Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win-32-downloader-plx [Solved]

Started by chelsearick64 , Jul 22 2012 07:00 PM

  • This topic is locked This topic is locked

#1
chelsearick64
Posted 22 July 2012 - 07:00 PM

chelsearick64

    Member

  • Member
  • PipPip
  • 18 posts
I get frequent notifications from Avast blocking win32-downloader-plx and url:mal.

I was also getting frequent redirects from google searches. I followed the instructions here:

http://www.geekstogo...ogle-redirects/

and haven't had problems since, but that hasn't been long.

Here is my OTL logfile:

OTL logfile created on: 7/22/2012 8:30:50 PM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rick\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 57.59% Memory free
7.60 Gb Paging File | 5.76 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.06 Gb Total Space | 320.85 Gb Free Space | 70.20% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 20:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2012/07/12 11:35:16 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/12/09 06:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 18:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 22:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/15 22:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/23 13:31:44 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/19 18:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/01/19 18:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/01/19 18:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 14:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/15 23:59:44 | 000,907,264 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/09/15 23:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 20:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012/07/17 21:32:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 12:35:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/12/01 06:36:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/18 13:52:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/26 22:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/07 15:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 22:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/01 02:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 17:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/13 09:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/22 13:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 14:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 01:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/16 01:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/09/16 01:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/07/21 15:42:26 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/21 15:42:26 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/21 15:42:26 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/21 15:42:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {319B5A4E-159B-4EED-A56E-F08CF4C34D0C}
IE:64bit: - HKLM\..\SearchScopes\{319B5A4E-159B-4EED-A56E-F08CF4C34D0C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A6AA2B96-DEEF-460A-A745-207513DAA9D6}
IE - HKLM\..\SearchScopes\{A6AA2B96-DEEF-460A-A745-207513DAA9D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {C6850134-E788-4359-9249-815CCBA8AB02}
IE - HKCU\..\SearchScopes\{C6850134-E788-4359-9249-815CCBA8AB02}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo....?t=0&refresh=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:7.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.06
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rick\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/12 11:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/25 22:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/25 22:03:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/12/07 20:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
[2012/07/17 19:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions
[2010/12/07 20:43:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/17 05:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/02/20 22:09:34 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2012/02/20 21:57:48 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2011/08/09 19:55:16 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2010/12/07 20:43:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2011/04/09 15:47:08 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2011/02/17 07:30:16 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2010/03/28 15:20:23 | 000,005,500 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\foodtv.xml
[2009/07/05 15:10:46 | 000,001,157 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\freedict.xml
[2011/09/04 17:09:54 | 000,004,855 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\google-images.xml
[2008/06/22 16:59:18 | 000,000,908 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\IMDB.xml
[2011/09/04 17:09:47 | 000,002,123 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\qrobeit.xml
[2008/06/22 16:59:18 | 000,000,681 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\webster.xml
[2008/06/22 16:59:16 | 000,001,108 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\wikipedia-en.xml
[2012/06/09 20:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/12 11:03:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/13 06:26:44 | 000,052,880 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\{A0FAA0A4-F1A7-4098-9A74-21EFC3A92372}.XPI
[2012/02/07 06:24:46 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[2012/07/17 19:42:46 | 000,186,203 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[2011/12/23 08:22:13 | 000,599,045 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[1832/11/29 00:22:58 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[2012/07/17 21:32:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/17 23:31:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/17 23:31:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DX Studio Plugin (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npDXStudioPlugin.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rick\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Apple] C:\Users\Rick\AppData\Local\Apple\evyqvjrt.dll (VDOnet Corp.)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://usabhembma08....com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{078F79EF-C298-4CE1-A86D-CA389431069E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9343803F-78E5-4497-805E-44EA9E688F7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 20:29:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/07/22 20:08:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Rick\Desktop\GooredFix.exe
[2012/07/22 19:32:50 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTM.exe
[2012/07/19 20:22:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/07/16 18:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\JavaRa-1.16-22-6-12
[2012/07/16 18:47:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/07/15 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\directv
[2012/07/13 19:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\tdsskiller
[2012/07/13 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\GooredFix Backups
[2012/07/13 19:11:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/11 22:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/11 09:48:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/09 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/09 11:37:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/09 11:16:07 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\malware
[2012/07/09 09:41:47 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Malwarebytes
[2012/07/09 09:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 09:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/09 09:41:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/09 09:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/29 21:34:44 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\attachments_2012_06_25(1)

========== Files - Modified Within 30 Days ==========

[2012/07/22 20:35:25 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/22 20:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/07/22 20:08:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Rick\Desktop\GooredFix.exe
[2012/07/22 19:48:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 19:48:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 19:43:02 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 19:43:02 | 000,014,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 19:35:04 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/22 19:34:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/22 19:34:45 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 19:32:54 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTM.exe
[2012/07/22 18:56:24 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 18:56:24 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 18:56:24 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/19 20:23:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/07/17 21:32:30 | 000,002,046 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/17 21:14:48 | 002,117,152 | ---- | M] () -- C:\Users\Rick\Desktop\tdsskiller.zip
[2012/07/16 18:55:21 | 000,001,221 | ---- | M] () -- C:\Users\Rick\Desktop\Install JavaRa.lnk
[2012/07/16 18:54:51 | 000,164,726 | ---- | M] () -- C:\Users\Rick\Desktop\JavaRa-1.16-22-6-12.zip
[2012/07/16 05:21:30 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/16 05:21:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/12 11:08:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 10:57:30 | 000,456,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 22:43:38 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 09:48:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/27 09:00:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/25 10:23:51 | 004,561,879 | ---- | M] () -- C:\Users\Rick\Documents\attachments_2012_06_25(1).zip

========== Files Created - No Company Name ==========

[2012/07/16 18:55:21 | 000,001,221 | ---- | C] () -- C:\Users\Rick\Desktop\Install JavaRa.lnk
[2012/07/16 18:54:51 | 000,164,726 | ---- | C] () -- C:\Users\Rick\Desktop\JavaRa-1.16-22-6-12.zip
[2012/07/13 20:48:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/13 18:51:35 | 002,117,152 | ---- | C] () -- C:\Users\Rick\Desktop\tdsskiller.zip
[2012/07/11 22:43:38 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 09:49:52 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 10:23:51 | 004,561,879 | ---- | C] () -- C:\Users\Rick\Documents\attachments_2012_06_25(1).zip
[2012/06/21 22:42:40 | 000,007,605 | ---- | C] () -- C:\Users\Rick\AppData\Local\Resmon.ResmonCfg
[2012/04/25 21:58:43 | 000,228,966 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012/04/25 21:58:43 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012/04/15 17:54:33 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/12 20:43:55 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}\@
[2012/01/12 20:43:55 | 000,002,048 | -HS- | C] () -- C:\Users\Rick\AppData\Local\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}\@
[2010/12/20 20:29:08 | 002,440,206 | ---- | C] () -- C:\Users\Rick\AppData\Local\[j0003]-[p01].bmp
[2010/12/12 22:39:45 | 000,229,023 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/12/12 22:39:45 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/12/07 20:01:55 | 000,000,168 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
[2010/12/07 19:54:57 | 000,000,632 | RHS- | C] () -- C:\Users\Rick\ntuser.pol
[2010/12/01 08:05:38 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/01 08:05:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/12/01 08:05:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/12/01 08:05:36 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/12/01 08:05:34 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/12/01 06:46:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== LOP Check ==========

[2011/01/27 22:32:24 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Amazon
[2011/08/21 16:27:43 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\ESBUnitConv
[2012/04/06 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Mp3tag
[2011/08/03 21:06:56 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Opera
[2011/03/04 23:02:37 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\PCDr
[2012/01/30 19:24:08 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\pdfforge
[2010/12/07 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Template
[2012/07/22 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TeraCopy
[2011/01/07 21:53:13 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\UnitConverter
[2011/12/14 16:04:51 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\webex
[2012/06/27 09:00:28 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/26 10:01:28 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/22 19:35:04 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
maliprog
Posted 23 July 2012 - 12:18 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello chelsearick64 and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    C:\Windows\Installer\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}
    C:\Users\Rick\AppData\Local\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}
    ipconfig /flushdns /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply

Step 3

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Verify Driver Digital Signature
    • Detect TDLFS file system
  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
  • TDSSKiller log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
chelsearick64
Posted 23 July 2012 - 06:32 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Log:

========== OTL ==========
========== FILES ==========
C:\Windows\Installer\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}\L folder moved successfully.
C:\Windows\Installer\{1bb769e2-108f-cf69-de37-7dfc9c43d1df} folder moved successfully.
C:\Users\Rick\AppData\Local\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}\U folder moved successfully.
C:\Users\Rick\AppData\Local\{1bb769e2-108f-cf69-de37-7dfc9c43d1df}\L folder moved successfully.
C:\Users\Rick\AppData\Local\{1bb769e2-108f-cf69-de37-7dfc9c43d1df} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Rick\Desktop\cmd.bat deleted successfully.
C:\Users\Rick\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_053913
  • 0

#4
chelsearick64
Posted 23 July 2012 - 06:33 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Combofix log:

ComboFix 12-07-21.01 - Rick 07/23/2012 6:11.1.4 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3893.2212 [GMT -4:00]
Running from: c:\users\Rick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-23 to 2012-07-23 )))))))))))))))))))))))))))))))
.
.
2012-07-23 10:23 . 2012-07-23 10:23 -------- d-----w- c:\users\Misty\AppData\Local\temp
2012-07-23 10:23 . 2012-07-23 10:23 -------- d-----w- c:\users\Hannah\AppData\Local\temp
2012-07-23 10:23 . 2012-07-23 10:23 -------- d-----w- c:\users\Gabby\AppData\Local\temp
2012-07-23 10:23 . 2012-07-23 10:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-23 09:36 . 2012-07-23 09:36 -------- d-----w- C:\_OTL
2012-07-20 20:00 . 2012-07-20 20:00 -------- d-----w- c:\users\Gabby\AppData\Local\Google
2012-07-20 07:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F419C0D6-A6DA-4DD4-967B-797E38455D25}\mpengine.dll
2012-07-16 22:47 . 2012-07-16 22:47 -------- d-----w- c:\windows\system32\appmgmt
2012-07-13 23:11 . 2012-07-13 23:11 -------- d-----w- C:\_OTM
2012-07-12 17:07 . 2012-07-12 17:07 -------- d-----w- c:\users\Misty\AppData\Local\Google
2012-07-11 18:36 . 2012-06-09 05:30 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 13:48 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 13:48 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 13:47 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 13:41 . 2012-07-09 13:41 -------- d-----w- c:\users\Rick\AppData\Roaming\Malwarebytes
2012-07-09 13:41 . 2012-07-09 13:41 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 13:41 . 2012-07-12 15:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 13:41 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 16:35 . 2012-04-04 00:32 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 16:35 . 2011-05-14 19:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:43 . 2010-12-13 02:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 16:21 . 2012-03-25 20:46 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-07-27 23:08 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2011-07-27 23:08 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2011-07-27 23:08 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-27 23:08 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2011-07-27 23:08 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2011-07-27 23:08 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2011-07-27 23:08 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-07-27 23:08 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-02 22:19 . 2012-06-22 09:13 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 09:14 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 09:14 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 09:14 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 09:13 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 09:14 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 09:13 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 09:13 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 09:13 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2010-12-16 02:08 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:56 . 2012-06-14 17:34 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-14 17:33 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-14 17:34 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-05 14:28 . 2012-05-05 14:29 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 14:28 . 2010-12-01 10:28 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 10:52 . 2012-06-14 17:35 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:08 . 2012-06-14 17:35 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08 . 2012-06-14 17:35 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 05:32 . 2012-06-14 17:35 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:50 . 2012-06-14 17:22 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:34 . 2012-06-14 17:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:34 . 2012-06-14 17:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:28 . 2012-06-14 17:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 15:28 1307928 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Apple"="c:\users\Rick\AppData\Local\Apple\evyqvjrt.dll" [2012-03-18 300544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [BU]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Hannah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Misty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-07-21 35104]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-09-27 35840]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-19 315664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:35]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 21:18]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-11 21:18]
.
2012-06-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-07-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-04-06 3203440]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-19 1926928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://usabhembma08.mail.gm.com/dwa85W.cab
FF - ProfilePath - c:\users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\q83wwkc3.default-1342575141745\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-23 06:39:30
ComboFix-quarantined-files.txt 2012-07-23 10:39
ComboFix2.txt 2012-07-14 01:28
.
Pre-Run: 344,129,892,352 bytes free
Post-Run: 344,937,013,248 bytes free
.
- - End Of File - - 56121D82BA8199E636C76A63DD727A9F
  • 0

#5
chelsearick64
Posted 23 July 2012 - 06:34 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
TDSSKiller log:

17:25:55.0172 4300 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
17:25:55.0469 4300 ============================================================
17:25:55.0469 4300 Current date / time: 2012/07/23 17:25:55.0469
17:25:55.0469 4300 SystemInfo:
17:25:55.0469 4300
17:25:55.0469 4300 OS Version: 6.1.7600 ServicePack: 0.0
17:25:55.0469 4300 Product type: Workstation
17:25:55.0469 4300 ComputerName: LAPTOP
17:25:55.0469 4300 UserName: Rick
17:25:55.0469 4300 Windows directory: C:\Windows
17:25:55.0469 4300 System windows directory: C:\Windows
17:25:55.0469 4300 Running under WOW64
17:25:55.0469 4300 Processor architecture: Intel x64
17:25:55.0469 4300 Number of processors: 4
17:25:55.0469 4300 Page size: 0x1000
17:25:55.0469 4300 Boot type: Normal boot
17:25:55.0469 4300 ============================================================
17:25:55.0859 4300 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:25:55.0859 4300 ============================================================
17:25:55.0859 4300 \Device\Harddisk0\DR0:
17:25:55.0859 4300 MBR partitions:
17:25:55.0859 4300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1139000
17:25:55.0859 4300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1164800, BlocksNum 0x39221000
17:25:55.0859 4300 ============================================================
17:25:55.0905 4300 C: <-> \Device\Harddisk0\DR0\Partition1
17:25:55.0905 4300 ============================================================
17:25:55.0905 4300 Initialize success
17:25:55.0905 4300 ============================================================
17:26:20.0304 6188 ============================================================
17:26:20.0304 6188 Scan started
17:26:20.0304 6188 Mode: Manual; SigCheck; TDLFS;
17:26:20.0304 6188 ============================================================
17:26:20.0928 6188 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
17:26:21.0021 6188 1394ohci - ok
17:26:21.0084 6188 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:26:21.0115 6188 ACPI - ok
17:26:21.0162 6188 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:26:21.0255 6188 AcpiPmi - ok
17:26:21.0427 6188 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:26:21.0443 6188 AdobeARMservice - ok
17:26:21.0630 6188 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:26:21.0645 6188 AdobeFlashPlayerUpdateSvc - ok
17:26:21.0755 6188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:26:21.0817 6188 adp94xx - ok
17:26:21.0864 6188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:26:21.0895 6188 adpahci - ok
17:26:21.0926 6188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:26:21.0942 6188 adpu320 - ok
17:26:21.0973 6188 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:26:22.0176 6188 AeLookupSvc - ok
17:26:22.0238 6188 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
17:26:22.0254 6188 AERTFilters - ok
17:26:22.0347 6188 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:26:22.0410 6188 AFD - ok
17:26:22.0472 6188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:26:22.0488 6188 agp440 - ok
17:26:22.0550 6188 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:26:22.0566 6188 ALG - ok
17:26:22.0613 6188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:26:22.0644 6188 aliide - ok
17:26:22.0784 6188 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
17:26:22.0815 6188 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - warning
17:26:22.0815 6188 Amazon Download Agent - detected UnsignedFile.Multi.Generic (1)
17:26:22.0878 6188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:26:22.0893 6188 amdide - ok
17:26:22.0940 6188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:26:23.0018 6188 AmdK8 - ok
17:26:23.0034 6188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:26:23.0065 6188 AmdPPM - ok
17:26:23.0112 6188 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:26:23.0143 6188 amdsata - ok
17:26:23.0190 6188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:26:23.0221 6188 amdsbs - ok
17:26:23.0237 6188 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:26:23.0252 6188 amdxata - ok
17:26:23.0283 6188 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:26:23.0330 6188 AppID - ok
17:26:23.0361 6188 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:26:23.0439 6188 AppIDSvc - ok
17:26:23.0471 6188 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:26:23.0533 6188 Appinfo - ok
17:26:23.0642 6188 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:26:23.0658 6188 Apple Mobile Device - ok
17:26:23.0736 6188 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:26:23.0798 6188 AppMgmt - ok
17:26:23.0845 6188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:26:23.0876 6188 arc - ok
17:26:23.0923 6188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:26:23.0939 6188 arcsas - ok
17:26:24.0032 6188 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
17:26:24.0063 6188 aswFsBlk - ok
17:26:24.0126 6188 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
17:26:24.0141 6188 aswMonFlt - ok
17:26:24.0188 6188 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
17:26:24.0204 6188 aswRdr - ok
17:26:24.0282 6188 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
17:26:24.0329 6188 aswSnx - ok
17:26:24.0375 6188 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
17:26:24.0407 6188 aswSP - ok
17:26:24.0438 6188 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
17:26:24.0438 6188 aswTdi - ok
17:26:24.0453 6188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:26:24.0531 6188 AsyncMac - ok
17:26:24.0578 6188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:26:24.0609 6188 atapi - ok
17:26:24.0687 6188 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:26:24.0750 6188 AudioEndpointBuilder - ok
17:26:24.0750 6188 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:26:24.0797 6188 AudioSrv - ok
17:26:24.0906 6188 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:26:24.0921 6188 avast! Antivirus - ok
17:26:24.0968 6188 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:26:25.0031 6188 AxInstSV - ok
17:26:25.0109 6188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:26:25.0171 6188 b06bdrv - ok
17:26:25.0233 6188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:26:25.0265 6188 b57nd60a - ok
17:26:25.0467 6188 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
17:26:25.0499 6188 BBSvc - ok
17:26:25.0592 6188 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
17:26:25.0608 6188 BBUpdate - ok
17:26:25.0655 6188 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:26:25.0701 6188 BDESVC - ok
17:26:25.0748 6188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:26:25.0811 6188 Beep - ok
17:26:25.0920 6188 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:26:26.0013 6188 BFE - ok
17:26:26.0123 6188 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:26:26.0169 6188 BITS - ok
17:26:26.0263 6188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:26:26.0279 6188 blbdrive - ok
17:26:26.0372 6188 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:26:26.0403 6188 Bonjour Service - ok
17:26:26.0450 6188 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:26:26.0513 6188 bowser - ok
17:26:26.0528 6188 bpenum (a91b4392b326f6aed0052cb2592e979d) C:\Windows\system32\DRIVERS\bpenum.sys
17:26:26.0606 6188 bpenum - ok
17:26:26.0653 6188 bpmp (7057339774618e38cfefe0b5d1fdd58e) C:\Windows\system32\DRIVERS\bpmp.sys
17:26:26.0731 6188 bpmp - ok
17:26:26.0762 6188 bpusb (2636c9619120a6b16dcb51886c46ac20) C:\Windows\system32\Drivers\bpusb.sys
17:26:26.0778 6188 bpusb - ok
17:26:26.0809 6188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:26:26.0856 6188 BrFiltLo - ok
17:26:26.0887 6188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:26:26.0903 6188 BrFiltUp - ok
17:26:26.0934 6188 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:26:26.0981 6188 Bridge - ok
17:26:26.0996 6188 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:26:27.0027 6188 BridgeMP - ok
17:26:27.0074 6188 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:26:27.0168 6188 Browser - ok
17:26:27.0215 6188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:26:27.0261 6188 Brserid - ok
17:26:27.0293 6188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:26:27.0339 6188 BrSerWdm - ok
17:26:27.0371 6188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:26:27.0417 6188 BrUsbMdm - ok
17:26:27.0433 6188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:26:27.0480 6188 BrUsbSer - ok
17:26:27.0573 6188 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:26:27.0605 6188 BthEnum - ok
17:26:27.0651 6188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:26:27.0698 6188 BTHMODEM - ok
17:26:27.0745 6188 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:26:27.0776 6188 BthPan - ok
17:26:27.0870 6188 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
17:26:27.0932 6188 BTHPORT - ok
17:26:27.0979 6188 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:26:28.0057 6188 bthserv - ok
17:26:28.0104 6188 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
17:26:28.0151 6188 BTHUSB - ok
17:26:28.0197 6188 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
17:26:28.0213 6188 btwaudio - ok
17:26:28.0260 6188 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
17:26:28.0275 6188 btwavdt - ok
17:26:28.0400 6188 btwdins (d65aa164acd0f6706dbcfbbcc9731584) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:26:28.0431 6188 btwdins - ok
17:26:28.0478 6188 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:26:28.0494 6188 btwl2cap - ok
17:26:28.0509 6188 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
17:26:28.0525 6188 btwrchid - ok
17:26:28.0572 6188 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:26:28.0587 6188 BVRPMPR5a64 - ok
17:26:28.0650 6188 catchme - ok
17:26:28.0697 6188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:26:28.0775 6188 cdfs - ok
17:26:28.0821 6188 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:26:28.0884 6188 cdrom - ok
17:26:28.0946 6188 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:26:29.0024 6188 CertPropSvc - ok
17:26:29.0055 6188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:26:29.0102 6188 circlass - ok
17:26:29.0149 6188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:26:29.0180 6188 CLFS - ok
17:26:29.0274 6188 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:26:29.0289 6188 clr_optimization_v2.0.50727_32 - ok
17:26:29.0321 6188 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:26:29.0352 6188 clr_optimization_v2.0.50727_64 - ok
17:26:29.0445 6188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:26:29.0461 6188 clr_optimization_v4.0.30319_32 - ok
17:26:29.0523 6188 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:26:29.0539 6188 clr_optimization_v4.0.30319_64 - ok
17:26:29.0570 6188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:26:29.0633 6188 CmBatt - ok
17:26:29.0648 6188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:26:29.0664 6188 cmdide - ok
17:26:29.0757 6188 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
17:26:29.0820 6188 CNG - ok
17:26:29.0851 6188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:26:29.0867 6188 Compbatt - ok
17:26:29.0898 6188 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:26:29.0960 6188 CompositeBus - ok
17:26:29.0991 6188 COMSysApp - ok
17:26:30.0023 6188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:26:30.0038 6188 crcdisk - ok
17:26:30.0085 6188 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
17:26:30.0147 6188 CryptSvc - ok
17:26:30.0225 6188 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
17:26:30.0303 6188 CSC - ok
17:26:30.0381 6188 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll
17:26:30.0397 6188 CscService - ok
17:26:30.0444 6188 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
17:26:30.0506 6188 CtClsFlt - ok
17:26:30.0584 6188 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:26:30.0647 6188 DcomLaunch - ok
17:26:30.0693 6188 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:26:30.0787 6188 defragsvc - ok
17:26:30.0834 6188 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:26:30.0881 6188 DfsC - ok
17:26:30.0943 6188 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:26:31.0052 6188 Dhcp - ok
17:26:31.0068 6188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:26:31.0130 6188 discache - ok
17:26:31.0161 6188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:26:31.0177 6188 Disk - ok
17:26:31.0286 6188 DMAgent (e56778551bf535500d6b02e68e5bfb47) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
17:26:31.0333 6188 DMAgent ( UnsignedFile.Multi.Generic ) - warning
17:26:31.0333 6188 DMAgent - detected UnsignedFile.Multi.Generic (1)
17:26:31.0380 6188 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:26:31.0411 6188 Dnscache - ok
17:26:31.0458 6188 DockLoginService - ok
17:26:31.0505 6188 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:26:31.0598 6188 dot3svc - ok
17:26:31.0629 6188 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:26:31.0692 6188 DPS - ok
17:26:31.0723 6188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:26:31.0770 6188 drmkaud - ok
17:26:31.0879 6188 DXGKrnl (24ce1ecf9d0ae0301775b07f5fea175b) C:\Windows\System32\drivers\dxgkrnl.sys
17:26:31.0926 6188 DXGKrnl - ok
17:26:31.0957 6188 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:26:32.0035 6188 EapHost - ok
17:26:32.0300 6188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:26:32.0456 6188 ebdrv - ok
17:26:32.0597 6188 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:26:32.0643 6188 EFS - ok
17:26:32.0768 6188 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:26:32.0831 6188 ehRecvr - ok
17:26:32.0862 6188 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:26:32.0893 6188 ehSched - ok
17:26:32.0987 6188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:26:33.0018 6188 elxstor - ok
17:26:33.0049 6188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:26:33.0065 6188 ErrDev - ok
17:26:33.0127 6188 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:26:33.0174 6188 EventSystem - ok
17:26:33.0377 6188 EvtEng (7c1042cda4e7151e91f1e66a4d9118b0) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:26:33.0423 6188 EvtEng - ok
17:26:33.0579 6188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:26:33.0673 6188 exfat - ok
17:26:33.0704 6188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:26:33.0782 6188 fastfat - ok
17:26:33.0891 6188 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:26:33.0954 6188 Fax - ok
17:26:34.0001 6188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:26:34.0032 6188 fdc - ok
17:26:34.0063 6188 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:26:34.0125 6188 fdPHost - ok
17:26:34.0141 6188 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:26:34.0172 6188 FDResPub - ok
17:26:34.0219 6188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:26:34.0235 6188 FileInfo - ok
17:26:34.0266 6188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:26:34.0344 6188 Filetrace - ok
17:26:34.0391 6188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:26:34.0406 6188 flpydisk - ok
17:26:34.0437 6188 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:26:34.0469 6188 FltMgr - ok
17:26:34.0593 6188 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:26:34.0656 6188 FontCache - ok
17:26:34.0734 6188 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:26:34.0749 6188 FontCache3.0.0.0 - ok
17:26:34.0781 6188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:26:34.0812 6188 FsDepends - ok
17:26:34.0859 6188 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
17:26:34.0890 6188 fssfltr - ok
17:26:35.0124 6188 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
17:26:35.0202 6188 fsssvc - ok
17:26:35.0342 6188 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:26:35.0358 6188 Fs_Rec - ok
17:26:35.0420 6188 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:26:35.0451 6188 fvevol - ok
17:26:35.0498 6188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:26:35.0529 6188 gagp30kx - ok
17:26:35.0561 6188 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:26:35.0576 6188 GEARAspiWDM - ok
17:26:35.0639 6188 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
17:26:35.0654 6188 GoToAssist - ok
17:26:35.0732 6188 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:26:35.0810 6188 gpsvc - ok
17:26:35.0935 6188 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:35.0951 6188 gupdate - ok
17:26:35.0982 6188 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:26:35.0997 6188 gupdatem - ok
17:26:36.0029 6188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:26:36.0044 6188 hcw85cir - ok
17:26:36.0091 6188 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:26:36.0138 6188 HDAudBus - ok
17:26:36.0185 6188 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
17:26:36.0200 6188 HECIx64 - ok
17:26:36.0231 6188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:26:36.0263 6188 HidBatt - ok
17:26:36.0278 6188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:26:36.0325 6188 HidBth - ok
17:26:36.0356 6188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:26:36.0387 6188 HidIr - ok
17:26:36.0403 6188 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:26:36.0465 6188 hidserv - ok
17:26:36.0497 6188 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:26:36.0512 6188 HidUsb - ok
17:26:36.0543 6188 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:26:36.0621 6188 hkmsvc - ok
17:26:36.0653 6188 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:26:36.0699 6188 HomeGroupListener - ok
17:26:36.0746 6188 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:26:36.0777 6188 HomeGroupProvider - ok
17:26:36.0949 6188 hpqcxs08 (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
17:26:36.0980 6188 hpqcxs08 - ok
17:26:37.0027 6188 hpqddsvc (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
17:26:37.0043 6188 hpqddsvc - ok
17:26:37.0089 6188 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:26:37.0121 6188 HpSAMD - ok
17:26:37.0261 6188 HPSLPSVC (1be48b0542c91487bb8a94bf2278f55d) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
17:26:37.0292 6188 HPSLPSVC - ok
17:26:37.0386 6188 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:26:37.0433 6188 HTTP - ok
17:26:37.0479 6188 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:26:37.0495 6188 hwpolicy - ok
17:26:37.0542 6188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:26:37.0573 6188 i8042prt - ok
17:26:37.0635 6188 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
17:26:37.0667 6188 iaStor - ok
17:26:37.0745 6188 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:26:37.0776 6188 iaStorV - ok
17:26:37.0916 6188 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:26:37.0963 6188 idsvc - ok
17:26:38.0603 6188 igfx (09ce164afa8483e41808784d7fca154e) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:26:38.0883 6188 igfx - ok
17:26:39.0024 6188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:26:39.0039 6188 iirsp - ok
17:26:39.0133 6188 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:26:39.0180 6188 IKEEXT - ok
17:26:39.0227 6188 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:26:39.0242 6188 Impcd - ok
17:26:39.0461 6188 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
17:26:39.0585 6188 IntcAzAudAddService - ok
17:26:39.0757 6188 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:26:39.0819 6188 IntcDAud - ok
17:26:39.0851 6188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:26:39.0866 6188 intelide - ok
17:26:39.0913 6188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:26:39.0960 6188 intelppm - ok
17:26:40.0069 6188 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:26:40.0085 6188 IntuitUpdateService - ok
17:26:40.0194 6188 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
17:26:40.0209 6188 IntuitUpdateServiceV4 - ok
17:26:40.0241 6188 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:26:40.0319 6188 IPBusEnum - ok
17:26:40.0350 6188 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:26:40.0428 6188 IpFilterDriver - ok
17:26:40.0537 6188 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:26:40.0584 6188 iphlpsvc - ok
17:26:40.0615 6188 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:26:40.0662 6188 IPMIDRV - ok
17:26:40.0693 6188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:26:40.0755 6188 IPNAT - ok
17:26:41.0005 6188 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
17:26:41.0067 6188 iPod Service - ok
17:26:41.0130 6188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:26:41.0161 6188 IRENUM - ok
17:26:41.0223 6188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:26:41.0239 6188 isapnp - ok
17:26:41.0301 6188 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:26:41.0333 6188 iScsiPrt - ok
17:26:41.0364 6188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:26:41.0379 6188 kbdclass - ok
17:26:41.0411 6188 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:26:41.0442 6188 kbdhid - ok
17:26:41.0504 6188 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:26:41.0520 6188 KeyIso - ok
17:26:41.0582 6188 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
17:26:41.0598 6188 KSecDD - ok
17:26:41.0629 6188 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
17:26:41.0645 6188 KSecPkg - ok
17:26:41.0691 6188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:26:41.0754 6188 ksthunk - ok
17:26:41.0832 6188 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:26:41.0925 6188 KtmRm - ok
17:26:41.0972 6188 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
17:26:41.0988 6188 L1C - ok
17:26:42.0050 6188 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:26:42.0097 6188 LanmanServer - ok
17:26:42.0144 6188 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:26:42.0222 6188 LanmanWorkstation - ok
17:26:42.0269 6188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:26:42.0315 6188 lltdio - ok
17:26:42.0362 6188 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:26:42.0425 6188 lltdsvc - ok
17:26:42.0456 6188 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:26:42.0487 6188 lmhosts - ok
17:26:42.0627 6188 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:26:42.0659 6188 LMS - ok
17:26:42.0705 6188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:26:42.0721 6188 LSI_FC - ok
17:26:42.0737 6188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:26:42.0768 6188 LSI_SAS - ok
17:26:42.0783 6188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:26:42.0799 6188 LSI_SAS2 - ok
17:26:42.0799 6188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:26:42.0815 6188 LSI_SCSI - ok
17:26:42.0877 6188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:26:42.0955 6188 luafv - ok
17:26:43.0017 6188 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:26:43.0049 6188 Mcx2Svc - ok
17:26:43.0064 6188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:26:43.0064 6188 megasas - ok
17:26:43.0095 6188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:26:43.0142 6188 MegaSR - ok
17:26:43.0236 6188 Microsoft SharePoint Workspace Audit Service - ok
17:26:43.0283 6188 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:26:43.0345 6188 MMCSS - ok
17:26:43.0392 6188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:26:43.0470 6188 Modem - ok
17:26:43.0517 6188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:26:43.0563 6188 monitor - ok
17:26:43.0626 6188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:26:43.0641 6188 mouclass - ok
17:26:43.0673 6188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:26:43.0673 6188 mouhid - ok
17:26:43.0719 6188 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:26:43.0735 6188 mountmgr - ok
17:26:43.0844 6188 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:26:43.0860 6188 MozillaMaintenance - ok
17:26:43.0907 6188 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:26:43.0922 6188 mpio - ok
17:26:43.0953 6188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:26:44.0000 6188 mpsdrv - ok
17:26:44.0094 6188 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:26:44.0141 6188 MpsSvc - ok
17:26:44.0172 6188 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:26:44.0219 6188 MRxDAV - ok
17:26:44.0265 6188 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:26:44.0297 6188 mrxsmb - ok
17:26:44.0359 6188 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:26:44.0406 6188 mrxsmb10 - ok
17:26:44.0437 6188 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:26:44.0484 6188 mrxsmb20 - ok
17:26:44.0515 6188 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
17:26:44.0546 6188 msahci - ok
17:26:44.0577 6188 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:26:44.0609 6188 msdsm - ok
17:26:44.0640 6188 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:26:44.0671 6188 MSDTC - ok
17:26:44.0702 6188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:26:44.0749 6188 Msfs - ok
17:26:44.0765 6188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:26:44.0796 6188 mshidkmdf - ok
17:26:44.0827 6188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:26:44.0827 6188 msisadrv - ok
17:26:44.0874 6188 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:26:44.0921 6188 MSiSCSI - ok
17:26:44.0936 6188 msiserver - ok
17:26:44.0967 6188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:26:45.0045 6188 MSKSSRV - ok
17:26:45.0077 6188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:26:45.0123 6188 MSPCLOCK - ok
17:26:45.0139 6188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:26:45.0201 6188 MSPQM - ok
17:26:45.0248 6188 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:26:45.0279 6188 MsRPC - ok
17:26:45.0295 6188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:26:45.0311 6188 mssmbios - ok
17:26:45.0311 6188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:26:45.0404 6188 MSTEE - ok
17:26:45.0420 6188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:26:45.0467 6188 MTConfig - ok
17:26:45.0498 6188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:26:45.0498 6188 Mup - ok
17:26:45.0607 6188 MyWiFiDHCPDNS (a94eebd860ad00a0bfe91c0fd3f5feb1) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
17:26:45.0638 6188 MyWiFiDHCPDNS - ok
17:26:45.0701 6188 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:26:45.0779 6188 napagent - ok
17:26:45.0857 6188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:26:45.0919 6188 NativeWifiP - ok
17:26:46.0028 6188 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:26:46.0075 6188 NDIS - ok
17:26:46.0106 6188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:26:46.0169 6188 NdisCap - ok
17:26:46.0200 6188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:26:46.0278 6188 NdisTapi - ok
17:26:46.0309 6188 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:26:46.0356 6188 Ndisuio - ok
17:26:46.0387 6188 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:26:46.0418 6188 NdisWan - ok
17:26:46.0434 6188 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:26:46.0481 6188 NDProxy - ok
17:26:46.0543 6188 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
17:26:46.0574 6188 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:26:46.0574 6188 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:26:46.0605 6188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:26:46.0668 6188 NetBIOS - ok
17:26:46.0699 6188 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:26:46.0777 6188 NetBT - ok
17:26:46.0855 6188 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:26:46.0871 6188 Netlogon - ok
17:26:46.0949 6188 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:26:47.0042 6188 Netman - ok
17:26:47.0089 6188 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:26:47.0151 6188 netprofm - ok
17:26:47.0214 6188 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:26:47.0229 6188 NetTcpPortSharing - ok
17:26:47.0729 6188 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
17:26:47.0978 6188 NETw5s64 - ok
17:26:48.0134 6188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:26:48.0150 6188 nfrd960 - ok
17:26:48.0212 6188 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:26:48.0259 6188 NlaSvc - ok
17:26:48.0275 6188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:26:48.0306 6188 Npfs - ok
17:26:48.0321 6188 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:26:48.0384 6188 nsi - ok
17:26:48.0399 6188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:26:48.0462 6188 nsiproxy - ok
17:26:48.0618 6188 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:26:48.0711 6188 Ntfs - ok
17:26:48.0836 6188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:26:48.0899 6188 Null - ok
17:26:48.0961 6188 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:26:48.0992 6188 nvraid - ok
17:26:49.0039 6188 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:26:49.0070 6188 nvstor - ok
17:26:49.0117 6188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:26:49.0148 6188 nv_agp - ok
17:26:49.0179 6188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:26:49.0195 6188 ohci1394 - ok
17:26:49.0289 6188 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:26:49.0320 6188 ose - ok
17:26:49.0741 6188 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:26:49.0928 6188 osppsvc - ok
17:26:50.0084 6188 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:26:50.0115 6188 p2pimsvc - ok
17:26:50.0178 6188 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:26:50.0209 6188 p2psvc - ok
17:26:50.0271 6188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:26:50.0287 6188 Parport - ok
17:26:50.0334 6188 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:26:50.0365 6188 partmgr - ok
17:26:50.0381 6188 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:26:50.0427 6188 PcaSvc - ok
17:26:50.0505 6188 PcdrNdisuio - ok
17:26:50.0537 6188 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:26:50.0568 6188 pci - ok
17:26:50.0583 6188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:26:50.0599 6188 pciide - ok
17:26:50.0646 6188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:26:50.0677 6188 pcmcia - ok
17:26:50.0693 6188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:26:50.0693 6188 pcw - ok
17:26:50.0755 6188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:26:50.0833 6188 PEAUTH - ok
17:26:50.0958 6188 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:26:51.0051 6188 PeerDistSvc - ok
17:26:51.0161 6188 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:26:51.0207 6188 PerfHost - ok
17:26:51.0426 6188 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:26:51.0551 6188 pla - ok
17:26:51.0644 6188 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:26:51.0675 6188 PlugPlay - ok
17:26:51.0738 6188 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
17:26:51.0769 6188 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
17:26:51.0769 6188 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
17:26:51.0800 6188 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:26:51.0847 6188 PNRPAutoReg - ok
17:26:51.0894 6188 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:26:51.0925 6188 PNRPsvc - ok
17:26:51.0987 6188 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:26:52.0081 6188 PolicyAgent - ok
17:26:52.0128 6188 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:26:52.0190 6188 Power - ok
17:26:52.0268 6188 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:26:52.0331 6188 PptpMiniport - ok
17:26:52.0346 6188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:26:52.0362 6188 Processor - ok
17:26:52.0424 6188 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:26:52.0440 6188 ProfSvc - ok
17:26:52.0487 6188 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:26:52.0518 6188 ProtectedStorage - ok
17:26:52.0549 6188 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:26:52.0580 6188 Psched - ok
17:26:52.0643 6188 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:26:52.0658 6188 PxHlpa64 - ok
17:26:52.0799 6188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:26:52.0892 6188 ql2300 - ok
17:26:53.0033 6188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:26:53.0064 6188 ql40xx - ok
17:26:53.0111 6188 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:26:53.0157 6188 QWAVE - ok
17:26:53.0173 6188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:26:53.0220 6188 QWAVEdrv - ok
17:26:53.0251 6188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:26:53.0298 6188 RasAcd - ok
17:26:53.0329 6188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:26:53.0376 6188 RasAgileVpn - ok
17:26:53.0423 6188 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:26:53.0485 6188 RasAuto - ok
17:26:53.0547 6188 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:26:53.0625 6188 Rasl2tp - ok
17:26:53.0688 6188 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:26:53.0750 6188 RasMan - ok
17:26:53.0766 6188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:26:53.0844 6188 RasPppoe - ok
17:26:53.0891 6188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:26:53.0953 6188 RasSstp - ok
17:26:53.0984 6188 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:26:54.0078 6188 rdbss - ok
17:26:54.0109 6188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:26:54.0125 6188 rdpbus - ok
17:26:54.0171 6188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:26:54.0234 6188 RDPCDD - ok
17:26:54.0265 6188 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
17:26:54.0296 6188 RDPDR - ok
17:26:54.0312 6188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:26:54.0374 6188 RDPENCDD - ok
17:26:54.0421 6188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:26:54.0483 6188 RDPREFMP - ok
17:26:54.0546 6188 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:26:54.0577 6188 RDPWD - ok
17:26:54.0608 6188 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:26:54.0639 6188 rdyboost - ok
17:26:54.0764 6188 RegSrvc (6108654c5ebea28a606d6890b4de6de3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:26:54.0811 6188 RegSrvc - ok
17:26:54.0842 6188 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:26:54.0936 6188 RemoteAccess - ok
17:26:54.0998 6188 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:26:55.0092 6188 RemoteRegistry - ok
17:26:55.0170 6188 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:26:55.0232 6188 RFCOMM - ok
17:26:55.0295 6188 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
17:26:55.0310 6188 RimUsb - ok
17:26:55.0357 6188 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:26:55.0419 6188 RpcEptMapper - ok
17:26:55.0451 6188 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:26:55.0482 6188 RpcLocator - ok
17:26:55.0529 6188 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\System32\rpcss.dll
17:26:55.0591 6188 RpcSs - ok
17:26:55.0622 6188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:26:55.0700 6188 rspndr - ok
17:26:55.0763 6188 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
17:26:55.0778 6188 RSUSBSTOR - ok
17:26:55.0809 6188 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
17:26:55.0825 6188 s3cap - ok
17:26:55.0872 6188 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:26:55.0887 6188 SamSs - ok
17:26:55.0919 6188 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:26:55.0950 6188 sbp2port - ok
17:26:55.0981 6188 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:26:56.0075 6188 SCardSvr - ok
17:26:56.0106 6188 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:26:56.0184 6188 scfilter - ok
17:26:56.0309 6188 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:26:56.0340 6188 Schedule - ok
17:26:56.0371 6188 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:26:56.0418 6188 SCPolicySvc - ok
17:26:56.0449 6188 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:26:56.0480 6188 SDRSVC - ok
17:26:56.0543 6188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:26:56.0589 6188 secdrv - ok
17:26:56.0621 6188 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:26:56.0652 6188 seclogon - ok
17:26:56.0683 6188 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:26:56.0745 6188 SENS - ok
17:26:56.0761 6188 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:26:56.0792 6188 SensrSvc - ok
17:26:56.0839 6188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:26:56.0870 6188 Serenum - ok
17:26:56.0901 6188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:26:56.0948 6188 Serial - ok
17:26:56.0995 6188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:26:57.0042 6188 sermouse - ok
17:26:57.0089 6188 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:26:57.0167 6188 SessionEnv - ok
17:26:57.0198 6188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:26:57.0213 6188 sffdisk - ok
17:26:57.0229 6188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:26:57.0276 6188 sffp_mmc - ok
17:26:57.0291 6188 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:26:57.0323 6188 sffp_sd - ok
17:26:57.0338 6188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:26:57.0369 6188 sfloppy - ok
17:26:57.0416 6188 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:26:57.0510 6188 SharedAccess - ok
17:26:57.0572 6188 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:26:57.0650 6188 ShellHWDetection - ok
17:26:57.0681 6188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:26:57.0697 6188 SiSRaid2 - ok
17:26:57.0713 6188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:26:57.0728 6188 SiSRaid4 - ok
17:26:57.0744 6188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:26:57.0822 6188 Smb - ok
17:26:57.0884 6188 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:26:57.0915 6188 SNMPTRAP - ok
17:26:57.0915 6188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:26:57.0931 6188 spldr - ok
17:26:57.0993 6188 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:26:58.0056 6188 Spooler - ok
17:26:58.0305 6188 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:26:58.0461 6188 sppsvc - ok
17:26:58.0586 6188 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:26:58.0633 6188 sppuinotify - ok
17:26:58.0727 6188 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:26:58.0758 6188 srv - ok
17:26:58.0820 6188 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:26:58.0867 6188 srv2 - ok
17:26:58.0929 6188 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:26:58.0961 6188 srvnet - ok
17:26:59.0007 6188 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:26:59.0101 6188 SSDPSRV - ok
17:26:59.0148 6188 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:26:59.0195 6188 SstpSvc - ok
17:26:59.0226 6188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:26:59.0226 6188 stexstor - ok
17:26:59.0273 6188 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
17:26:59.0319 6188 StillCam - ok
17:26:59.0413 6188 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:26:59.0475 6188 stisvc - ok
17:26:59.0507 6188 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
17:26:59.0538 6188 storflt - ok
17:26:59.0569 6188 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:26:59.0585 6188 StorSvc - ok
17:26:59.0600 6188 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
17:26:59.0616 6188 storvsc - ok
17:26:59.0647 6188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:26:59.0647 6188 swenum - ok
17:26:59.0725 6188 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:26:59.0819 6188 swprv - ok
17:26:59.0881 6188 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
17:26:59.0912 6188 SynTP - ok
17:27:00.0068 6188 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:27:00.0146 6188 SysMain - ok
17:27:00.0287 6188 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:27:00.0349 6188 TabletInputService - ok
17:27:00.0411 6188 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:27:00.0521 6188 TapiSrv - ok
17:27:00.0536 6188 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:27:00.0583 6188 TBS - ok
17:27:00.0786 6188 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:27:00.0879 6188 Tcpip - ok
17:27:01.0145 6188 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:27:01.0191 6188 TCPIP6 - ok
17:27:01.0285 6188 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:27:01.0332 6188 tcpipreg - ok
17:27:01.0347 6188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:27:01.0347 6188 TDPIPE - ok
17:27:01.0379 6188 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:27:01.0425 6188 TDTCP - ok
17:27:01.0457 6188 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:27:01.0519 6188 tdx - ok
17:27:01.0535 6188 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:27:01.0550 6188 TermDD - ok
17:27:01.0628 6188 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:27:01.0737 6188 TermService - ok
17:27:01.0769 6188 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:27:01.0800 6188 Themes - ok
17:27:01.0831 6188 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:27:01.0862 6188 THREADORDER - ok
17:27:01.0893 6188 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:27:01.0940 6188 TrkWks - ok
17:27:02.0003 6188 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:27:02.0034 6188 TrustedInstaller - ok
17:27:02.0065 6188 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:27:02.0127 6188 tssecsrv - ok
17:27:02.0174 6188 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:27:02.0205 6188 tunnel - ok
17:27:02.0221 6188 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
17:27:02.0237 6188 TurboB - ok
17:27:02.0315 6188 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
17:27:02.0346 6188 TurboBoost - ok
17:27:02.0377 6188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:27:02.0393 6188 uagp35 - ok
17:27:02.0455 6188 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
17:27:02.0486 6188 udfs - ok
17:27:02.0518 6188 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:27:02.0533 6188 UI0Detect - ok
17:27:02.0580 6188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:27:02.0596 6188 uliagpkx - ok
17:27:02.0627 6188 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:27:02.0674 6188 umbus - ok
17:27:02.0689 6188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:27:02.0736 6188 UmPass - ok
17:27:02.0798 6188 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll
17:27:02.0845 6188 UmRdpService - ok
17:27:03.0110 6188 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:27:03.0157 6188 UNS - ok
17:27:03.0313 6188 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:27:03.0360 6188 upnphost - ok
17:27:03.0438 6188 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
17:27:03.0469 6188 USBAAPL64 - ok
17:27:03.0516 6188 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
17:27:03.0547 6188 usbccgp - ok
17:27:03.0578 6188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:27:03.0610 6188 usbcir - ok
17:27:03.0641 6188 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
17:27:03.0641 6188 usbehci - ok
17:27:03.0703 6188 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
17:27:03.0734 6188 usbhub - ok
17:27:03.0781 6188 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
17:27:03.0797 6188 usbohci - ok
17:27:03.0828 6188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:27:03.0875 6188 usbprint - ok
17:27:03.0922 6188 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:27:03.0968 6188 USBSTOR - ok
17:27:04.0015 6188 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
17:27:04.0031 6188 usbuhci - ok
17:27:04.0093 6188 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
17:27:04.0140 6188 usbvideo - ok
17:27:04.0156 6188 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:27:04.0187 6188 UxSms - ok
17:27:04.0234 6188 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:27:04.0265 6188 VaultSvc - ok
17:27:04.0312 6188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:27:04.0343 6188 vdrvroot - ok
17:27:04.0390 6188 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:27:04.0436 6188 vds - ok
17:27:04.0468 6188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:27:04.0483 6188 vga - ok
17:27:04.0483 6188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:27:04.0561 6188 VgaSave - ok
17:27:04.0592 6188 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:27:04.0624 6188 vhdmp - ok
17:27:04.0655 6188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:27:04.0670 6188 viaide - ok
17:27:04.0702 6188 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
17:27:04.0733 6188 vmbus - ok
17:27:04.0764 6188 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
17:27:04.0795 6188 VMBusHID - ok
17:27:04.0842 6188 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:27:04.0858 6188 volmgr - ok
17:27:04.0904 6188 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:27:04.0936 6188 volmgrx - ok
17:27:04.0982 6188 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:27:05.0014 6188 volsnap - ok
17:27:05.0045 6188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:27:05.0076 6188 vsmraid - ok
17:27:05.0216 6188 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:27:05.0310 6188 VSS - ok
17:27:05.0435 6188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:27:05.0466 6188 vwifibus - ok
17:27:05.0497 6188 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:27:05.0528 6188 vwififlt - ok
17:27:05.0575 6188 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:27:05.0606 6188 vwifimp - ok
17:27:05.0669 6188 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:27:05.0731 6188 W32Time - ok
17:27:05.0778 6188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:27:05.0809 6188 WacomPen - ok
17:27:05.0856 6188 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:27:05.0903 6188 WANARP - ok
17:27:05.0903 6188 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:27:05.0934 6188 Wanarpv6 - ok
17:27:06.0090 6188 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:27:06.0168 6188 WatAdminSvc - ok
17:27:06.0308 6188 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:27:06.0402 6188 wbengine - ok
17:27:06.0542 6188 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:27:06.0589 6188 WbioSrvc - ok
17:27:06.0667 6188 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:27:06.0730 6188 wcncsvc - ok
17:27:06.0761 6188 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:27:06.0808 6188 WcsPlugInService - ok
17:27:06.0870 6188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:27:06.0901 6188 Wd - ok
17:27:06.0964 6188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:27:06.0995 6188 Wdf01000 - ok
17:27:07.0010 6188 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:27:07.0057 6188 WdiServiceHost - ok
17:27:07.0057 6188 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:27:07.0073 6188 WdiSystemHost - ok
17:27:07.0135 6188 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:27:07.0182 6188 WebClient - ok
17:27:07.0213 6188 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:27:07.0276 6188 Wecsvc - ok
17:27:07.0307 6188 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:27:07.0369 6188 wercplsupport - ok
17:27:07.0400 6188 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:27:07.0478 6188 WerSvc - ok
17:27:07.0556 6188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:27:07.0603 6188 WfpLwf - ok
17:27:07.0744 6188 WiMAXAppSrv (971423a6b38ddc1501bf1752987dcfd6) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
17:27:07.0775 6188 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning
17:27:07.0775 6188 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1)
17:27:07.0790 6188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:27:07.0806 6188 WIMMount - ok
17:27:07.0853 6188 WinDefend - ok
17:27:07.0853 6188 WinHttpAutoProxySvc - ok
17:27:07.0931 6188 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:27:07.0978 6188 Winmgmt - ok
17:27:08.0165 6188 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:27:08.0305 6188 WinRM - ok
17:27:08.0477 6188 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
17:27:08.0492 6188 WinUsb - ok
17:27:08.0586 6188 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:27:08.0633 6188 Wlansvc - ok
17:27:08.0726 6188 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:27:08.0742 6188 wlcrasvc - ok
17:27:08.0976 6188 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:27:09.0085 6188 wlidsvc - ok
17:27:09.0226 6188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:27:09.0272 6188 WmiAcpi - ok
17:27:09.0350 6188 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:27:09.0397 6188 wmiApSrv - ok
17:27:09.0428 6188 WMPNetworkSvc - ok
17:27:09.0460 6188 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:27:09.0491 6188 WPCSvc - ok
17:27:09.0522 6188 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:27:09.0553 6188 WPDBusEnum - ok
17:27:09.0584 6188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:27:09.0662 6188 ws2ifsl - ok
17:27:09.0694 6188 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:27:09.0709 6188 wscsvc - ok
17:27:09.0725 6188 WSearch - ok
17:27:09.0928 6188 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:27:09.0990 6188 wuauserv - ok
17:27:10.0115 6188 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
17:27:10.0146 6188 WudfPf - ok
17:27:10.0193 6188 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:27:10.0224 6188 WUDFRd - ok
17:27:10.0240 6188 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll
17:27:10.0255 6188 wudfsvc - ok
17:27:10.0302 6188 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:27:10.0349 6188 WwanSvc - ok
17:27:10.0380 6188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:27:10.0801 6188 \Device\Harddisk0\DR0 - ok
17:27:10.0817 6188 Boot (0x1200) (adfd4f93bf8975bc24481eb6d1d48f15) \Device\Harddisk0\DR0\Partition0
17:27:10.0817 6188 \Device\Harddisk0\DR0\Partition0 - ok
17:27:10.0848 6188 Boot (0x1200) (297205bb390462f09468676a87e4c2d7) \Device\Harddisk0\DR0\Partition1
17:27:10.0848 6188 \Device\Harddisk0\DR0\Partition1 - ok
17:27:10.0848 6188 ============================================================
17:27:10.0848 6188 Scan finished
17:27:10.0848 6188 ============================================================
17:27:10.0864 6328 Detected object count: 5
17:27:10.0864 6328 Actual detected object count: 5
17:27:31.0315 6328 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:31.0315 6328 Amazon Download Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:31.0315 6328 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:31.0315 6328 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:31.0315 6328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:31.0315 6328 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:31.0315 6328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:31.0315 6328 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:31.0315 6328 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:27:31.0315 6328 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:27:41.0954 5540 Deinitialize success
  • 0

#6
chelsearick64
Posted 23 July 2012 - 07:42 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
After running the scans above, I used the browser for an hour or so with no Avast notices or other problems. After restarting the computer, I have no internet connection. I get a connection to the wireless network, but no internet connection. I'm able to connect using another computer on the same network. I tried restarting several times, but no change.
  • 0

#7
maliprog
Posted 23 July 2012 - 11:51 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try to repair your internet connection. It should be back after Step 1. Let's me know results.

Step 1

Download Windows Repair (all in one) from this site

Install the programme then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image


On the Start repairs tab select advanced mode and click start

Leave the preselected items ticked and press Start

Step 2

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3

Please don't forget to include these items in your reply:

  • FSS log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#8
chelsearick64
Posted 24 July 2012 - 05:44 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Followed your instructions. No change in internet access.

FSS Log:

Farbar Service Scanner Version: 22-07-2012
Ran by Rick (administrator) on 24-07-2012 at 19:39:32
Running from "C:\Users\Rick\Desktop\20120724"
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall value. The value does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 23:21] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:53] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#9
maliprog
Posted 24 July 2012 - 11:21 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • 0

#10
chelsearick64
Posted 25 July 2012 - 03:16 AM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Results:

MiniToolBox by Farbar Version: 23-07-2012
Ran by Rick (administrator) on 25-07-2012 at 05:12:04
Microsoft Windows 7 Professional (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

MAC Bridge Miniport = Network Bridge (Disconnected)
Intel® Centrino® Advanced-N 6250 AGN = Wireless Network Connection (Connected)
Atheros AR8152 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)
Intel® Centrino® WiMAX 6250 = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Laptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Centrino® WiMAX 6250
Physical Address. . . . . . . . . : 64-D4-DA-00-C5-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
Physical Address. . . . . . . . . : 00-23-15-1C-B2-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 00-23-15-1C-B2-9D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{078F79EF-C298-4CE1-A86D-CA389431069E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 22:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.
Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...64 d4 da 00 c5 04 ......Intel® Centrino® WiMAX 6250
16...00 23 15 1c b2 9d ......Microsoft Virtual WiFi Miniport Adapter #2
15...00 23 15 1c b2 9d ......Microsoft Virtual WiFi Miniport Adapter
1...........................Software Loopback Interface 1
31...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
33...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/24/2012 07:26:09 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service initialization error: the control dispatcher cannot be started [0x80070427, The service process could not connect to the service controller.
].

Error: (07/23/2012 08:30:50 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 05:29:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 04:49:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 04:29:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 03:49:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 03:29:19 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 02:49:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 02:29:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (07/23/2012 01:49:18 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (07/25/2012 05:07:54 AM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (07/25/2012 05:07:46 AM) (Source: BridgeMP) (User: )
Description: Bridge: The bridge failed to create its virtual miniport.

Error: (07/24/2012 07:34:15 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (07/24/2012 07:33:52 PM) (Source: BridgeMP) (User: )
Description: Bridge: The bridge failed to create its virtual miniport.

Error: (07/24/2012 07:22:08 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (07/24/2012 06:47:19 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (07/24/2012 06:47:11 PM) (Source: BridgeMP) (User: )
Description: Bridge: The bridge failed to create its virtual miniport.

Error: (07/24/2012 06:30:09 PM) (Source: Service Control Manager) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2

Error: (07/24/2012 06:30:01 PM) (Source: BridgeMP) (User: )
Description: Bridge: The bridge failed to create its virtual miniport.

Error: (07/24/2012 05:06:57 AM) (Source: Service Control Manager) (User: )
Description: The Amazon Download Agent service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (07/24/2012 07:26:09 PM) (Source: VSS)(User: )
Description: 0x80070427, The service process could not connect to the service controller.

Error: (07/23/2012 08:30:50 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 05:29:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 04:49:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 04:29:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 03:49:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 03:29:19 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 02:49:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 02:29:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Error: (07/23/2012 01:49:18 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: http://www.download....uthrootstl.cabA required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709a (Version: 140.0.000.000)
7-Zip 9.20
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Advanced Audio FX Engine (Version: 1.12.05)
Amazon Games & Software Downloader (Version: 2.0.2.0)
Amazon MP3 Downloader 1.0.10
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
avast! Free Antivirus (Version: 7.0.1456.0)
Bing Bar (Version: 7.1.361.0)
BlackBerry App World Browser Plugin (Version: 2.1.2)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 140.0.000.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 140.0.213.000)
CLEAR™ WiMAX Tutorial (Version: 1.5.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
D3DX10 (Version: 15.4.2368.0902)
Data Lifeguard Diagnostic for Windows 1.22
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Driver Download Manager (Version: 2.1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Support Center (Version: 3.1.5907.39)
Dell Webcam Central (Version: 1.40.05)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 140.0.213.000)
DocMgr (Version: 140.0.65.000)
DocProc (Version: 140.0.100.000)
DX Studio Player v3.2.68 (Version: 3.2.68)
ESBUnitConv (Version: 7.3.0.0)
Fax (Version: 140.0.213.000)
FLV Player (Version: 2.0.25)
Google Chrome (Version: 20.0.1132.57)
Google Earth Plug-in (Version: 6.1.0.5001)
Google SketchUp 8 (Version: 3.0.11752)
Google Update Helper (Version: 1.3.21.115)
GoToAssist 8.0.0.514
GPBaseService2 (Version: 140.0.212.000)
HP Customer Participation Program 14.0 (Version: 14.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Officejet 6500 E709 Series (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPProductAssistant (Version: 140.0.213.000)
HPSSupply (Version: 140.0.212.000)
iCloud (Version: 1.1.0.40)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.01.1000)
Intel® Turbo Boost Technology Monitor (Version: 1.0.186.6)
Intel® PROSet/Wireless WiMAX Software (Version: 2.00.0011)
iTunes (Version: 10.5.0.142)
Junk Mail filter update (Version: 15.4.3502.0922)
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Logitech Harmony Remote Software (Version: 1.0.110307)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 140.0.214.000)
MediaMonkey 3.2 (Version: 3.2)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
Mp3tag v2.49 (Version: v2.49)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Musicnotes Software Suite 1.5.3 (Version: 1.5.3)
Network64 (Version: 140.0.215.000)
NVIDIA GAME System Software 2.8.1 (Version: 2.8.1)
OCR Software by I.R.I.S. 14.0 (Version: 14.0)
Opera 11.50 (Version: 11.50.1074)
PDFCreator (Version: 1.2.3)
PowerDVD DX (Version: 8.3.6029)
ProductContext (Version: 140.0.000.000)
Quickset64 (Version: 10.6.2)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.6088)
Remote Control USB Driver (Version: 2.3.2.317)
Roxio Burn (Version: 1.01)
Safari (Version: 5.34.51.22)
Scan (Version: 140.0.167.000)
Shop for HP Supplies (Version: 14.0)
SmartWebPrinting (Version: 140.0.213.000)
SolutionCenter (Version: 140.0.214.000)
Status (Version: 140.0.256.000)
Synaptics Pointing Device Driver (Version: 15.0.20.0)
TeraCopy 2.12
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.213.000)
TurboTax 2010
TurboTax 2010 WinPerFedFormset (Version: 010.000.4495)
TurboTax 2010 WinPerReleaseEngine (Version: 010.000.0501)
TurboTax 2010 WinPerTaxSupport (Version: 010.000.0216)
TurboTax 2010 wmiiper (Version: 010.000.1204)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax 2011
TurboTax 2011 WinPerFedFormset (Version: 011.000.2999)
TurboTax 2011 WinPerReleaseEngine (Version: 011.000.0495)
TurboTax 2011 WinPerTaxSupport (Version: 011.000.0214)
TurboTax 2011 wmiiper (Version: 011.000.1583)
TurboTax 2011 wrapper (Version: 011.000.0121)
Tweaking.com - Windows Repair (All in One) (Version: 1.7.5)
Unit Conversion Tool Evaluation Version 5.1
UnitConverter (Version: 1.4.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
WD Discovery Software (Version: 1.80)
WebEx
WebReg (Version: 140.0.213.017)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Winamp (Version: 5.601 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Yahoo! BrowserPlus 2.9.8

========================= Devices: ================================

Name: Officejet 6500 E709a
Description: Officejet 6500 E709a
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 38%
Total physical RAM: 3892.52 MB
Available physical RAM: 2388.17 MB
Total Pagefile: 7783.19 MB
Available Pagefile: 6122.73 MB
Total Virtual: 4095.88 MB
Available Virtual: 3962.97 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:457.06 GB) (Free:320.95 GB) NTFS
3 Drive e: (TRAVELDRIVE) (Removable) (Total:0.96 GB) (Free:0.95 GB) FAT

========================= Users: ========================================

User accounts for \\LAPTOP

Administrator Gabby Guest
Hannah Misty Rick

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

Advertisements

#11
maliprog
Posted 25 July 2012 - 03:25 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
First start your internet browser and in address bar (where you write webpage name like www.google.com) write 

209.85.148.113

then press Enter. You should see google.com web page. Let me know if you can do this.


Second can you try to connect your notebook to internet with cable instead wireless. Please try this and let me know results.
  • 0

#12
chelsearick64
Posted 25 July 2012 - 05:20 PM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No luck on either front. I can't access the google IP directly and no change when using a wired connection, either (wired connection worked on second computer). When I open the network connections list in the control panel, it shows both the local area connection and wireless network connection as "enabled", but neither has ipv4 or ipv6 connectivity. When I login to the router on second computer while the problem computer is plugged into a wired connection, it does not show up on the list of connected devices.
  • 0

#13
maliprog
Posted 25 July 2012 - 11:03 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Thank you for this info. Run OTL again

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Press button named None Posted Image
  • Under the Custom Scan/Fixes box paste this in

    /md5start
afd.sys
tcpip.sys
mpssvc.dll
SDRSVC.dll
/md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.txt. This file is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it here to me

  • 0

#14
chelsearick64
Posted 26 July 2012 - 03:47 AM

chelsearick64

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Thank you.

OTL log:

OTL logfile created on: 7/26/2012 5:28:55 AM - Run 4
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Rick\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 59.82% Memory free
7.60 Gb Paging File | 5.87 Gb Available in Paging File | 77.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.06 Gb Total Space | 320.75 Gb Free Space | 70.18% Space Free | Partition Type: NTFS
Drive E: | 980.72 Mb Total Space | 968.03 Mb Free Space | 98.71% Space Free | Partition Type: FAT

Computer Name: LAPTOP | User Name: Rick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 20:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/12/09 06:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 18:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 22:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/06/24 18:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/15 22:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/23 13:31:44 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\utility.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/19 18:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2010/01/19 18:08:16 | 000,315,664 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/01/19 18:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 14:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/09/15 23:59:44 | 000,907,264 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2009/09/15 23:54:38 | 000,403,456 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 20:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012/07/17 21:32:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/12 12:35:15 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/12/01 06:36:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/01 16:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/07/01 16:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/18 13:52:10 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/26 22:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/07 15:19:58 | 000,245,792 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 22:44:32 | 000,321,584 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/01 02:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/03 23:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 17:38:32 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/13 09:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/22 13:18:50 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/02 14:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/09/16 01:45:08 | 000,174,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2009/09/16 01:45:00 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2009/09/16 01:44:58 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2009/07/21 15:42:26 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/21 15:42:26 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/21 15:42:26 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/21 15:42:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 15:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {319B5A4E-159B-4EED-A56E-F08CF4C34D0C}
IE:64bit: - HKLM\..\SearchScopes\{319B5A4E-159B-4EED-A56E-F08CF4C34D0C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A6AA2B96-DEEF-460A-A745-207513DAA9D6}
IE - HKLM\..\SearchScopes\{A6AA2B96-DEEF-460A-A745-207513DAA9D6}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {C6850134-E788-4359-9249-815CCBA8AB02}
IE - HKCU\..\SearchScopes\{C6850134-E788-4359-9249-815CCBA8AB02}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo....?t=0&refresh=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {a0faa0a4-f1a7-4098-9a74-21efc3a92372}:7.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.06
FF - prefs.js..extensions.enabledItems: [email protected]:3.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: [email protected]:1.23.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rick\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/12 11:03:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/25 22:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/25 22:03:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/17 21:32:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2010/12/07 20:30:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Extensions
[2012/07/17 19:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions
[2010/12/07 20:43:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/17 05:35:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/02/20 22:09:34 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2012/02/20 21:57:48 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2011/08/09 19:55:16 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2010/12/07 20:43:18 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2011/04/09 15:47:08 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2011/02/17 07:30:16 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\extensions\[email protected]
[2010/03/28 15:20:23 | 000,005,500 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\foodtv.xml
[2009/07/05 15:10:46 | 000,001,157 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\freedict.xml
[2011/09/04 17:09:54 | 000,004,855 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\google-images.xml
[2008/06/22 16:59:18 | 000,000,908 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\IMDB.xml
[2011/09/04 17:09:47 | 000,002,123 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\qrobeit.xml
[2008/06/22 16:59:18 | 000,000,681 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\webster.xml
[2008/06/22 16:59:16 | 000,001,108 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\0cbsr91i.default\searchplugins\wikipedia-en.xml
[2012/06/09 20:17:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/12 11:03:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/13 06:26:44 | 000,052,880 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\{A0FAA0A4-F1A7-4098-9A74-21EFC3A92372}.XPI
[2012/02/07 06:24:46 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[2012/07/17 19:42:46 | 000,186,203 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[2011/12/23 08:22:13 | 000,599,045 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[1832/11/29 00:22:58 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\RICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0CBSR91I.DEFAULT\EXTENSIONS\[email protected]
[2012/07/17 21:32:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/17 23:31:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/17 23:31:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DX Studio Plugin (Enabled) = C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npDXStudioPlugin.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Harmony Firefox Plugin (Enabled) = C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rick\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: Gmail = C:\Users\Rick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/24 19:22:09 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Apple] C:\Users\Rick\AppData\Local\Apple\evyqvjrt.dll (VDOnet Corp.)
O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://usabhembma08....com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{078F79EF-C298-4CE1-A86D-CA389431069E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9343803F-78E5-4497-805E-44EA9E688F7A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/25 05:08:11 | 000,751,391 | ---- | C] (Farbar) -- C:\Users\Rick\Desktop\MiniToolBox.exe
[2012/07/24 19:26:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/24 18:57:36 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/07/24 18:56:58 | 000,000,000 | ---D | C] -- C:\Reg_Backup
[2012/07/24 18:20:35 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/07/24 18:19:50 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/07/24 18:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/07/24 18:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/07/24 17:56:04 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\20120724
[2012/07/23 21:17:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/23 17:24:22 | 002,136,152 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Rick\Desktop\tdsskiller.exe
[2012/07/23 06:10:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/23 06:10:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/23 06:10:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/23 06:08:21 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\Rick\Desktop\ComboFix.exe
[2012/07/23 05:36:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/22 20:29:13 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/07/22 20:08:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Rick\Desktop\GooredFix.exe
[2012/07/22 19:32:50 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTM.exe
[2012/07/19 20:22:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/07/16 18:55:53 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\JavaRa-1.16-22-6-12
[2012/07/16 18:47:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/07/15 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\directv
[2012/07/13 19:30:01 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\tdsskiller
[2012/07/13 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Rick\Desktop\GooredFix Backups
[2012/07/13 19:11:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/11 22:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/11 14:37:11 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 09:48:06 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/09 11:37:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/09 11:37:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/09 11:16:07 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\malware
[2012/07/09 09:41:47 | 000,000,000 | ---D | C] -- C:\Users\Rick\AppData\Roaming\Malwarebytes
[2012/07/09 09:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 09:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/09 09:41:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/09 09:41:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/29 21:34:44 | 000,000,000 | ---D | C] -- C:\Users\Rick\Documents\attachments_2012_06_25(1)

========== Files - Modified Within 30 Days ==========

[2012/07/26 05:38:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/26 05:35:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/26 05:28:27 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/26 05:28:27 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/26 05:28:27 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/26 05:21:23 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/26 05:20:37 | 000,014,256 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 05:20:37 | 000,014,256 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/26 05:14:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/26 05:14:32 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/25 18:48:11 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/25 05:07:04 | 000,751,391 | ---- | M] (Farbar) -- C:\Users\Rick\Desktop\MiniToolBox.exe
[2012/07/24 19:34:13 | 000,456,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/24 19:32:34 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/07/24 19:32:34 | 000,000,042 | ---- | M] () -- C:\repairs_running.dat
[2012/07/24 19:22:09 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/24 19:21:19 | 000,726,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/24 18:29:24 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/07/24 18:19:44 | 000,002,289 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/23 17:24:25 | 002,136,152 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Rick\Desktop\tdsskiller.exe
[2012/07/23 06:23:35 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_30
[2012/07/23 06:08:33 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\Rick\Desktop\ComboFix.exe
[2012/07/22 20:29:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTL.exe
[2012/07/22 20:08:13 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Rick\Desktop\GooredFix.exe
[2012/07/22 19:32:54 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Rick\Desktop\OTM.exe
[2012/07/19 20:23:07 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rick\Desktop\aswMBR.exe
[2012/07/17 21:32:30 | 000,002,046 | ---- | M] () -- C:\Users\Rick\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/17 21:14:48 | 002,117,152 | ---- | M] () -- C:\Users\Rick\Desktop\tdsskiller.zip
[2012/07/16 18:55:21 | 000,001,221 | ---- | M] () -- C:\Users\Rick\Desktop\Install JavaRa.lnk
[2012/07/16 18:54:51 | 000,164,726 | ---- | M] () -- C:\Users\Rick\Desktop\JavaRa-1.16-22-6-12.zip
[2012/07/16 05:21:30 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/07/16 05:21:21 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/12 12:35:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/12 12:35:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/12 11:08:03 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/11 22:43:38 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 09:48:07 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rick\Desktop\mbam-setup-1.61.0.1400.exe
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/27 09:00:28 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

========== Files Created - No Company Name ==========

[2012/07/24 19:32:34 | 000,000,042 | ---- | C] () -- C:\repairs_running.dat
[2012/07/24 19:20:59 | 000,726,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/24 19:19:39 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/07/24 18:29:24 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/07/24 18:19:44 | 000,002,289 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/07/23 06:10:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/23 06:10:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/23 06:10:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/23 06:10:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/16 18:55:21 | 000,001,221 | ---- | C] () -- C:\Users\Rick\Desktop\Install JavaRa.lnk
[2012/07/16 18:54:51 | 000,164,726 | ---- | C] () -- C:\Users\Rick\Desktop\JavaRa-1.16-22-6-12.zip
[2012/07/13 20:48:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/13 18:51:35 | 002,117,152 | ---- | C] () -- C:\Users\Rick\Desktop\tdsskiller.zip
[2012/07/11 22:43:38 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/11 09:49:52 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/21 22:42:40 | 000,007,605 | ---- | C] () -- C:\Users\Rick\AppData\Local\Resmon.ResmonCfg
[2012/04/25 21:58:43 | 000,228,966 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2012/04/25 21:58:43 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2012/04/15 17:54:33 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2010/12/20 20:29:08 | 002,440,206 | ---- | C] () -- C:\Users\Rick\AppData\Local\[j0003]-[p01].bmp
[2010/12/12 22:39:45 | 000,229,023 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/12/12 22:39:45 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/12/07 20:01:55 | 000,000,168 | ---- | C] () -- C:\Users\Rick\AppData\Roaming\wklnhst.dat
[2010/12/07 19:54:57 | 000,000,632 | RHS- | C] () -- C:\Users\Rick\ntuser.pol
[2010/12/01 08:05:38 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/12/01 08:05:38 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/12/01 08:05:38 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/12/01 08:05:36 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/12/01 08:05:34 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/12/01 06:46:44 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

========== Custom Scans ==========

< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: MPSSVC.DLL >
[2009/07/13 21:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=AECAB449567D1846DAD63ECE49E893E3 -- C:\Windows\SysNative\MPSSVC.dll
[2009/07/13 21:41:27 | 000,824,832 | ---- | M] (Microsoft Corporation) MD5=AECAB449567D1846DAD63ECE49E893E3 -- C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll

< MD5 for: SDRSVC.DLL >
[2009/07/13 21:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=765A27C3279CE11D14CB9E4F5869FCA5 -- C:\Windows\SysNative\sdrsvc.dll
[2009/07/13 21:41:53 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=765A27C3279CE11D14CB9E4F5869FCA5 -- C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll

< MD5 for: TCPIP.SYS >
[2011/04/25 01:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011/09/29 13:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2011/06/21 02:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/12/01 08:13:09 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 06:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/25 01:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 07:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\erdnt\cache64\tcpip.sys
[2012/03/30 07:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 07:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/03/30 06:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/12/01 08:13:09 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 21:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/25 01:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 02:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 12:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 07:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 02:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 02:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2011/06/21 02:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 12:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011/09/29 12:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< End of report >
  • 0

#15
maliprog
Posted 26 July 2012 - 04:19 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Let's try to replace infected files. Make sure to restart your system after this step. Let me know if you get your connection back.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::

FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys | C:\Windows\System32\drivers\afd.sys
C:\Windows\winsxs\amd64_networking-mpssvc-svc_31bf3856ad364e35_6.1.7600.16385_none_f6092d1fe18dc440\MPSSVC.dll | C:\Windows\System32\mpssvc.dll
C:\Windows\winsxs\amd64_microsoft-windows-safedocs-main_31bf3856ad364e35_6.1.7600.16385_none_80feadf380799a73\sdrsvc.dll | C:\Windows\System32\SDRSVC.dll
C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys | C:\Windows\System32\Drivers\tcpip.sys


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP