30 June 2012 - 11:40 AM.

  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
I don't see

ipconfig /all >> \newjunk.txt


or

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP /s >> \newjunk.txt

can you do them again? If you change the first one from >> to > it will erase the old stuff:


ipconfig /all > \newjunk.txt


reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP /s >> \newjunk.txt

Also let's add:

net start dhcp >> \newjunk.txt

then attach or copy and paste the c:\newjunk.txt file.
  • 0

#36
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

I don't see

ipconfig /all >> \newjunk.txt


or

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP /s >> \newjunk.txt

can you do them again? If you change the first one from >> to > it will erase the old stuff:


ipconfig /all > \newjunk.txt


reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TCPIP /s >> \newjunk.txt

Also let's add:

net start dhcp >> \newjunk.txt

then attach or copy and paste the c:\newjunk.txt file.


I typed those in, please see attachments from my previous post.

But I just re did it as you asked, and this time there is an error with -

reg query HKEY_LOCAL_MACHINE\CurrentControlSet\Enum\Root\LEGACY_TCPIP /s \newjunk.txt

saying

ERROR: The system was unable to find the specified regisry key or value


also an error with net start dhcp >> \newjunk.txt

The DHCP Client serice could not be started

A system error has occurred. System error 5 has occurred. Access is denied



Here is the attached newjunk.txt

Windows IP Configuration

Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : AC-72-89-6F-82-AF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : AC-72-89-6F-82-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : AC-72-89-6F-82-AF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 10-1F-74-11-E1-3A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a1f8:db4b:dfdf:cf84%13(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.207.132(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030
Physical Address. . . . . . . . . : AC-72-89-6F-82-AE
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::18a0:1985:5bec:386a%14(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.56.106(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{8541CBBC-0C09-4728-8AAD-B7F29078B0C5}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {9885241F-4556-46C6-AB02-1B82DA86F204}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{D470E946-DF3A-4954-BC76-4F449E67C648}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{46045219-FB00-4EDA-A64B-55E3DFEB19C0}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{22023BB7-0902-44FD-B203-23D861160B80}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
The DHCP Client service is starting.


Edited by ypkx, 01 July 2012 - 05:13 AM.

  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
The fact that dhcp is now showing access denied is a bad sign. I assume you were using a Command Prompt where you had right clicked on it and Run As Admin?

IF it has changed on its own then the infection is still active and needs to be removed.

This is my standard removal procedure for Zero Access. I would suggest you download all of the programs and move them to the sick PC using a CD or USB drive then work your way through the list.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


The fact that the legacy_tcpip registry entry does not exist explains why there is no connection to the internet. I have a rather involved procedure to fix it but it's pretty drastic:

Do you have the file:

C:\WINDOWS\inf\nettcpip.inf

IF so. Back up your registry:

http://pcsupport.abo...backupxpreg.htm

Then see if you can follow the steps in the Hardcore method when nothing else is working section on

http://smokeys.wordp...p3-tcpip-stack/

Before we do that we could try merging the one from my PC and see if it helps. Download the attached legtcp.reg file and save it. Move it to the sick PC and right click then Merge the file.
  • 0

#38
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

The fact that dhcp is now showing access denied is a bad sign. I assume you were using a Command Prompt where you had right clicked on it and Run As Admin?

IF it has changed on its own then the infection is still active and needs to be removed.



Before we do that we could try merging the one from my PC and see if it helps. Download the attached legtcp.reg file and save it. Move it to the sick PC and right click then Merge the file.


I have ran Command Prompt with admin every step since the first. I would not be surprised if the infection is still roaming, as I do not know what tools or ways my girlfriends dad went to remove this virus.

I just tried merging the new legtcp.reg to my computer, and rebooted, no good.


Just running the programs to remove the virus. Will reply as soon as I finish, thanks.

Edited by ypkx, 02 July 2012 - 04:14 AM.

  • 0

#39
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Just want to say, I had errors trying to run Event Viewer .exe , some sort of coding error, not too sure what this was, either software error or something to do with the parameters you asked me to set?

Thanks!

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 11:22:25
-----------------------------
11:22:25.861 OS Version: Windows x64 6.1.7601 Service Pack 1
11:22:25.861 Number of processors: 8 586 0x2A07
11:22:25.861 ComputerName: HPDV6 UserName: User
11:22:27.873 Initialize success
11:22:29.901 AVAST engine download error: 0
11:22:29.917 AVAST engine error: 11003
11:22:36.952 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:22:36.952 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
11:22:36.984 Disk 0 MBR read successfully
11:22:36.999 Disk 0 MBR scan
11:22:36.999 Disk 0 Windows 7 default MBR code
11:22:36.999 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:22:37.015 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700681 MB offset 409600
11:22:37.046 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14420 MB offset 1435404288
11:22:37.077 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
11:22:37.124 Disk 0 scanning C:\Windows\system32\drivers
11:22:44.425 Service scanning
11:23:11.709 Modules scanning
11:23:11.725 Scan finished successfully
11:33:35.846 Disk 0 MBR has been saved successfully to "F:\virus stuff\MBR.dat"
11:33:35.861 The log file has been saved successfully to "F:\virus stuff\aswMBR.txt"



combofix.txt

ComboFix 12-07-02.01 - User 02/07/2012 11:47:15.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.4353 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
C:\sooi832.bin
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\background.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\browser.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\crossrider.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\crossriderapi.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\dialog.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\lib\faye-browser-min.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\manage-apps-style.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]ider.com\chrome\content\manage-apps.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\messaging.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\options.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\options.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\push.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\search_dialog.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\chrome\content\update.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\defaults\preferences\prefs.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\locale\en-US\translations.dtd
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\button1.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\button2.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\button3.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\button4.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\button5.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\crossrider_statusbar.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\icon128.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\icon16.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\icon24.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\icon48.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\panelarrow-up.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\popup.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\popup.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\popup_binding.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\skin.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]\skin\update.css
c:\windows\SysWow64\DEBUG.log
F:\123.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 10:57 . 2012-07-02 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 19:41 . 2012-06-22 19:41 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-20 18:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F0D863-F636-4EB9-9EC8-87E53285F377}\mpengine.dll
2012-06-19 16:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 18:37 . 2012-06-14 18:42 -------- d-----w- c:\users\User\AppData\Local\Deployment
2012-06-14 18:37 . 2012-06-14 18:37 -------- d-----w- c:\users\User\AppData\Local\Apps
2012-06-14 16:26 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-14 16:20 . 2012-06-14 16:20 -------- d-----w- c:\users\User\AppData\Roaming\AVG2012
2012-06-14 16:19 . 2012-06-14 16:19 -------- d-----w- c:\users\User\AppData\Local\AVG Secure Search
2012-06-14 16:19 . 2012-06-22 19:41 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-14 16:19 . 2012-06-14 16:19 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-06-14 16:18 . 2012-06-14 16:18 -------- d--h--w- c:\programdata\Common Files
2012-06-14 16:18 . 2012-06-22 19:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-14 16:17 . 2012-06-14 16:35 -------- d-----w- c:\programdata\AVG2012
2012-06-14 16:17 . 2012-06-14 16:17 -------- d-----w- C:\$AVG
2012-06-14 16:16 . 2012-06-14 16:16 -------- d-----w- c:\program files (x86)\AVG
2012-06-14 16:13 . 2012-06-14 16:13 -------- d-----w- c:\program files (x86)\WhiteSmoke_US
2012-06-14 16:12 . 2012-06-22 19:46 -------- d-----w- c:\programdata\MFAData
2012-06-14 16:12 . 2012-06-14 16:12 -------- d-----w- c:\users\User\AppData\Local\Wajam
2012-06-14 16:12 . 2012-06-14 16:13 -------- d-----w- c:\program files (x86)\Wajam
2012-06-13 21:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:49 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:49 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:47 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:47 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:47 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:46 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:46 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 15:45 . 2012-02-10 12:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{212B196C-CB75-426F-96C1-6F5561777E7E}\gapaengine.dll
2012-06-03 17:52 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-06-03 17:52 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 20:43 . 2011-08-24 18:33 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-05-10 20:43 . 2011-02-02 13:31 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-10 20:43 . 2011-02-02 13:31 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d4330680-c0ae-4226-8a21-0afe2fd1ac24}"= "c:\program files (x86)\MakeMeBabies_2.0\prxtbMak0.dll" [2011-05-09 176936]
"{cce665dd-f6dd-4808-968e-eaec971f70ef}"= "c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}]
.
[HKEY_CLASSES_ROOT\clsid\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-22 19:41 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\MakeMeBabies_2.0\prxtbMak0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}]
2012-03-28 15:45 140800 ----a-w- c:\programdata\CodecC\bhoclass.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d4330680-c0ae-4226-8a21-0afe2fd1ac24}"= "c:\program files (x86)\MakeMeBabies_2.0\prxtbMak0.dll" [2011-05-09 176936]
"{cce665dd-f6dd-4808-968e-eaec971f70ef}"= "c:\program files (x86)\WhiteSmoke_US\prxtbWhit.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-06-22 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{d4330680-c0ae-4226-8a21-0afe2fd1ac24}]
.
[HKEY_CLASSES_ROOT\clsid\{cce665dd-f6dd-4808-968e-eaec971f70ef}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Facebook Update"="c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-04-17 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-19 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-10 75048]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-22 1116544]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\User\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 kwycbiai;kwycbiai;c:\windows\system32\drivers\kwycbiai.sys [x]
R1 mzpabmyj;mzpabmyj;c:\windows\system32\drivers\mzpabmyj.sys [x]
R1 ummpkzbo;ummpkzbo;c:\windows\system32\drivers\ummpkzbo.sys [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/10 21:45;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-24 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-01-06 84096]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-01-06 188032]
R3 AMPPALP;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-12 63760]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-12 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-12 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-02-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-15 203776]
S2 AMPPALR3;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-19 2413056]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-12 931640]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-14 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-15 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-15 301056]
S3 AMPPAL;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-19 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-01-19 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-01-19 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-19 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 11:50]
.
2012-06-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
- c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-17 11:50]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:25]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 18:42]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 18:42]
.
2012-06-16 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-09 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.searchonme.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bba6e3952-795b-4d6f-b83a-588e7c8357a8%7D&mid=cad89e2ce84747d084c37d3bcf8b6b41-0c00e3f88bf6fae0da98b01a9d34e759bdfc1878&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-06-22%2020%3A41%3A11&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Easybits Recovery - c:\program files (x86)\EasyBits For Kids\ezRecover.exe
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
WebBrowser-{CCE665DD-F6DD-4808-968E-EAEC971F70EF} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-07-02 11:59:17
ComboFix-quarantined-files.txt 2012-07-02 10:59
.
Pre-Run: 659,062,882,304 bytes free
Post-Run: 660,454,043,648 bytes free
.
- - End Of File - - ECFA1E26B0FE6F96020B217C0E497AF8


TDSSKiller.txt

12:11:26.0824 4968 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
12:11:26.0824 4968 ============================================================
12:11:26.0824 4968 Current date / time: 2012/07/02 12:11:26.0824
12:11:26.0824 4968 SystemInfo:
12:11:26.0824 4968
12:11:26.0824 4968 OS Version: 6.1.7601 ServicePack: 1.0
12:11:26.0824 4968 Product type: Workstation
12:11:26.0824 4968 ComputerName: HPDV6
12:11:26.0824 4968 UserName: User
12:11:26.0824 4968 Windows directory: C:\Windows
12:11:26.0824 4968 System windows directory: C:\Windows
12:11:26.0824 4968 Running under WOW64
12:11:26.0824 4968 Processor architecture: Intel x64
12:11:26.0824 4968 Number of processors: 8
12:11:26.0824 4968 Page size: 0x1000
12:11:26.0824 4968 Boot type: Normal boot
12:11:26.0824 4968 ============================================================
12:11:27.0745 4968 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:11:27.0760 4968 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D55E00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:11:27.0760 4968 ============================================================
12:11:27.0760 4968 \Device\Harddisk0\DR0:
12:11:27.0760 4968 MBR partitions:
12:11:27.0776 4968 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
12:11:27.0776 4968 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55884800
12:11:27.0776 4968 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x558E8800, BlocksNum 0x1C2A000
12:11:27.0776 4968 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
12:11:27.0776 4968 \Device\Harddisk1\DR1:
12:11:27.0776 4968 MBR partitions:
12:11:27.0776 4968 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x2542D682
12:11:27.0776 4968 ============================================================
12:11:27.0776 4968 C: <-> \Device\Harddisk0\DR0\Partition1
12:11:27.0838 4968 D: <-> \Device\Harddisk0\DR0\Partition2
12:11:27.0838 4968 F: <-> \Device\Harddisk1\DR1\Partition0
12:11:27.0838 4968 ============================================================
12:11:27.0838 4968 Initialize success
12:11:27.0838 4968 ============================================================
12:12:08.0570 2668 ============================================================
12:12:08.0570 2668 Scan started
12:12:08.0570 2668 Mode: Manual; SigCheck; TDLFS;
12:12:08.0570 2668 ============================================================
12:12:09.0054 2668 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:12:09.0397 2668 1394ohci - ok
12:12:09.0428 2668 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
12:12:09.0490 2668 Accelerometer - ok
12:12:09.0568 2668 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:12:09.0600 2668 ACPI - ok
12:12:09.0646 2668 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:12:09.0724 2668 AcpiPmi - ok
12:12:09.0834 2668 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
12:12:09.0865 2668 adp94xx - ok
12:12:09.0958 2668 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
12:12:10.0005 2668 adpahci - ok
12:12:10.0052 2668 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
12:12:10.0083 2668 adpu320 - ok
12:12:10.0130 2668 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:12:10.0302 2668 AeLookupSvc - ok
12:12:10.0380 2668 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
12:12:10.0473 2668 AESTFilters - ok
12:12:10.0567 2668 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:12:10.0645 2668 AFD - ok
12:12:10.0692 2668 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:12:10.0723 2668 agp440 - ok
12:12:10.0770 2668 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:12:10.0832 2668 ALG - ok
12:12:10.0879 2668 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:12:10.0910 2668 aliide - ok
12:12:10.0957 2668 AMD External Events Utility (1b4a3c8e429f1fab998eceea3ce3e0b8) C:\Windows\system32\atiesrxx.exe
12:12:11.0082 2668 AMD External Events Utility - ok
12:12:11.0113 2668 amdhub30 (57fda52a72574735f4a0002a61c9428d) C:\Windows\system32\DRIVERS\amdhub30.sys
12:12:11.0160 2668 amdhub30 - ok
12:12:11.0191 2668 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:12:11.0222 2668 amdide - ok
12:12:11.0253 2668 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
12:12:11.0316 2668 AmdK8 - ok
12:12:12.0314 2668 amdkmdag (e08cf0ed91fcca0017776cff4a506012) C:\Windows\system32\DRIVERS\atikmdag.sys
12:12:12.0408 2668 amdkmdag - ok
12:12:12.0610 2668 amdkmdap (f072f317e430925c7d88c766db7da86e) C:\Windows\system32\DRIVERS\atikmpag.sys
12:12:12.0673 2668 amdkmdap - ok
12:12:12.0704 2668 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
12:12:12.0766 2668 AmdPPM - ok
12:12:12.0829 2668 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:12:12.0860 2668 amdsata - ok
12:12:12.0907 2668 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
12:12:12.0938 2668 amdsbs - ok
12:12:12.0954 2668 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:12:12.0969 2668 amdxata - ok
12:12:13.0016 2668 amdxhc (2cf3ad6087028b7dbd2d7a37c6fd73c5) C:\Windows\system32\DRIVERS\amdxhc.sys
12:12:13.0063 2668 amdxhc - ok
12:12:13.0110 2668 AMPPAL (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
12:12:13.0156 2668 AMPPAL - ok
12:12:13.0188 2668 AMPPALP (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
12:12:13.0219 2668 AMPPALP - ok
12:12:13.0422 2668 AMPPALR3 (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:12:13.0484 2668 AMPPALR3 - ok
12:12:13.0671 2668 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:12:13.0858 2668 AppID - ok
12:12:13.0905 2668 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:12:13.0999 2668 AppIDSvc - ok
12:12:14.0046 2668 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:12:14.0139 2668 Appinfo - ok
12:12:14.0280 2668 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:12:14.0311 2668 Apple Mobile Device - ok
12:12:14.0389 2668 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
12:12:14.0420 2668 arc - ok
12:12:14.0451 2668 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
12:12:14.0482 2668 arcsas - ok
12:12:14.0529 2668 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:12:14.0638 2668 AsyncMac - ok
12:12:14.0670 2668 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:12:14.0685 2668 atapi - ok
12:12:14.0794 2668 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:12:14.0904 2668 AudioEndpointBuilder - ok
12:12:14.0919 2668 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:12:14.0997 2668 AudioSrv - ok
12:12:15.0028 2668 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
12:12:15.0044 2668 AVGIDSHA - ok
12:12:15.0106 2668 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
12:12:15.0153 2668 Avgtdia - ok
12:12:15.0309 2668 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:12:15.0340 2668 avgwd - ok
12:12:15.0403 2668 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:12:15.0496 2668 AxInstSV - ok
12:12:15.0574 2668 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
12:12:15.0637 2668 b06bdrv - ok
12:12:15.0699 2668 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:12:15.0762 2668 b57nd60a - ok
12:12:15.0933 2668 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:12:15.0996 2668 BCM43XX - ok
12:12:16.0042 2668 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:12:16.0105 2668 BDESVC - ok
12:12:16.0167 2668 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:12:16.0261 2668 Beep - ok
12:12:16.0354 2668 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:12:16.0432 2668 BFE - ok
12:12:16.0526 2668 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:12:16.0651 2668 BITS - ok
12:12:16.0713 2668 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
12:12:16.0760 2668 blbdrive - ok
12:12:16.0947 2668 Bluetooth Device Monitor (c440483a5ce0e0ab03a79a33ace35d91) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
12:12:16.0994 2668 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
12:12:16.0994 2668 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
12:12:17.0197 2668 Bluetooth Media Service (c8ab8ca3557cce041ac4c88e76afbad0) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
12:12:17.0244 2668 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
12:12:17.0244 2668 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
12:12:17.0368 2668 Bluetooth OBEX Service (df83fb0eb35c91339f1c84c6cf426100) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
12:12:17.0415 2668 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
12:12:17.0415 2668 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
12:12:17.0556 2668 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:12:17.0587 2668 Bonjour Service - ok
12:12:17.0774 2668 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:12:17.0836 2668 bowser - ok
12:12:17.0868 2668 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
12:12:17.0930 2668 BrFiltLo - ok
12:12:17.0946 2668 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
12:12:17.0977 2668 BrFiltUp - ok
12:12:18.0039 2668 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:12:18.0117 2668 BridgeMP - ok
12:12:18.0148 2668 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:12:18.0242 2668 Browser - ok
12:12:18.0304 2668 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:12:18.0367 2668 Brserid - ok
12:12:18.0414 2668 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:12:18.0460 2668 BrSerWdm - ok
12:12:18.0492 2668 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:12:18.0554 2668 BrUsbMdm - ok
12:12:18.0585 2668 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:12:18.0616 2668 BrUsbSer - ok
12:12:18.0663 2668 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
12:12:18.0726 2668 BthEnum - ok
12:12:18.0772 2668 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
12:12:18.0819 2668 BTHMODEM - ok
12:12:18.0866 2668 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
12:12:18.0913 2668 BthPan - ok
12:12:19.0038 2668 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
12:12:19.0084 2668 BTHPORT - ok
12:12:19.0116 2668 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:12:19.0194 2668 bthserv - ok
12:12:19.0287 2668 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:12:19.0318 2668 BTHSSecurityMgr - ok
12:12:19.0334 2668 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
12:12:19.0381 2668 BTHUSB - ok
12:12:19.0412 2668 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
12:12:19.0443 2668 btmaux - ok
12:12:19.0490 2668 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\Windows\system32\DRIVERS\btmhsf.sys
12:12:19.0537 2668 btmhsf - ok
12:12:19.0568 2668 catchme - ok
12:12:19.0615 2668 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:12:19.0708 2668 cdfs - ok
12:12:19.0786 2668 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
12:12:19.0818 2668 cdrom - ok
12:12:19.0849 2668 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:12:19.0942 2668 CertPropSvc - ok
12:12:19.0974 2668 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
12:12:20.0020 2668 circlass - ok
12:12:20.0098 2668 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:12:20.0130 2668 CLFS - ok
12:12:20.0286 2668 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
12:12:20.0317 2668 CLKMSVC10_38F51D56 - ok
12:12:20.0410 2668 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:12:20.0426 2668 clr_optimization_v2.0.50727_32 - ok
12:12:20.0488 2668 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:12:20.0520 2668 clr_optimization_v2.0.50727_64 - ok
12:12:20.0644 2668 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:12:20.0676 2668 clr_optimization_v4.0.30319_32 - ok
12:12:20.0754 2668 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:12:20.0785 2668 clr_optimization_v4.0.30319_64 - ok
12:12:20.0925 2668 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
12:12:20.0972 2668 clwvd - ok
12:12:20.0988 2668 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
12:12:21.0034 2668 CmBatt - ok
12:12:21.0066 2668 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:12:21.0097 2668 cmdide - ok
12:12:21.0175 2668 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:12:21.0268 2668 CNG - ok
12:12:21.0300 2668 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
12:12:21.0331 2668 Compbatt - ok
12:12:21.0362 2668 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:12:21.0409 2668 CompositeBus - ok
12:12:21.0424 2668 COMSysApp - ok
12:12:21.0456 2668 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
12:12:21.0487 2668 crcdisk - ok
12:12:21.0565 2668 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
12:12:21.0627 2668 CryptSvc - ok
12:12:21.0721 2668 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:12:21.0814 2668 DcomLaunch - ok
12:12:21.0861 2668 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:12:21.0970 2668 defragsvc - ok
12:12:22.0017 2668 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:12:22.0111 2668 DfsC - ok
12:12:22.0189 2668 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:12:22.0267 2668 Dhcp - ok
12:12:22.0298 2668 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:12:22.0360 2668 discache - ok
12:12:22.0407 2668 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
12:12:22.0438 2668 Disk - ok
12:12:22.0485 2668 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:12:22.0532 2668 Dnscache - ok
12:12:22.0594 2668 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:12:22.0672 2668 dot3svc - ok
12:12:22.0704 2668 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:12:22.0782 2668 DPS - ok
12:12:22.0813 2668 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:12:22.0844 2668 drmkaud - ok
12:12:22.0953 2668 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:12:23.0000 2668 DXGKrnl - ok
12:12:23.0031 2668 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:12:23.0109 2668 EapHost - ok
12:12:23.0484 2668 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
12:12:23.0530 2668 ebdrv - ok
12:12:23.0702 2668 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:12:23.0749 2668 EFS - ok
12:12:23.0889 2668 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:12:23.0967 2668 ehRecvr - ok
12:12:24.0014 2668 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:12:24.0045 2668 ehSched - ok
12:12:24.0170 2668 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
12:12:24.0201 2668 elxstor - ok
12:12:24.0310 2668 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
12:12:24.0357 2668 EPSON_PM_RPCV4_01 - ok
12:12:24.0388 2668 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:12:24.0435 2668 ErrDev - ok
12:12:24.0529 2668 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:12:24.0622 2668 EventSystem - ok
12:12:24.0872 2668 EvtEng (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:12:24.0934 2668 EvtEng - ok
12:12:25.0122 2668 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:12:25.0200 2668 exfat - ok
12:12:25.0246 2668 ezSharedSvc - ok
12:12:25.0293 2668 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:12:25.0387 2668 fastfat - ok
12:12:25.0480 2668 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:12:25.0558 2668 Fax - ok
12:12:25.0605 2668 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
12:12:25.0652 2668 fdc - ok
12:12:25.0683 2668 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:12:25.0746 2668 fdPHost - ok
12:12:25.0761 2668 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:12:25.0792 2668 FDResPub - ok
12:12:25.0824 2668 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:12:25.0839 2668 FileInfo - ok
12:12:25.0855 2668 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:12:25.0886 2668 Filetrace - ok
12:12:26.0011 2668 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:12:26.0026 2668 FLEXnet Licensing Service - ok
12:12:26.0058 2668 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
12:12:26.0073 2668 flpydisk - ok
12:12:26.0120 2668 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:12:26.0167 2668 FltMgr - ok
12:12:26.0292 2668 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:12:26.0354 2668 FontCache - ok
12:12:26.0401 2668 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:12:26.0432 2668 FontCache3.0.0.0 - ok
12:12:26.0494 2668 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:12:26.0510 2668 FsDepends - ok
12:12:26.0557 2668 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:12:26.0572 2668 Fs_Rec - ok
12:12:26.0635 2668 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:12:26.0666 2668 fvevol - ok
12:12:26.0697 2668 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
12:12:26.0728 2668 gagp30kx - ok
12:12:26.0822 2668 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:12:26.0853 2668 GamesAppService - ok
12:12:26.0884 2668 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:12:26.0916 2668 GEARAspiWDM - ok
12:12:27.0009 2668 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:12:27.0103 2668 gpsvc - ok
12:12:27.0212 2668 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:12:27.0243 2668 gupdate - ok
12:12:27.0259 2668 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:12:27.0274 2668 gupdatem - ok
12:12:27.0368 2668 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:12:27.0384 2668 gusvc - ok
12:12:27.0415 2668 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:12:27.0462 2668 hcw85cir - ok
12:12:27.0540 2668 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:12:27.0586 2668 HdAudAddService - ok
12:12:27.0633 2668 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:12:27.0696 2668 HDAudBus - ok
12:12:27.0711 2668 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
12:12:27.0742 2668 HidBatt - ok
12:12:27.0774 2668 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
12:12:27.0820 2668 HidBth - ok
12:12:27.0867 2668 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
12:12:27.0898 2668 HidIr - ok
12:12:27.0930 2668 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:12:28.0008 2668 hidserv - ok
12:12:28.0039 2668 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:12:28.0070 2668 HidUsb - ok
12:12:28.0117 2668 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:12:28.0210 2668 hkmsvc - ok
12:12:28.0273 2668 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:12:28.0320 2668 HomeGroupListener - ok
12:12:28.0366 2668 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:12:28.0413 2668 HomeGroupProvider - ok
12:12:28.0538 2668 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
12:12:28.0569 2668 HP Support Assistant Service - ok
12:12:28.0725 2668 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
12:12:28.0756 2668 HPClientSvc - ok
12:12:29.0146 2668 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
12:12:29.0178 2668 hpCMSrv - ok
12:12:29.0256 2668 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
12:12:29.0287 2668 HPDrvMntSvc.exe - ok
12:12:29.0458 2668 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
12:12:29.0490 2668 hpdskflt - ok
12:12:29.0630 2668 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:12:29.0661 2668 hpqwmiex - ok
12:12:29.0708 2668 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:12:29.0739 2668 HpSAMD - ok
12:12:29.0770 2668 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
12:12:29.0802 2668 hpsrv - ok
12:12:29.0848 2668 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
12:12:29.0880 2668 HPWMISVC - ok
12:12:29.0973 2668 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:12:30.0082 2668 HTTP - ok
12:12:30.0114 2668 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:12:30.0145 2668 hwpolicy - ok
12:12:30.0192 2668 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
12:12:30.0223 2668 i8042prt - ok
12:12:30.0301 2668 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\DRIVERS\iaStor.sys
12:12:30.0348 2668 iaStor - ok
12:12:30.0488 2668 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:12:30.0519 2668 IAStorDataMgrSvc - ok
12:12:30.0613 2668 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:12:30.0644 2668 iaStorV - ok
12:12:30.0675 2668 iBtFltCoex (50b8ab6013ef9970ac85fdba0f622300) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
12:12:30.0706 2668 iBtFltCoex - ok
12:12:31.0003 2668 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
12:12:31.0065 2668 IconMan_R ( UnsignedFile.Multi.Generic ) - warning
12:12:31.0065 2668 IconMan_R - detected UnsignedFile.Multi.Generic (1)
12:12:31.0252 2668 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:12:31.0299 2668 idsvc - ok
12:12:31.0440 2668 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
12:12:31.0471 2668 iirsp - ok
12:12:31.0580 2668 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:12:31.0658 2668 IKEEXT - ok
12:12:31.0720 2668 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
12:12:31.0767 2668 IntcDAud - ok
12:12:31.0783 2668 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:12:31.0814 2668 intelide - ok
12:12:33.0093 2668 intelkmd (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdpmd64.sys
12:12:33.0218 2668 intelkmd - ok
12:12:33.0390 2668 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:12:33.0421 2668 intelppm - ok
12:12:33.0468 2668 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:12:33.0546 2668 IPBusEnum - ok
12:12:33.0592 2668 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:12:33.0639 2668 IpFilterDriver - ok
12:12:33.0748 2668 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:12:33.0826 2668 iphlpsvc - ok
12:12:33.0858 2668 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:12:33.0889 2668 IPMIDRV - ok
12:12:33.0920 2668 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:12:33.0998 2668 IPNAT - ok
12:12:34.0154 2668 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
12:12:34.0185 2668 iPod Service - ok
12:12:34.0201 2668 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:12:34.0232 2668 IRENUM - ok
12:12:34.0263 2668 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:12:34.0279 2668 isapnp - ok
12:12:34.0341 2668 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:12:34.0372 2668 iScsiPrt - ok
12:12:34.0404 2668 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:12:34.0419 2668 kbdclass - ok
12:12:34.0466 2668 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
12:12:34.0497 2668 kbdhid - ok
12:12:34.0528 2668 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:12:34.0560 2668 KeyIso - ok
12:12:34.0591 2668 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:12:34.0622 2668 KSecDD - ok
12:12:34.0653 2668 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:12:34.0669 2668 KSecPkg - ok
12:12:34.0716 2668 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:12:34.0794 2668 ksthunk - ok
12:12:34.0872 2668 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:12:34.0965 2668 KtmRm - ok
12:12:34.0981 2668 kwycbiai - ok
12:12:35.0043 2668 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:12:35.0121 2668 LanmanServer - ok
12:12:35.0168 2668 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:12:35.0246 2668 LanmanWorkstation - ok
12:12:35.0293 2668 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:12:35.0371 2668 lltdio - ok
12:12:35.0433 2668 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:12:35.0511 2668 lltdsvc - ok
12:12:35.0527 2668 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:12:35.0589 2668 lmhosts - ok
12:12:35.0714 2668 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:12:35.0761 2668 LMS - ok
12:12:35.0808 2668 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
12:12:35.0839 2668 LSI_FC - ok
12:12:35.0886 2668 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
12:12:35.0901 2668 LSI_SAS - ok
12:12:35.0948 2668 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
12:12:35.0979 2668 LSI_SAS2 - ok
12:12:36.0010 2668 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
12:12:36.0042 2668 LSI_SCSI - ok
12:12:36.0073 2668 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:12:36.0166 2668 luafv - ok
12:12:36.0213 2668 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:12:36.0260 2668 Mcx2Svc - ok
12:12:36.0307 2668 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
12:12:36.0338 2668 megasas - ok
12:12:36.0400 2668 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
12:12:36.0432 2668 MegaSR - ok
12:12:36.0463 2668 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
12:12:36.0478 2668 MEIx64 - ok
12:12:36.0525 2668 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:12:36.0603 2668 MMCSS - ok
12:12:36.0650 2668 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:12:36.0712 2668 Modem - ok
12:12:36.0759 2668 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:12:36.0806 2668 monitor - ok
12:12:36.0853 2668 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:12:36.0868 2668 mouclass - ok
12:12:36.0915 2668 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:12:36.0946 2668 mouhid - ok
12:12:36.0993 2668 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:12:37.0024 2668 mountmgr - ok
12:12:37.0118 2668 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:12:37.0165 2668 MpFilter - ok
12:12:37.0212 2668 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:12:37.0243 2668 mpio - ok
12:12:37.0274 2668 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:12:37.0352 2668 mpsdrv - ok
12:12:37.0461 2668 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:12:37.0555 2668 MpsSvc - ok
12:12:37.0586 2668 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:12:37.0648 2668 MRxDAV - ok
12:12:37.0680 2668 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:12:37.0742 2668 mrxsmb - ok
12:12:37.0804 2668 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:12:37.0836 2668 mrxsmb10 - ok
12:12:37.0867 2668 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:12:37.0898 2668 mrxsmb20 - ok
12:12:37.0929 2668 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:12:37.0960 2668 msahci - ok
12:12:37.0992 2668 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:12:38.0023 2668 msdsm - ok
12:12:38.0070 2668 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:12:38.0116 2668 MSDTC - ok
12:12:38.0163 2668 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:12:38.0226 2668 Msfs - ok
12:12:38.0241 2668 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:12:38.0319 2668 mshidkmdf - ok
12:12:38.0335 2668 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:12:38.0366 2668 msisadrv - ok
12:12:38.0413 2668 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:12:38.0506 2668 MSiSCSI - ok
12:12:38.0522 2668 msiserver - ok
12:12:38.0569 2668 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:12:38.0631 2668 MSKSSRV - ok
12:12:38.0725 2668 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:12:38.0740 2668 MsMpSvc - ok
12:12:38.0772 2668 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:12:38.0850 2668 MSPCLOCK - ok
12:12:38.0865 2668 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:12:38.0959 2668 MSPQM - ok
12:12:39.0006 2668 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:12:39.0052 2668 MsRPC - ok
12:12:39.0084 2668 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:12:39.0099 2668 mssmbios - ok
12:12:39.0130 2668 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:12:39.0208 2668 MSTEE - ok
12:12:39.0240 2668 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
12:12:39.0271 2668 MTConfig - ok
12:12:39.0302 2668 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:12:39.0318 2668 Mup - ok
12:12:39.0411 2668 MyWiFiDHCPDNS (8f57db74bf5407a4cda6c8b005dc8dd0) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:12:39.0442 2668 MyWiFiDHCPDNS - ok
12:12:39.0458 2668 mzpabmyj - ok
12:12:39.0536 2668 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:12:39.0645 2668 napagent - ok
12:12:39.0770 2668 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:12:39.0848 2668 NativeWifiP - ok
12:12:39.0973 2668 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
12:12:40.0020 2668 NDIS - ok
12:12:40.0051 2668 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:12:40.0129 2668 NdisCap - ok
12:12:40.0160 2668 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:12:40.0207 2668 NdisTapi - ok
12:12:40.0207 2668 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:12:40.0254 2668 Ndisuio - ok
12:12:40.0285 2668 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:12:40.0363 2668 NdisWan - ok
12:12:40.0394 2668 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:12:40.0456 2668 NDProxy - ok
12:12:40.0472 2668 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:12:40.0550 2668 NetBIOS - ok
12:12:40.0612 2668 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:12:40.0675 2668 NetBT - ok
12:12:40.0722 2668 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:12:40.0753 2668 Netlogon - ok
12:12:40.0831 2668 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:12:40.0924 2668 Netman - ok
12:12:40.0987 2668 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:12:41.0065 2668 netprofm - ok
12:12:41.0127 2668 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:12:41.0158 2668 NetTcpPortSharing - ok
12:12:42.0048 2668 NETwNs64 (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
12:12:42.0126 2668 NETwNs64 - ok
12:12:42.0313 2668 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
12:12:42.0328 2668 nfrd960 - ok
12:12:42.0375 2668 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:12:42.0406 2668 NisDrv - ok
12:12:42.0516 2668 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
12:12:42.0562 2668 NisSrv - ok
12:12:42.0625 2668 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:12:42.0718 2668 NlaSvc - ok
12:12:42.0734 2668 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:12:42.0781 2668 Npfs - ok
12:12:42.0812 2668 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:12:42.0906 2668 nsi - ok
12:12:42.0921 2668 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:12:42.0999 2668 nsiproxy - ok
12:12:43.0233 2668 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:12:43.0296 2668 Ntfs - ok
12:12:43.0670 2668 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:12:43.0732 2668 Null - ok
12:12:43.0951 2668 nusb3hub (9a33100ac62a0463c49e47ee8e77083a) C:\Windows\system32\DRIVERS\nusb3hub.sys
12:12:44.0013 2668 nusb3hub - ok
12:12:44.0122 2668 nusb3xhc (87c321f7bee646b7ec6eedd6eb725741) C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:12:44.0200 2668 nusb3xhc - ok
12:12:44.0278 2668 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:12:44.0341 2668 NVENETFD - ok
12:12:44.0388 2668 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:12:44.0419 2668 nvraid - ok
12:12:44.0450 2668 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:12:44.0481 2668 nvstor - ok
12:12:44.0528 2668 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:12:44.0559 2668 nv_agp - ok
12:12:44.0590 2668 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:12:44.0622 2668 ohci1394 - ok
12:12:44.0715 2668 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:12:44.0746 2668 ose - ok
12:12:45.0324 2668 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:12:45.0402 2668 osppsvc - ok
12:12:45.0589 2668 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:12:45.0651 2668 p2pimsvc - ok
12:12:45.0729 2668 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:12:45.0776 2668 p2psvc - ok
12:12:45.0854 2668 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
12:12:45.0885 2668 Parport - ok
12:12:45.0917 2668 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:12:45.0948 2668 partmgr - ok
12:12:45.0995 2668 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:12:46.0041 2668 PcaSvc - ok
12:12:46.0104 2668 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:12:46.0135 2668 pci - ok
12:12:46.0151 2668 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:12:46.0182 2668 pciide - ok
12:12:46.0229 2668 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
12:12:46.0260 2668 pcmcia - ok
12:12:46.0291 2668 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:12:46.0322 2668 pcw - ok
12:12:46.0400 2668 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:12:46.0509 2668 PEAUTH - ok
12:12:46.0619 2668 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:12:46.0665 2668 PerfHost - ok
12:12:46.0853 2668 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:12:46.0962 2668 pla - ok
12:12:47.0040 2668 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:12:47.0102 2668 PlugPlay - ok
12:12:47.0133 2668 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:12:47.0165 2668 PNRPAutoReg - ok
12:12:47.0227 2668 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:12:47.0258 2668 PNRPsvc - ok
12:12:47.0336 2668 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:12:47.0430 2668 PolicyAgent - ok
12:12:47.0492 2668 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:12:47.0570 2668 Power - ok
12:12:47.0648 2668 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:12:47.0742 2668 PptpMiniport - ok
12:12:47.0773 2668 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
12:12:47.0820 2668 Processor - ok
12:12:47.0867 2668 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
12:12:47.0929 2668 ProfSvc - ok
12:12:47.0960 2668 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:12:47.0991 2668 ProtectedStorage - ok
12:12:48.0038 2668 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:12:48.0132 2668 Psched - ok
12:12:48.0335 2668 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
12:12:48.0397 2668 ql2300 - ok
12:12:48.0569 2668 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
12:12:48.0600 2668 ql40xx - ok
12:12:48.0662 2668 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:12:48.0709 2668 QWAVE - ok
12:12:48.0725 2668 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:12:48.0787 2668 QWAVEdrv - ok
12:12:48.0927 2668 RapportCerberus_34302 (5e0459ed0a8f540d2f7b6e52da12c9d4) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
12:12:48.0974 2668 RapportCerberus_34302 - ok
12:12:49.0037 2668 RapportEI64 (90b20517b5e0a069adeddae4eea681e9) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
12:12:49.0083 2668 RapportEI64 - ok
12:12:49.0115 2668 RapportKE64 (4af6cdabf8b7f08c555226f63cbd6617) C:\Windows\system32\Drivers\RapportKE64.sys
12:12:49.0161 2668 RapportKE64 - ok
12:12:49.0271 2668 RapportMgmtService (619055c28588641c073e7e5ef70fe9eb) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
12:12:49.0317 2668 RapportMgmtService - ok
12:12:49.0333 2668 RapportPG64 (d022c7ed46d4c23c3eef3049bc9b9f0e) C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
12:12:49.0364 2668 RapportPG64 - ok
12:12:49.0395 2668 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:12:49.0458 2668 RasAcd - ok
12:12:49.0505 2668 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:12:49.0536 2668 RasAgileVpn - ok
12:12:49.0583 2668 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:12:49.0661 2668 RasAuto - ok
12:12:49.0692 2668 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:12:49.0739 2668 Rasl2tp - ok
12:12:49.0801 2668 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:12:49.0879 2668 RasMan - ok
12:12:49.0910 2668 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:12:50.0004 2668 RasPppoe - ok
12:12:50.0019 2668 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:12:50.0082 2668 RasSstp - ok
12:12:50.0144 2668 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:12:50.0222 2668 rdbss - ok
12:12:50.0269 2668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
12:12:50.0300 2668 rdpbus - ok
12:12:50.0331 2668 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:12:50.0409 2668 RDPCDD - ok
12:12:50.0441 2668 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:12:50.0534 2668 RDPENCDD - ok
12:12:50.0581 2668 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:12:50.0643 2668 RDPREFMP - ok
12:12:50.0690 2668 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
12:12:50.0737 2668 RDPWD - ok
12:12:50.0815 2668 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:12:50.0846 2668 rdyboost - ok
12:12:51.0002 2668 RegSrvc (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:12:51.0049 2668 RegSrvc - ok
12:12:51.0080 2668 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:12:51.0143 2668 RemoteAccess - ok
12:12:51.0189 2668 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:12:51.0267 2668 RemoteRegistry - ok
12:12:51.0330 2668 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
12:12:51.0377 2668 RFCOMM - ok
12:12:51.0611 2668 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
12:12:51.0657 2668 RosettaStoneDaemon - ok
12:12:51.0813 2668 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:12:51.0891 2668 RpcEptMapper - ok
12:12:51.0923 2668 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:12:51.0938 2668 RpcLocator - ok
12:12:52.0001 2668 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
12:12:52.0063 2668 RpcSs - ok
12:12:52.0172 2668 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
12:12:52.0203 2668 RSPCIESTOR - ok
12:12:52.0235 2668 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:12:52.0281 2668 rspndr - ok
12:12:52.0359 2668 RTL8167 (ed5873f7dfb2f96d37f13322211b6bdc) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:12:52.0391 2668 RTL8167 - ok
12:12:52.0406 2668 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:12:52.0437 2668 SamSs - ok
12:12:52.0469 2668 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:12:52.0484 2668 sbp2port - ok
12:12:52.0547 2668 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:12:52.0625 2668 SCardSvr - ok
12:12:52.0656 2668 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:12:52.0734 2668 scfilter - ok
12:12:52.0874 2668 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:12:52.0968 2668 Schedule - ok
12:12:52.0999 2668 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:12:53.0046 2668 SCPolicySvc - ok
12:12:53.0093 2668 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
12:12:53.0124 2668 sdbus - ok
12:12:53.0155 2668 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:12:53.0202 2668 SDRSVC - ok
12:12:53.0233 2668 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:12:53.0311 2668 secdrv - ok
12:12:53.0342 2668 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:12:53.0405 2668 seclogon - ok
12:12:53.0436 2668 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:12:53.0529 2668 SENS - ok
12:12:53.0576 2668 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:12:53.0623 2668 SensrSvc - ok
12:12:53.0654 2668 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
12:12:53.0701 2668 Serenum - ok
12:12:53.0763 2668 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
12:12:53.0810 2668 Serial - ok
12:12:53.0841 2668 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
12:12:53.0888 2668 sermouse - ok
12:12:53.0935 2668 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:12:54.0013 2668 SessionEnv - ok
12:12:54.0044 2668 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:12:54.0060 2668 sffdisk - ok
12:12:54.0091 2668 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:12:54.0122 2668 sffp_mmc - ok
12:12:54.0153 2668 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:12:54.0200 2668 sffp_sd - ok
12:12:54.0231 2668 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
12:12:54.0278 2668 sfloppy - ok
12:12:54.0356 2668 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:12:54.0434 2668 SharedAccess - ok
12:12:54.0497 2668 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:12:54.0590 2668 ShellHWDetection - ok
12:12:54.0653 2668 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
12:12:54.0668 2668 SiSRaid2 - ok
12:12:54.0715 2668 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
12:12:54.0731 2668 SiSRaid4 - ok
12:12:54.0840 2668 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:12:54.0871 2668 SkypeUpdate - ok
12:12:54.0902 2668 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:12:54.0980 2668 Smb - ok
12:12:55.0027 2668 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:12:55.0074 2668 SNMPTRAP - ok
12:12:55.0089 2668 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:12:55.0105 2668 spldr - ok
12:12:55.0183 2668 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:12:55.0245 2668 Spooler - ok
12:12:55.0604 2668 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:12:55.0682 2668 sppsvc - ok
12:12:55.0838 2668 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:12:55.0916 2668 sppuinotify - ok
12:12:56.0025 2668 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:12:56.0088 2668 srv - ok
12:12:56.0150 2668 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:12:56.0197 2668 srv2 - ok
12:12:56.0275 2668 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
12:12:56.0306 2668 SrvHsfHDA - ok
12:12:56.0478 2668 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
12:12:56.0540 2668 SrvHsfV92 - ok
12:12:56.0790 2668 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
12:12:56.0837 2668 SrvHsfWinac - ok
12:12:56.0868 2668 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:12:56.0899 2668 srvnet - ok
12:12:56.0946 2668 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:12:57.0024 2668 SSDPSRV - ok
12:12:57.0039 2668 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:12:57.0102 2668 SstpSvc - ok
12:12:57.0227 2668 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
12:12:57.0289 2668 STacSV - ok
12:12:57.0320 2668 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
12:12:57.0336 2668 stexstor - ok
12:12:57.0429 2668 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
12:12:57.0476 2668 STHDA - ok
12:12:57.0585 2668 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:12:57.0632 2668 stisvc - ok
12:12:57.0648 2668 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:12:57.0663 2668 swenum - ok
12:12:57.0757 2668 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:12:57.0835 2668 swprv - ok
12:12:58.0038 2668 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
12:12:58.0100 2668 SynTP - ok
12:12:58.0459 2668 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:12:58.0521 2668 SysMain - ok
12:12:58.0677 2668 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:12:58.0740 2668 TabletInputService - ok
12:12:58.0802 2668 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:12:58.0896 2668 TapiSrv - ok
12:12:58.0927 2668 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:12:58.0989 2668 TBS - ok
12:12:59.0270 2668 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:12:59.0317 2668 Tcpip - ok
12:12:59.0691 2668 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:12:59.0769 2668 TCPIP6 - ok
12:12:59.0925 2668 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:13:00.0019 2668 tcpipreg - ok
12:13:00.0035 2668 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:13:00.0066 2668 TDPIPE - ok
12:13:00.0097 2668 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:13:00.0144 2668 TDTCP - ok
12:13:00.0191 2668 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:13:00.0269 2668 tdx - ok
12:13:00.0300 2668 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:13:00.0315 2668 TermDD - ok
12:13:00.0425 2668 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:13:00.0503 2668 TermService - ok
12:13:00.0534 2668 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:13:00.0549 2668 Themes - ok
12:13:00.0581 2668 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:13:00.0643 2668 THREADORDER - ok
12:13:00.0690 2668 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:13:00.0768 2668 TrkWks - ok
12:13:00.0830 2668 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:13:00.0893 2668 TrustedInstaller - ok
12:13:00.0908 2668 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:13:00.0986 2668 tssecsrv - ok
12:13:01.0017 2668 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:13:01.0064 2668 TsUsbFlt - ok
12:13:01.0080 2668 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
12:13:01.0111 2668 TsUsbGD - ok
12:13:01.0158 2668 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:13:01.0236 2668 tunnel - ok
12:13:01.0267 2668 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
12:13:01.0283 2668 uagp35 - ok
12:13:01.0345 2668 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:13:01.0423 2668 udfs - ok
12:13:01.0454 2668 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:13:01.0470 2668 UI0Detect - ok
12:13:01.0517 2668 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:13:01.0532 2668 uliagpkx - ok
12:13:01.0579 2668 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:13:01.0626 2668 umbus - ok
12:13:01.0641 2668 ummpkzbo - ok
12:13:01.0688 2668 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
12:13:01.0735 2668 UmPass - ok
12:13:02.0094 2668 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:13:02.0156 2668 UNS - ok
12:13:02.0343 2668 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:13:02.0421 2668 upnphost - ok
12:13:02.0499 2668 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
12:13:02.0531 2668 USBAAPL64 - ok
12:13:02.0577 2668 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:13:02.0624 2668 usbaudio - ok
12:13:02.0671 2668 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:13:02.0733 2668 usbccgp - ok
12:13:02.0780 2668 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:13:02.0811 2668 usbcir - ok
12:13:02.0843 2668 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
12:13:02.0874 2668 usbehci - ok
12:13:02.0936 2668 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:13:02.0983 2668 usbhub - ok
12:13:02.0999 2668 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
12:13:03.0030 2668 usbohci - ok
12:13:03.0077 2668 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:13:03.0123 2668 usbprint - ok
12:13:03.0186 2668 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
12:13:03.0217 2668 usbscan - ok
12:13:03.0248 2668 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:13:03.0311 2668 USBSTOR - ok
12:13:03.0326 2668 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:13:03.0373 2668 usbuhci - ok
12:13:03.0435 2668 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
12:13:03.0467 2668 usbvideo - ok
12:13:03.0513 2668 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:13:03.0591 2668 UxSms - ok
12:13:03.0623 2668 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:13:03.0654 2668 VaultSvc - ok
12:13:03.0669 2668 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:13:03.0701 2668 vdrvroot - ok
12:13:03.0794 2668 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:13:03.0888 2668 vds - ok
12:13:03.0919 2668 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:13:03.0950 2668 vga - ok
12:13:03.0966 2668 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:13:04.0013 2668 VgaSave - ok
12:13:04.0059 2668 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:13:04.0091 2668 vhdmp - ok
12:13:04.0122 2668 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:13:04.0137 2668 viaide - ok
12:13:04.0184 2668 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:13:04.0200 2668 volmgr - ok
12:13:04.0262 2668 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:13:04.0309 2668 volmgrx - ok
12:13:04.0356 2668 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:13:04.0403 2668 volsnap - ok
12:13:04.0434 2668 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
12:13:04.0465 2668 vsmraid - ok
12:13:04.0652 2668 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:13:04.0746 2668 VSS - ok
12:13:04.0949 2668 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
12:13:04.0995 2668 vToolbarUpdater11.2.0 - ok
12:13:05.0167 2668 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
12:13:05.0214 2668 vwifibus - ok
12:13:05.0245 2668 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
12:13:05.0307 2668 vwififlt - ok
12:13:05.0354 2668 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
12:13:05.0385 2668 vwifimp - ok
12:13:05.0448 2668 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:13:05.0526 2668 W32Time - ok
12:13:05.0557 2668 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
12:13:05.0573 2668 WacomPen - ok
12:13:05.0697 2668 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
12:13:05.0729 2668 WajamUpdater ( UnsignedFile.Multi.Generic ) - warning
12:13:05.0729 2668 WajamUpdater - detected UnsignedFile.Multi.Generic (1)
12:13:05.0775 2668 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:13:05.0869 2668 WANARP - ok
12:13:05.0885 2668 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:13:05.0931 2668 Wanarpv6 - ok
12:13:06.0087 2668 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:13:06.0150 2668 WatAdminSvc - ok
12:13:06.0321 2668 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:13:06.0415 2668 wbengine - ok
12:13:06.0571 2668 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:13:06.0618 2668 WbioSrvc - ok
12:13:06.0665 2668 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:13:06.0727 2668 wcncsvc - ok
12:13:06.0758 2668 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:13:06.0789 2668 WcsPlugInService - ok
12:13:06.0867 2668 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
12:13:06.0883 2668 Wd - ok
12:13:06.0977 2668 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:13:07.0023 2668 Wdf01000 - ok
12:13:07.0055 2668 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:13:07.0164 2668 WdiServiceHost - ok
12:13:07.0164 2668 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:13:07.0195 2668 WdiSystemHost - ok
12:13:07.0242 2668 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
12:13:07.0257 2668 wdkmd - ok
12:13:07.0304 2668 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:13:07.0367 2668 WebClient - ok
12:13:07.0413 2668 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:13:07.0491 2668 Wecsvc - ok
12:13:07.0523 2668 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:13:07.0554 2668 wercplsupport - ok
12:13:07.0585 2668 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:13:07.0663 2668 WerSvc - ok
12:13:07.0679 2668 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:13:07.0710 2668 WfpLwf - ok
12:13:07.0725 2668 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:13:07.0741 2668 WIMMount - ok
12:13:07.0788 2668 WinDefend - ok
12:13:07.0803 2668 WinHttpAutoProxySvc - ok
12:13:07.0897 2668 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:13:07.0959 2668 Winmgmt - ok
12:13:08.0178 2668 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:13:08.0256 2668 WinRM - ok
12:13:08.0443 2668 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
12:13:08.0490 2668 WinUsb - ok
12:13:08.0615 2668 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:13:08.0677 2668 Wlansvc - ok
12:13:08.0739 2668 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:13:08.0771 2668 wlcrasvc - ok
12:13:09.0051 2668 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:13:09.0098 2668 wlidsvc - ok
12:13:09.0270 2668 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:13:09.0317 2668 WmiAcpi - ok
12:13:09.0395 2668 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:13:09.0441 2668 wmiApSrv - ok
12:13:09.0488 2668 WMPNetworkSvc - ok
12:13:09.0629 2668 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
12:13:09.0660 2668 WMZuneComm - ok
12:13:09.0707 2668 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:13:09.0753 2668 WPCSvc - ok
12:13:09.0785 2668 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:13:09.0831 2668 WPDBusEnum - ok
12:13:09.0847 2668 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:13:09.0925 2668 ws2ifsl - ok
12:13:09.0956 2668 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:13:10.0003 2668 wscsvc - ok
12:13:10.0003 2668 WSearch - ok
12:13:10.0268 2668 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
12:13:10.0331 2668 wuauserv - ok
12:13:10.0518 2668 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:13:10.0596 2668 WudfPf - ok
12:13:10.0643 2668 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:13:10.0736 2668 WUDFRd - ok
12:13:10.0767 2668 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:13:10.0845 2668 wudfsvc - ok
12:13:10.0877 2668 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:13:10.0923 2668 WwanSvc - ok
12:13:11.0859 2668 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
12:13:11.0953 2668 ZuneNetworkSvc - ok
12:13:12.0125 2668 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
12:13:12.0156 2668 ZuneWlanCfgSvc - ok
12:13:12.0218 2668 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:13:12.0733 2668 \Device\Harddisk0\DR0 - ok
12:13:12.0733 2668 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
12:13:13.0232 2668 \Device\Harddisk1\DR1 - ok
12:13:13.0232 2668 Boot (0x1200) (f455b21c6a1bfab6e283d256461290ff) \Device\Harddisk0\DR0\Partition0
12:13:13.0248 2668 \Device\Harddisk0\DR0\Partition0 - ok
12:13:13.0279 2668 Boot (0x1200) (2ead8bc202620a2b3b8a1ae36936f742) \Device\Harddisk0\DR0\Partition1
12:13:13.0279 2668 \Device\Harddisk0\DR0\Partition1 - ok
12:13:13.0310 2668 Boot (0x1200) (b05c97b494c1b82c0171e2441952be94) \Device\Harddisk0\DR0\Partition2
12:13:13.0310 2668 \Device\Harddisk0\DR0\Partition2 - ok
12:13:13.0310 2668 Boot (0x1200) (99912bb0be03df68dbffd66f6c6f4848) \Device\Harddisk0\DR0\Partition3
12:13:13.0310 2668 \Device\Harddisk0\DR0\Partition3 - ok
12:13:13.0326 2668 Boot (0x1200) (72b00004f981a63e9ecc4ca132073e72) \Device\Harddisk1\DR1\Partition0
12:13:13.0326 2668 \Device\Harddisk1\DR1\Partition0 - ok
12:13:13.0326 2668 ============================================================
12:13:13.0326 2668 Scan finished
12:13:13.0326 2668 ============================================================
12:13:13.0341 5540 Detected object count: 5
12:13:13.0341 5540 Actual detected object count: 5


Malwarebytes

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: HPDV6 [administrator]

02/07/2012 12:18:51
mbam-log-2012-07-02 (12-18-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196877
Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\User\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)


And finally, OTL both OTL.txt and EXTRAS.txt

OTL logfile created on: 7/2/2012 12:26:19 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = F:\virus stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 75.36% Memory free
11.90 Gb Paging File | 10.24 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.26 Gb Total Space | 614.99 Gb Free Space | 89.88% Space Free | Partition Type: NTFS
Drive D: | 14.08 Gb Total Space | 1.56 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 298.02 Gb Total Space | 224.74 Gb Free Space | 75.41% Space Free | Partition Type: FAT32

Computer Name: HPDV6 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - F:\virus stuff\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel® Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (RapportMgmtService) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RosettaStoneDaemon) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Rosetta Stone Ltd.)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NETwNs64) ___ Intel® -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RapportKE64) -- C:\Windows\SysNative\drivers\RapportKE64.sys (Trusteer Ltd.)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (RapportCerberus_34302) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys ()
DRV - (RapportEI64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys (Trusteer Ltd.)
DRV - (RapportPG64) -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys (Trusteer Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{B5C07547-1AB3-4EE9-A515-9F65A33246BA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.searchonme.com/
IE - HKLM\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files (x86)\MakeMeBabies_2.0\prxtbMak0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{B5C07547-1AB3-4EE9-A515-9F65A33246BA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.search...q={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3198785
IE - HKCU\..\URLSearchHook: {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files (x86)\MakeMeBabies_2.0\prxtbMak0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-22 20:41:11&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B5C07547-1AB3-4EE9-A515-9F65A33246BA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.search...q={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{F6D959B4-65F0-4729-99E4-EEEDF31CFD3C}: "URL" = http://search.condui...&ctid=CT3198785
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3198785.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "SearchOnMe"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...1:11&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/20 18:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/14 17:19:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/14 17:18:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/06/22 20:41:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/20 14:58:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/20 15:00:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012/07/02 11:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\itfnqqri.default\extensions
[2012/06/14 17:14:20 | 000,000,000 | ---D | M] (WhiteSmoke US) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\itfnqqri.default\extensions\{cce665dd-f6dd-4808-968e-eaec971f70ef}
[2012/04/01 14:05:47 | 000,000,000 | ---D | M] (CodecC) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\itfnqqri.default\extensions\[email protected]
[2012/06/22 19:04:10 | 000,000,919 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\searchplugins\conduit.xml
[2012/03/31 18:35:58 | 000,000,464 | ---- | M] () -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\searchplugins\SearchOnMe.xml
[2012/04/17 17:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/17 17:04:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/14 17:18:14 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/14 17:19:44 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/06/22 20:41:19 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.0.0.9
[2012/05/14 22:28:57 | 000,340,198 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITFNQQRI.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
File not found (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ITFNQQRI.DEFAULT\EXTENSIONS\[email protected]
[2012/02/16 15:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/22 20:41:08 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 12:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 12:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Wajam (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: CodecC = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg\1.0_0\
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Wajam = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Codec-V = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: AVG Do Not Track = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/02 11:57:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (MakeMeBabies 2.0 Toolbar) - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files (x86)\MakeMeBabies_2.0\prxtbMak0.dll (Conduit Ltd.)
O2 - BHO: (CodecC Class) - {FE7CCF3D-B190-4038-9A3E-C0B50979D48E} - C:\ProgramData\CodecC\bhoclass.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WhiteSmoke US Toolbar) - {cce665dd-f6dd-4808-968e-eaec971f70ef} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MakeMeBabies 2.0 Toolbar) - {d4330680-c0ae-4226-8a21-0afe2fd1ac24} - C:\Program Files (x86)\MakeMeBabies_2.0\prxtbMak0.dll䰀 File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke US Toolbar) - {CCE665DD-F6DD-4808-968E-EAEC971F70EF} - C:\Program Files (x86)\WhiteSmoke_US\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MakeMeBabies 2.0 Toolbar) - {D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - C:\Program Files (x86)\MakeMeBabies_2.0\prxtbMak0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\User\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/21 21:00:00 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/07/02 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/07/02 12:17:41 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/02 12:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/02 12:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/02 12:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/02 12:17:21 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/02 12:07:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/02 12:01:16 | 002,134,616 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2012/07/02 11:59:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/02 11:45:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/02 11:45:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/02 11:45:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/02 11:36:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/02 11:36:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/02 11:34:32 | 004,568,951 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/06/22 20:41:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/18 20:15:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Google
[2012/06/16 19:21:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{595289C2-4D6C-4651-AF6F-DBBCC3D29EBE}
[2012/06/14 19:43:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/14 19:37:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Deployment
[2012/06/14 19:37:48 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apps
[2012/06/14 17:27:04 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 17:27:04 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 17:27:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 17:27:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 17:27:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 17:27:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 17:27:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 17:27:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 17:26:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 17:26:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 17:26:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 17:26:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/14 17:26:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 17:20:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/06/14 17:19:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AVG Secure Search
[2012/06/14 17:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/14 17:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/14 17:19:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/06/14 17:18:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/14 17:18:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/14 17:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/06/14 17:17:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/06/14 17:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/14 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_US
[2012/06/14 17:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/06/14 17:12:54 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
[2012/06/14 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Wajam
[2012/06/14 17:12:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wajam
[2012/06/13 22:49:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 22:49:16 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 22:49:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 22:47:19 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 22:47:19 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 22:47:18 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 22:46:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 22:46:41 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 22:46:41 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 19:22:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DBA08431-2E73-4DF4-A0E6-6C20556D7791}
[2012/06/13 19:21:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{715D035D-4ECA-4434-892C-7825E1C7BA64}
[2012/06/03 18:53:09 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Electronic Arts
[2012/06/03 18:52:41 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/06/03 18:52:41 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

========== Files - Modified Within 30 Days ==========

[2012/07/02 12:32:24 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 12:32:24 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 12:31:41 | 002,698,902 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/02 12:31:41 | 001,160,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/02 12:31:41 | 000,005,202 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/02 12:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 12:23:58 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 12:17:41 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 11:57:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/02 11:02:34 | 000,001,150 | ---- | M] () -- C:\Users\User\Desktop\legtcp.reg
[2012/07/02 10:59:50 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\User\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/02 10:58:48 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe
[2012/07/02 10:58:32 | 004,568,951 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe
[2012/06/30 18:15:46 | 000,002,808 | ---- | M] () -- C:\newjunk
[2012/06/29 01:44:42 | 000,012,784 | ---- | M] () -- C:\Users\User\Desktop\BFE64.zip
[2012/06/28 23:31:26 | 000,000,554 | ---- | M] () -- C:\Users\User\Desktop\winsock2fix2.reg
[2012/06/28 12:21:38 | 000,003,792 | ---- | M] () -- C:\Users\User\Desktop\winsock2fix.reg
[2012/06/22 19:14:30 | 000,000,342 | ---- | M] () -- C:\WirelessDiagLog.csv
[2012/06/22 11:26:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
[2012/06/22 09:52:24 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
[2012/06/22 09:52:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/20 19:47:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
[2012/06/20 19:04:41 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
[2012/06/20 18:59:18 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/16 16:14:13 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job
[2012/06/16 16:14:02 | 000,415,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/14 17:20:48 | 000,034,764 | ---- | M] () -- C:\Users\User\AppData\Local\dt.dat
[2012/06/14 17:19:44 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

========== Files Created - No Company Name ==========

[2012/07/02 12:17:41 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/02 11:45:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/02 11:45:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/02 11:45:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/02 11:45:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/02 11:45:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/02 11:07:50 | 000,001,150 | ---- | C] () -- C:\Users\User\Desktop\legtcp.reg
[2012/06/30 18:15:46 | 000,002,808 | ---- | C] () -- C:\newjunk
[2012/06/29 01:46:52 | 000,012,784 | ---- | C] () -- C:\Users\User\Desktop\BFE64.zip
[2012/06/28 23:33:34 | 000,000,554 | ---- | C] () -- C:\Users\User\Desktop\winsock2fix2.reg
[2012/06/28 12:26:59 | 000,003,792 | ---- | C] () -- C:\Users\User\Desktop\winsock2fix.reg
[2012/06/22 19:14:16 | 000,000,342 | ---- | C] () -- C:\WirelessDiagLog.csv
[2012/06/14 19:42:51 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
[2012/06/14 19:42:50 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
[2012/06/14 17:20:48 | 000,034,764 | ---- | C] () -- C:\Users\User\AppData\Local\dt.dat
[2012/06/14 17:19:44 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/04 16:59:52 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012/05/04 16:59:52 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2012/02/09 13:23:11 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/28 13:53:46 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/11/28 13:53:46 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/11/28 13:53:46 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/11/28 13:53:46 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/11/28 13:53:46 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/11/28 13:53:46 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/11/28 13:53:46 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/11/28 13:53:46 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/11/28 13:53:46 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/11/28 13:53:46 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/11/28 13:53:46 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/11/28 13:53:46 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/11/28 13:53:46 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/11/28 13:53:46 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/11/28 13:53:46 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/11/28 13:53:46 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/11/28 13:53:46 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/11/28 13:53:46 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/11/28 13:53:46 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/07 22:57:22 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/24 19:23:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/24 19:14:43 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/08/24 19:13:31 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/08/24 19:13:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/08/24 19:13:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/08/24 19:13:29 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/24 19:09:15 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/06/21 20:32:02 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/02/23 00:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

< End of report >


OTL Extras logfile created on: 7/2/2012 12:26:19 PM - Run 4
OTL by OldTimer - Version 3.2.53.0 Folder = F:\virus stuff
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.95 Gb Total Physical Memory | 4.48 Gb Available Physical Memory | 75.36% Memory free
11.90 Gb Paging File | 10.24 Gb Available in Paging File | 86.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.26 Gb Total Space | 614.99 Gb Free Space | 89.88% Space Free | Partition Type: NTFS
Drive D: | 14.08 Gb Total Space | 1.56 Gb Free Space | 11.09% Space Free | Partition Type: NTFS
Drive E: | 3.66 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 298.02 Gb Total Space | 224.74 Gb Free Space | 75.41% Space Free | Partition Type: FAT32

Computer Name: HPDV6 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{173F5800-615F-4DAC-8654-D229E0171EAC}" = lport=138 | protocol=17 | dir=in | app=system |
"{319C554D-6423-4D0A-A44E-3F439597F783}" = rport=138 | protocol=17 | dir=out | app=system |
"{5387EB9C-A648-484E-B60A-0B88F29A70A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{5E6A9B48-90FE-4FA8-9E7D-21353BA533B9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75F09D14-153C-44AC-AAD2-27AD04F75ECF}" = lport=445 | protocol=6 | dir=in | app=system |
"{762FED71-6619-4C36-9443-336069B78873}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AB09C2F-37BB-4919-94FC-49A946A1CCCE}" = rport=139 | protocol=6 | dir=out | app=system |
"{7FB19B53-2049-49ED-AA8E-86CB9978E711}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8530809B-4C80-4C44-9E96-3531856521A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9EA7CA72-055B-4C23-82C6-D19504E86089}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9A40DEB-28B7-463D-B576-6E0DC1075359}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1F41501-AFA3-487D-B651-A3D30D4697B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{279D5AC5-2514-4894-97EF-2E9E3CF9998E}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F2846C6-B5F6-4124-8782-1C9D361C251C}" = protocol=58 | dir=out | [email protected],-28546 |
"{5726E514-C4E4-452E-882A-215E7A96C5D6}" = protocol=1 | dir=out | [email protected],-28544 |
"{A324842E-F175-418F-B42C-BB09C43052DF}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics TouchPad Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = CodecC
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C5AB11A-2DDB-49E6-9FC0-CFD88A7DDFE4}" = HP Documentation
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4010ADCB-1347-D570-FCF1-3002CABEBD2F}" = Rosetta Stone TOTALe
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}" = Rosetta Stone Ltd Services
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1FEA5E-8DB8-AD80-5C14-AEF33D16EF5A}" = Rosetta Stone TOTALe
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skypeô 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BabyMaker_is1" = BabyMaker v1.5
"com.rosettastone.rosettastonetotale" = Rosetta Stone TOTALe
"DivX Setup" = DivX Setup
"EPSON Scanner" = EPSON Scan
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD
"MakeMeBabies_2.0 Toolbar" = MakeMeBabies 2.0 Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Premiumplay Codec-C" = Premiumplay Codec-C
"ProInst" = Intel PROSet Wireless
"Rapport_msi" = Rapport
"Wajam" = Wajam
"WhiteSmoke_US Toolbar" = WhiteSmoke US Toolbar
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"WT089504" = Final Drive Nitro

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2012 4:07:38 PM | Computer Name = HPDV6 | Source = System Restore | ID = 8200
Description = Failed to initiate System Restore (Windows Update).

Error - 6/22/2012 4:10:27 PM | Computer Name = HPDV6 | Source = VSS | ID = 12305
Description = Volume Shadow Copy Service error: Volume/disk not connected or not
found. Error context: GetComputerNameEx(3, NULL, [0]) [0]. Operation: Processing
BeginPrepareSnapshot Snapshot Context Context: Execution Context: System Provider

Volume Name: \\?\Volume{684b341b-d9d4-11e0-b1c2-806e6f6e6963}\ Snapshot ID:
{d8981402-330b-4a2f-9ce2-e2008b9b3f42}

Error - 6/22/2012 4:10:27 PM | Computer Name = HPDV6 | Source = System Restore | ID = 8200
Description = Failed to initiate System Restore (Windows Update).

Error - 6/22/2012 4:12:38 PM | Computer Name = HPDV6 | Source = VSS | ID = 12305
Description = Volume Shadow Copy Service error: Volume/disk not connected or not
found. Error context: GetComputerNameEx(3, NULL, [0]) [0]. Operation: Processing
BeginPrepareSnapshot Snapshot Context Context: Execution Context: System Provider

Volume Name: \\?\Volume{684b341b-d9d4-11e0-b1c2-806e6f6e6963}\ Snapshot ID:
{bfc76525-b1f6-4b30-a813-98878ba45322}

Error - 6/22/2012 4:12:38 PM | Computer Name = HPDV6 | Source = System Restore | ID = 8200
Description = Failed to initiate System Restore (Installed AVG 2012).

Error - 6/22/2012 5:50:16 PM | Computer Name = HPDV6 | Source = ATIeRecord | ID = 16398
Description = ATI EEU failed to post message to CCC

Error - 6/23/2012 2:49:37 AM | Computer Name = HPDV6 | Source = Schedule | ID = 0
Description =

Error - 6/23/2012 2:49:40 AM | Computer Name = HPDV6 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr
= 0x80070005, Access is denied. . Operation: Initializing Writer Context: Writer
Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer
Writer Instance ID: {8a262bf6-b2ea-4f09-a0ca-91e93e3d4fb8}

Error - 6/23/2012 2:49:54 AM | Computer Name = HPDV6 | Source = WinMgmt | ID = 10
Description =

Error - 6/23/2012 2:57:12 AM | Computer Name = HPDV6 | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 5.8.0.158 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: afc Start Time:
01cd510c5cc65898 Termination Time: 0 Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
Id:

[ Hewlett-Packard Events ]
Error - 12/22/2011 10:17:15 AM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 1/19/2012 12:57:46 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 1/30/2012 3:09:27 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 1/30/2012 3:10:59 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 4/9/2012 1:12:02 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 4/9/2012 1:12:23 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 4/9/2012 1:12:24 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 6/22/2012 2:19:43 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

Error - 6/22/2012 2:19:44 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828HPSF.exe at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: The dependency service or group failed to start.
(Exception from HRESULT: 0x8007042C) Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 6091
Ram
Utilization: TargetSite: Void RaiseExceptionIfNecessary()

Error - 6/22/2012 3:29:31 PM | Computer Name = HPDV6 | Source = HPSF.exe | ID = 4000
Description =

[ HP Connection Manager Events ]
Error - 2/15/2012 7:31:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:31:13.265|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:32:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:32:13.262|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:33:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:33:13.260|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:34:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:34:13.258|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:35:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:35:13.255|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:36:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:36:13.269|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:37:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:37:13.266|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/15/2012 7:38:13 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/15 23:38:13.264|00001A18|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/18/2012 1:17:28 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/18 17:17:28.561|00001610|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 2/19/2012 3:15:38 PM | Computer Name = HPDV6 | Source = hpCMSrv | ID = 5
Description = 2012/02/19 19:15:38.664|00001AF4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ HP Software Framework Events ]
Error - 6/28/2012 9:09:53 PM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/06/29 02:09:53.555|00000A84|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/29/2012 5:34:55 PM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/06/29 22:34:55.694|00001078|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/29/2012 5:39:51 PM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/06/29 22:39:51.737|00001210|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/30/2012 7:28:52 AM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/06/30 12:28:52.722|000017FC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/30/2012 7:34:11 AM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/06/30 12:34:11.650|00000FD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 6/30/2012 1:34:01 PM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/06/30 18:34:01.307|000009E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 7/2/2012 6:11:39 AM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/07/02 11:11:39.738|000004BC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 7/2/2012 6:43:50 AM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/07/02 11:43:50.026|000008C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 7/2/2012 7:09:33 AM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/07/02 12:09:33.039|000002F0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 7/2/2012 7:26:37 AM | Computer Name = HPDV6 | Source = CaslWmi | ID = 5
Description = 2012/07/02 12:26:37.220|00001164|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

[ System Events ]
Error - 6/14/2012 12:47:51 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2709715).

Error - 6/14/2012 12:47:51 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2709630).

Error - 6/14/2012 12:47:51 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 3.5.1 on Windows
7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2686831).

Error - 6/14/2012 12:47:51 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2686827).

Error - 6/14/2012 12:48:04 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2667402).

Error - 6/14/2012 12:48:04 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Windows Malicious Software Removal Tool x64 - June 2012
(KB890830).

Error - 6/14/2012 12:48:04 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server
2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368).

Error - 6/14/2012 12:48:04 PM | Computer Name = HPDV6 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Definition Update for Microsoft Office 2010 (KB982726) 32-Bit
Edition.

Error - 6/14/2012 1:20:22 PM | Computer Name = HPDV6 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:19:09 on ?14/?06/?2012 was unexpected.

Error - 6/14/2012 1:22:16 PM | Computer Name = HPDV6 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 18:20:53 on ?14/?06/?2012 was unexpected.


< End of report >


  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
On a US based PC the usual problem with VEW is that you forgot to right click on it and Run As Admin.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You have both AVG 2012 and Microsoft Security Essentials installed. Two anti-viruses will fight each other so uninstall Microsoft Security Essentials.

Also uninstall:
Facebook Messenger 2.1.4520.0
Javaô 6 Update 24 (64-bit)
BabyMaker v1.5
MakeMeBabies 2.0 Toolbar
Premiumplay Codec-C
WhiteSmoke US Toolbar
Intelģ Management Engine Components

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\kwycbiai.sys
c:\windows\system32\drivers\mzpabmyj.sys
c:\windows\system32\drivers\ummpkzbo.sys
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job

Folder::
c:\users\User\AppData\Local\Facebook

Driver::
kwycbiai
mzpabmyj
ummpkzbo

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

IF
sc start dhcp

still says access denied then go into regedit and make sure that Administrator has full control similar to how you did BFE for

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dhcp


then try and start it.
  • 0

Advertisements


#41
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
sc start dhpc works


ComboFix 12-07-02.01 - User 03/07/2012 14:09:25.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.4141 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk"
"c:\windows\system32\drivers\kwycbiai.sys"
"c:\windows\system32\drivers\mzpabmyj.sys"
"c:\windows\system32\drivers\ummpkzbo.sys"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\AppData\Local\Facebook
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies-journal
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\Cookies
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_0
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_1
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_2
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\data_3
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000001
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000002
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000003
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000004
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000005
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000006
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000007
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000008
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000009
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000a
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000b
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000c
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000d
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000e
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_00000f
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000010
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000011
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000012
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000013
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000014
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\f_000015
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\index
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.cache\Local Storage\https_www.facebook.com_0.localstorage
c:\users\User\AppData\Local\Facebook\Messenger\fbmessenger.settings
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\User\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_kwycbiai
-------\Service_mzpabmyj
-------\Service_ummpkzbo
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 13:17 . 2012-07-03 13:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 11:18 . 2012-07-02 11:18 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-07-02 11:17 . 2012-07-02 11:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 11:17 . 2012-07-02 11:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 11:17 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 18:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F0D863-F636-4EB9-9EC8-87E53285F377}\mpengine.dll
2012-06-19 16:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 18:37 . 2012-06-14 18:42 -------- d-----w- c:\users\User\AppData\Local\Deployment
2012-06-14 18:37 . 2012-06-14 18:37 -------- d-----w- c:\users\User\AppData\Local\Apps
2012-06-14 16:26 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-14 16:18 . 2012-06-14 16:18 -------- d--h--w- c:\programdata\Common Files
2012-06-14 16:17 . 2012-07-03 12:43 -------- d-----w- c:\programdata\AVG2012
2012-06-14 16:17 . 2012-07-03 12:41 -------- d-----w- C:\$AVG
2012-06-14 16:16 . 2012-06-14 16:16 -------- d-----w- c:\program files (x86)\AVG
2012-06-14 16:12 . 2012-07-03 12:42 -------- d-----w- c:\programdata\MFAData
2012-06-14 16:12 . 2012-06-14 16:12 -------- d-----w- c:\users\User\AppData\Local\Wajam
2012-06-14 16:12 . 2012-06-14 16:13 -------- d-----w- c:\program files (x86)\Wajam
2012-06-13 21:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:49 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:49 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:47 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:47 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:47 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:46 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:46 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 15:45 . 2012-02-10 12:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{212B196C-CB75-426F-96C1-6F5561777E7E}\gapaengine.dll
2012-06-03 17:52 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-06-03 17:52 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 20:43 . 2011-08-24 18:33 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-05-10 20:43 . 2011-02-02 13:31 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-10 20:43 . 2011-02-02 13:31 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_10.57.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-02 10:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-03 13:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-03 13:18 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-02 10:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-03 13:18 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-02 10:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:30 . 2012-02-09 12:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-03 13:00 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-07-03 13:18 . 2012-07-03 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 10:41 . 2012-07-02 10:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 13:18 . 2012-07-03 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-02 10:41 . 2012-07-02 10:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2012-02-09 12:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-03 13:00 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-03 13:00 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-09 12:26 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-07-02 10:40 385824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-03 13:18 385824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-03 12:46 2750184 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 12:46 1186056 c:\windows\system32\perfc009.dat
+ 2011-08-24 18:43 . 2012-07-03 13:18 1451760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-24 18:43 . 2012-07-02 10:40 1451760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-09 13:07 . 2012-07-03 13:18 4906643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-994528280-2121472671-3622734427-1000-8192.dat
- 2011-09-09 13:07 . 2012-07-02 10:40 4906643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-994528280-2121472671-3622734427-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}]
2012-03-28 15:45 140800 ----a-w- c:\programdata\CodecC\bhoclass.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-19 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-10 75048]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/10 21:45;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-24 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-01-06 84096]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-01-06 188032]
R3 AMPPALP;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-12 63760]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-12 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-12 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-02-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-15 203776]
S2 AMPPALR3;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-19 2413056]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-12 931640]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-15 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-15 301056]
S3 AMPPAL;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-19 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-01-19 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-01-19 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-19 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:25]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 18:42]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 18:42]
.
2012-06-16 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-09 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF25576.3XE" [2010-11-21 345088]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.searchonme.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bba6e3952-795b-4d6f-b83a-588e7c8357a8%7D&mid=cad89e2ce84747d084c37d3bcf8b6b41-0c00e3f88bf6fae0da98b01a9d34e759bdfc1878&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-06-22%2020%3A41%3A11&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d4330680-c0ae-4226-8a21-0afe2fd1ac24} - (no file)
URLSearchHooks-{cce665dd-f6dd-4808-968e-eaec971f70ef} - (no file)
WebBrowser-{D4330680-C0AE-4226-8A21-0AFE2FD1AC24} - (no file)
WebBrowser-{CCE665DD-F6DD-4808-968E-EAEC971F70EF} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
.
**************************************************************************
.
Completion time: 2012-07-03 14:24:16 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-03 13:24
ComboFix2.txt 2012-07-02 10:59
.
Pre-Run: 660,856,709,120 bytes free
Post-Run: 660,606,296,064 bytes free
.
- - End Of File - - 73B8042A8FBB9DF8D9F4EC6C8F18A659


  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
I don't like this:

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}]
2012-03-28 15:45 140800 ----a-w- c:\programdata\CodecC\bhoclass.dll

I thought we had uninstalled it. I guess we need to do another CF run:



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

Firefox::


Folder::
c:\programdata\CodecC

Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FE7CCF3D-B190-4038-9A3E-C0B50979D48E}]

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

One other thing we can try with the networking:

Right click on (My) Computer and select Manage, Continue, then Device Manager. Find the Network Adapters entry in the right pane and hit the arrow in front in order to open it up

right click on each sub entry and Delete then reboot. Windows will detect them and reinstall them. Perhaps it will get it right when it does. IF that doesn't work then the only thing we can try is the one I mentioned before:

Do you have the file:

C:\WINDOWS\inf\nettcpip.inf

IF so. Back up your registry:

http://pcsupport.abo...backupxpreg.htm

Then see if you can follow the steps in the Hardcore method when nothing else is working section on

http://smokeys.wordp...p3-tcpip-stack/

Ron
  • 0

#43
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
What do you think is the actual problem to all of this? Is it still a virus/malware problem or is it damaged files? I will run that again.
  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,790 posts
  • MVP
I don't see any virus left so I would say it is damaged files or damaged registry.
  • 0

#45
ypkx

ypkx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Going to try and delete and make windows reinstall.

ComboFix 12-07-02.01 - User 03/07/2012 16:36:27.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6092.4312 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\CodecC
c:\programdata\CodecC\background.html
c:\programdata\CodecC\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\CodecC\bhoclass.dll
c:\programdata\CodecC\content.js
c:\programdata\CodecC\data\content.js
c:\programdata\CodecC\data\jsondb.js
c:\programdata\CodecC\settings.ini
c:\programdata\CodecC\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 15:44 . 2012-07-03 15:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 11:18 . 2012-07-02 11:18 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-07-02 11:17 . 2012-07-02 11:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-02 11:17 . 2012-07-02 11:17 -------- d-----w- c:\programdata\Malwarebytes
2012-07-02 11:17 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 18:04 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8F0D863-F636-4EB9-9EC8-87E53285F377}\mpengine.dll
2012-06-19 16:15 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 18:37 . 2012-06-14 18:42 -------- d-----w- c:\users\User\AppData\Local\Deployment
2012-06-14 18:37 . 2012-06-14 18:37 -------- d-----w- c:\users\User\AppData\Local\Apps
2012-06-14 16:26 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-14 16:18 . 2012-06-14 16:18 -------- d--h--w- c:\programdata\Common Files
2012-06-14 16:17 . 2012-07-03 12:43 -------- d-----w- c:\programdata\AVG2012
2012-06-14 16:17 . 2012-07-03 12:41 -------- d-----w- C:\$AVG
2012-06-14 16:16 . 2012-06-14 16:16 -------- d-----w- c:\program files (x86)\AVG
2012-06-14 16:12 . 2012-07-03 12:42 -------- d-----w- c:\programdata\MFAData
2012-06-14 16:12 . 2012-06-14 16:12 -------- d-----w- c:\users\User\AppData\Local\Wajam
2012-06-14 16:12 . 2012-06-14 16:13 -------- d-----w- c:\program files (x86)\Wajam
2012-06-13 21:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 21:49 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 21:49 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 21:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 21:47 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 21:47 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 21:47 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 21:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 21:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 21:46 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 21:46 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 21:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 21:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 21:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 21:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 21:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 21:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-12 15:45 . 2012-02-10 12:18 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{212B196C-CB75-426F-96C1-6F5561777E7E}\gapaengine.dll
2012-06-03 17:52 . 2006-09-28 15:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll
2012-06-03 17:52 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-10 20:43 . 2011-08-24 18:33 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-05-10 20:43 . 2011-02-02 13:31 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-10 20:43 . 2011-02-02 13:31 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
.
.
((((((((((((((((((((((((((((( [email protected]_10.57.35 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-02 10:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-03 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-03 15:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-02 10:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-03 15:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-02 10:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:30 . 2012-02-09 12:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-03 13:00 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2012-07-03 15:30 . 2012-07-03 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-02 10:41 . 2012-07-02 10:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-03 15:30 . 2012-07-03 15:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-02 10:41 . 2012-07-02 10:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:30 . 2012-02-09 12:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-03 13:00 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-03 13:00 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-02-09 12:26 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:01 . 2012-07-02 10:40 385824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-03 14:42 385824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-07-03 15:34 2767278 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-03 15:34 1194730 c:\windows\system32\perfc009.dat
+ 2011-08-24 18:43 . 2012-07-03 14:42 1451760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-24 18:43 . 2012-07-02 10:40 1451760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-09-09 13:07 . 2012-07-03 14:42 4906643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-994528280-2121472671-3622734427-1000-8192.dat
- 2011-09-09 13:07 . 2012-07-02 10:40 4906643 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-994528280-2121472671-3622734427-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-01-19 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-05-10 75048]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/05/10 21:45;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-24 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-01-06 84096]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-01-06 188032]
R3 AMPPALP;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-07 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-12 63760]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-12 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-12 61712]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-02-09 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-15 203776]
S2 AMPPALR3;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-19 2413056]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-12 931640]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-03-31 1646056]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-15 9259520]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-15 301056]
S3 AMPPAL;Intel∆ Centrino∆ Wireless Bluetooth∆ 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-01-24 274944]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-01-24 59904]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-01-27 12273408]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2012-01-19 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-01-19 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-01-19 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-19 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-02-17 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:25]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-05 13:25]
.
2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 18:42]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-994528280-2121472671-3622734427-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 18:42]
.
2012-06-16 c:\windows\Tasks\HPCeeScheduleForUser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-27 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-09 1128448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3198785
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://search.searchonme.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\itfnqqri.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3198785&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bba6e3952-795b-4d6f-b83a-588e7c8357a8%7D&mid=cad89e2ce84747d084c37d3bcf8b6b41-0c00e3f88bf6fae0da98b01a9d34e759bdfc1878&ds=AVG&v=11.0.0.9&lang=en&pr=fr&d=2012-06-22%2020%3A41%3A11&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\CodecC\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2012-07-03 16:46:03
ComboFix-quarantined-files.txt 2012-07-03 15:46
ComboFix2.txt 2012-07-03 13:24
ComboFix3.txt 2012-07-02 10:59
.
Pre-Run: 660,497,633,280 bytes free
Post-Run: 660,377,505,792 bytes free
.
- - End Of File - - F22EDFBA716958B53A5E3116345E423A


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP