Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

attacked by v9.com browser redirection [Solved]


  • This topic is locked This topic is locked

#1
AaronN

AaronN

    Member

  • Member
  • PipPip
  • 12 posts
Dear All,

I downloaded Adobe Reader, and then two top-rated PDF readers: PDF-XChange Viewer and Foxit Reader.

All of a sudden, all new tabs, in all browsers, redirect to http://www.v9.com/us/newtab . AARRGGHH!! How did that happen?? The PDF readers all seemed to legit sites.

Okay, so I have blown away the last 3+ hours searching on the web, and trying to solve this. I have: looked in the Task Manager, done a system restore, removed the desktop and taskbar shortcuts, run AVG, run Microsoft Security Essentials, etc. -- nada.

Help? Please?

adTHANXvance,

Aaron


-------------------------------------
OTL logfile created on: 24/10/2012 14:23:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Abba\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.87 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 44.11% Memory free
7.74 Gb Paging File | 5.04 Gb Available in Paging File | 65.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 274.34 Gb Total Space | 212.20 Gb Free Space | 77.35% Space Free | Partition Type: NTFS
Drive E: | 1.99 Gb Total Space | 1.97 Gb Free Space | 99.09% Space Free | Partition Type: FAT32
Drive G: | 21.45 Gb Total Space | 3.31 Gb Free Space | 15.43% Space Free | Partition Type: NTFS

Computer Name: ABBA-HP | User Name: Abba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/24 14:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Abba\Downloads\OTL.exe
PRC - [2012/10/13 23:00:26 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/10/09 19:40:19 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
PRC - [2012/09/04 15:22:48 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/04 15:22:43 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/23 19:44:17 | 000,330,616 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2012/07/23 19:44:16 | 001,128,312 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe
PRC - [2012/07/23 19:44:16 | 000,984,440 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe
PRC - [2012/07/23 19:44:15 | 000,212,344 | ---- | M] (Infineon Technologies AG) -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
PRC - [2012/07/23 19:41:58 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/07/23 19:41:58 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/06/20 12:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012/06/12 13:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2012/05/17 15:40:10 | 001,327,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
PRC - [2012/04/28 06:31:44 | 001,045,328 | R--- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
PRC - [2012/04/27 18:03:00 | 000,372,824 | ---- | M] (Hewlett-Packard) -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2012/04/27 18:02:58 | 012,313,688 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
PRC - [2012/03/28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/03/28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/03/28 19:38:16 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/03/28 19:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/03/27 11:14:26 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/03/26 10:24:58 | 001,516,600 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2012/03/21 03:55:10 | 000,536,848 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2012/03/09 20:22:46 | 000,070,960 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
PRC - [2012/02/14 06:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
PRC - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 12:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2011/11/26 00:22:44 | 000,312,688 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
PRC - [2011/08/13 07:13:56 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/06/17 19:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2009/09/15 17:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/13 23:00:10 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/10/09 19:40:18 | 009,814,968 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MOD - [2012/09/04 15:22:51 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/04 15:22:48 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/04 15:22:43 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/23 19:42:47 | 000,489,472 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\86c67f63ed9f761c4bf61c5d09a9d35b\IAStorUtil.ni.dll
MOD - [2012/07/23 19:42:47 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\139bd78360fafb85a8818046d0603811\IAStorCommon.ni.dll
MOD - [2012/07/16 16:19:28 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/07/16 16:19:24 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/16 16:19:23 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/16 16:19:20 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/16 16:19:15 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/16 16:19:03 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/16 16:19:01 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/16 16:19:00 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/16 16:18:55 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/27 15:09:46 | 000,366,464 | ---- | M] () -- C:\Windows\SysWOW64\flcdlmsg.dll
MOD - [2012/03/26 10:25:32 | 000,345,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll
MOD - [2012/03/26 10:25:32 | 000,282,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll
MOD - [2012/03/26 10:25:26 | 008,197,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGUI4.dll
MOD - [2012/03/26 10:25:26 | 002,302,008 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll
MOD - [2012/03/26 10:25:24 | 000,027,704 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll
MOD - [2012/03/26 10:25:22 | 000,202,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/16 09:21:08 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/05/17 15:40:10 | 001,327,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe -- (McAfee Endpoint Encryption Agent)
SRV:64bit: - [2012/04/28 06:31:44 | 000,493,904 | R--- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe -- (DpHost)
SRV:64bit: - [2012/04/26 13:56:00 | 000,033,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/03/20 16:45:18 | 002,694,224 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV:64bit: - [2012/03/14 23:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV:64bit: - [2012/03/08 11:19:40 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2012/03/07 11:00:46 | 000,629,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/03/01 10:35:24 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2012/02/26 14:07:52 | 002,669,840 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)
SRV:64bit: - [2012/02/26 14:07:42 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2012/02/26 14:07:32 | 000,626,960 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2012/02/26 14:07:26 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2012/02/02 03:31:02 | 000,945,440 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/10/13 23:00:26 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/09 19:40:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/04 15:22:48 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/13 12:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/23 19:44:16 | 001,128,312 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXSPMGT.exe -- (IFXSpMgtSrv)
SRV - [2012/07/23 19:44:16 | 000,984,440 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IFXTCS.exe -- (IFXTCS)
SRV - [2012/07/23 19:44:15 | 000,212,344 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2012/07/23 19:41:58 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/20 12:57:22 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012/06/12 13:51:06 | 001,421,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2012/04/27 18:03:00 | 000,372,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2012/04/27 15:09:40 | 000,477,056 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- c:\Windows\SysWOW64\flcdlock.exe -- (FLCDLOCK)
SRV - [2012/04/02 10:30:08 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/28 19:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/03/28 19:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/03/28 19:38:16 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/03/28 19:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/03/21 03:55:10 | 000,536,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe -- (RoxioBurnLauncher)
SRV - [2012/03/20 16:28:20 | 002,325,584 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2012/03/09 20:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012/03/07 10:18:30 | 001,118,480 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2012/02/14 06:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/14 06:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/03 06:42:00 | 000,498,352 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe -- (uArcCapture)
SRV - [2012/01/04 12:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/11/26 00:22:44 | 000,312,688 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe -- (GobiQDLService)
SRV - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/13 07:13:56 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/06/17 19:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/04 15:22:50 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/23 19:44:23 | 000,044,576 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\psd.sys -- (PersonalSecureDrive)
DRV:64bit: - [2012/07/23 19:41:59 | 000,568,640 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/07/16 09:21:08 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/16 09:10:36 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)
DRV:64bit: - [2012/05/17 16:14:08 | 000,090,736 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpeOpal.sys -- (MfeEpeOpal)
DRV:64bit: - [2012/05/17 16:13:40 | 000,158,832 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\MfeEpePc.sys -- (MfeEpePc)
DRV:64bit: - [2012/04/26 13:56:00 | 000,043,800 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/04/26 13:56:00 | 000,030,488 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/04/25 11:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/27 11:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/03/27 11:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/03/27 11:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/03/27 07:09:56 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/26 17:14:04 | 002,891,512 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys -- (SPUVCbv)
DRV:64bit: - [2012/03/15 19:57:30 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/09 05:55:26 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/08 12:01:00 | 000,058,000 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/03/01 09:55:26 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2012/03/01 09:55:26 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 01:28:10 | 000,173,656 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012/02/28 01:28:08 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2012/02/03 06:42:00 | 000,042,816 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys -- (ARCVCAM)
DRV:64bit: - [2012/02/02 05:07:18 | 000,615,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/02/02 05:07:18 | 000,134,696 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/02/02 05:07:18 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2012/02/02 05:07:12 | 000,211,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/02/02 05:07:12 | 000,184,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/02/02 05:07:12 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/02/02 05:07:12 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/01/31 20:59:30 | 000,064,312 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DAMDrv64.sys -- (DAMDrv)
DRV:64bit: - [2012/01/31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/12/06 16:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/10 02:26:28 | 000,458,752 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kmbb02.sys -- (swg3kmbb02)
DRV:64bit: - [2011/11/09 22:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/11/01 09:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/11/01 09:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/11/01 09:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/01 09:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/08/18 22:16:26 | 000,074,752 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibusflt02.sys -- (swibusflt02)
DRV:64bit: - [2011/08/18 22:16:26 | 000,074,752 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swibus02.sys -- (swibus02)
DRV:64bit: - [2011/08/18 22:16:18 | 000,259,200 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3kser02.sys -- (swg3kser02)
DRV:64bit: - [2011/08/18 22:16:18 | 000,259,200 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swg3knmea02.sys -- (swg3knmea02)
DRV:64bit: - [2011/07/25 18:44:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/25 18:44:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/18 17:11:44 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDF
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CMNTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-08 00:13:50&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=CMNTDF
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: {14323AEE-F6B8-4DC8-BCE3-E62645830585}:1.0.1
FF - prefs.js..extensions.enabledAddons: [email protected]:12.2.5.32
FF - prefs.js..keyword.URL: "http://isearch.avg.c...3:50&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/10/24 13:04:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected].com: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/10/24 13:03:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/24 13:07:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/24 13:07:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/07/07 21:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abba\AppData\Roaming\Mozilla\Extensions
[2012/10/24 10:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\wt8vkde9.default\extensions
[2012/10/16 23:09:19 | 000,242,287 | ---- | M] () (No name found) -- C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\wt8vkde9.default\extensions\[email protected]
[2012/08/01 23:47:45 | 000,002,088 | ---- | M] () (No name found) -- C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\wt8vkde9.default\extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
[2012/10/24 13:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/24 13:04:05 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/24 13:04:19 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012/10/13 23:00:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/04 15:22:41 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/18 19:10:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/13 23:00:09 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2615434\npmathplugin.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Abba\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.2.0.10687_0\
CHR - Extension: AVG Secure Search = C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: Gmail = C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DsMgr] C:\Program Files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [IFXSPMGT] C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32D33C1E-860C-479B-BA8A-3C4C04ACF039}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61686163-BC4A-4B7B-A48C-674290502DD0}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Company)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{49d1cafe-fcc7-11e1-af73-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{49d1cafe-fcc7-11e1-af73-00a0c6000000}\Shell\AutoRun\command - "" = H:\setup.exe -a
O33 - MountPoints2\{e3a52817-efbb-11e1-aebf-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{e3a52817-efbb-11e1-aebf-00a0c6000000}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/24 11:58:21 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Roaming\SpeedyPC Software
[2012/10/24 11:58:21 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Roaming\DriverCure
[2012/10/24 11:58:16 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/10/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/10/24 11:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/24 11:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/10/24 10:58:28 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Local\Adobe
[2012/10/24 10:57:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/10/24 10:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012/10/24 10:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/10/24 10:42:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/10/18 00:54:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\infi1 solutions
[2012/10/16 12:21:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\anton slides
[2012/10/15 10:52:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\savitch slides
[2012/10/13 23:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/10/24 14:04:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/24 13:49:29 | 000,031,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 13:49:29 | 000,031,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/24 13:45:12 | 000,002,198 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/10/24 13:40:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/24 13:33:01 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/24 13:33:01 | 000,652,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/24 13:33:01 | 000,121,080 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/24 13:32:07 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/24 13:27:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/24 13:27:33 | 4154,171,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 13:15:37 | 098,451,300 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/10/24 13:11:21 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForAbba.job
[2012/10/24 12:59:53 | 000,000,600 | ---- | M] () -- C:\Users\Abba\AppData\Local\PUTTY.RND
[2012/10/22 10:14:30 | 000,770,856 | ---- | M] () -- C:\Users\Public\Documents\nm-slides-color.pdf
[2012/10/17 17:52:50 | 000,287,288 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/10/14 07:22:33 | 000,002,014 | -H-- | M] () -- C:\Users\Abba\Documents\Default.rdp
[2012/10/06 23:05:18 | 000,134,803 | ---- | M] () -- C:\Users\Public\Documents\luz.pdf
[2012/10/06 23:02:06 | 000,128,715 | ---- | M] () -- C:\Users\Public\Documents\luz-list.pdf

========== Files Created - No Company Name ==========

[2012/10/06 23:02:03 | 000,134,803 | ---- | C] () -- C:\Users\Public\Documents\luz.pdf
[2012/10/06 23:02:03 | 000,128,715 | ---- | C] () -- C:\Users\Public\Documents\luz-list.pdf
[2012/08/25 20:21:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Contextual Menu Items
[2012/08/25 20:21:45 | 000,000,268 | RH-- | C] () -- C:\Users\Abba\AppData\Roaming\Conditionals
[2012/08/25 20:21:45 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012/08/22 09:45:53 | 000,007,612 | ---- | C] () -- C:\Users\Abba\AppData\Local\Resmon.ResmonCfg
[2012/07/22 00:01:15 | 000,000,632 | RHS- | C] () -- C:\Users\Abba\ntuser.pol
[2012/07/07 23:31:21 | 000,000,600 | ---- | C] () -- C:\Users\Abba\AppData\Local\PUTTY.RND
[2012/06/21 20:36:53 | 000,094,776 | ---- | C] () -- C:\windows\un_dext.exe
[2012/06/21 20:36:53 | 000,087,928 | ---- | C] () -- C:\windows\SPRemove_x64.exe
[2012/06/21 20:36:53 | 000,014,479 | ---- | C] () -- C:\windows\TWAIN2080.ini
[2012/06/21 20:36:53 | 000,003,926 | ---- | C] () -- C:\windows\Dext_12.ini
[2012/06/21 20:36:53 | 000,003,892 | ---- | C] () -- C:\windows\Dext_27.ini
[2012/06/21 20:36:53 | 000,003,884 | ---- | C] () -- C:\windows\Dext_25.ini
[2012/06/21 20:36:53 | 000,003,882 | ---- | C] () -- C:\windows\Dext_21.ini
[2012/06/21 20:36:53 | 000,003,820 | ---- | C] () -- C:\windows\Dext_11.ini
[2012/06/21 20:36:53 | 000,003,802 | ---- | C] () -- C:\windows\Dext_14.ini
[2012/06/21 20:36:53 | 000,003,802 | ---- | C] () -- C:\windows\Dext_05.ini
[2012/06/21 20:36:53 | 000,003,704 | ---- | C] () -- C:\windows\Dext_10.ini
[2012/06/21 20:36:53 | 000,003,700 | ---- | C] () -- C:\windows\Dext_16.ini
[2012/06/21 20:36:53 | 000,003,682 | ---- | C] () -- C:\windows\Dext_08.ini
[2012/06/21 20:36:53 | 000,003,672 | ---- | C] () -- C:\windows\Dext_31.ini
[2012/06/21 20:36:53 | 000,003,648 | ---- | C] () -- C:\windows\Dext_36.ini
[2012/06/21 20:36:53 | 000,003,624 | ---- | C] () -- C:\windows\Dext_1046.ini
[2012/06/21 20:36:53 | 000,003,622 | ---- | C] () -- C:\windows\Dext_20.ini
[2012/06/21 20:36:53 | 000,003,588 | ---- | C] () -- C:\windows\Dext_06.ini
[2012/06/21 20:36:53 | 000,003,586 | ---- | C] () -- C:\windows\Dext_22.ini
[2012/06/21 20:36:53 | 000,003,550 | ---- | C] () -- C:\windows\Dext_19.ini
[2012/06/21 20:36:53 | 000,003,550 | ---- | C] () -- C:\windows\Dext_07.ini
[2012/06/21 20:36:53 | 000,003,522 | ---- | C] () -- C:\windows\Dext_02.ini
[2012/06/21 20:36:53 | 000,003,492 | ---- | C] () -- C:\windows\Dext_24.ini
[2012/06/21 20:36:53 | 000,003,450 | ---- | C] () -- C:\windows\Dext_29.ini
[2012/06/21 20:36:53 | 000,003,416 | ---- | C] () -- C:\windows\Dext_01.ini
[2012/06/21 20:36:53 | 000,003,342 | ---- | C] () -- C:\windows\Dext_30.ini
[2012/06/21 20:36:53 | 000,003,220 | ---- | C] () -- C:\windows\Dext_09.ini
[2012/06/21 20:36:53 | 000,003,174 | ---- | C] () -- C:\windows\Dext_13.ini
[2012/06/21 20:36:53 | 000,002,895 | ---- | C] () -- C:\windows\remove.ini
[2012/06/21 20:36:53 | 000,002,850 | ---- | C] () -- C:\windows\Dext_04.ini
[2012/06/21 20:36:53 | 000,002,750 | ---- | C] () -- C:\windows\Dext_17.ini
[2012/06/21 20:36:53 | 000,002,674 | ---- | C] () -- C:\windows\Dext_18.ini
[2012/06/21 20:36:53 | 000,002,638 | ---- | C] () -- C:\windows\Dext_2052.ini
[2012/05/08 02:44:36 | 000,768,118 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/04/28 06:31:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPSCEL.dll.hpsign
[2012/04/28 06:31:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApi.dll.hpsign
[2012/04/28 06:31:44 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPClback.dll.hpsign
[2012/04/28 06:31:00 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPLic.dll.hpsign
[2012/04/27 15:09:46 | 000,366,464 | ---- | C] () -- C:\windows\SysWow64\flcdlmsg.dll
[2012/04/26 09:35:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2012/04/26 09:35:52 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2012/04/26 09:35:26 | 000,000,256 | R--- | C] () -- C:\windows\SysWow64\DPFPApiUI.dll.hpsign
[2012/04/17 18:50:16 | 086,271,980 | ---- | C] () -- C:\windows\SysWow64\BioTrustFace.dat
[2012/03/27 07:19:12 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin
[2012/03/27 07:19:10 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin
[2012/03/27 07:03:48 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/03/27 05:53:44 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll
[2012/03/21 21:08:52 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\vcsAPIShared.dll.hpsign
[2012/03/12 13:09:58 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll
[2012/03/12 13:09:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\HPUsageTrackingSDK.exe.hpsign
[2012/03/12 13:09:56 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\CogHPUsageTrackingReport.dll.hpsign
[2012/03/07 10:40:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/02/10 02:43:04 | 000,014,192 | ---- | C] () -- C:\windows\HPun2430Version.dll
[2011/10/12 11:02:14 | 000,187,728 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll
[2011/10/12 11:02:14 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\PassThroughOTP.dll.hpsign
[2011/09/07 09:35:30 | 000,065,536 | R--- | C] () -- C:\windows\SysWow64\scardsyn.dll
[2011/02/21 08:37:16 | 000,038,224 | ---- | C] () -- C:\windows\SysWow64\CoHpCasl.exe

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/16 15:20:21 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\Audacity
[2012/10/24 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\AVG2012
[2012/10/24 13:04:27 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\DigitalPersona
[2012/10/24 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\DriverCure
[2012/10/24 10:24:50 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\FileZilla
[2012/07/07 21:13:12 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\Infineon
[2012/09/08 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\Nikon
[2012/07/08 00:03:26 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\Nokia
[2012/07/08 00:03:27 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\PC Suite
[2012/07/07 21:42:55 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\Sierra Wireless
[2012/10/24 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\SpeedyPC Software
[2012/07/15 12:49:40 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\SSH
[2012/07/07 21:31:19 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\Synaptics

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

Thank you very much for your willingness to help. Now, down to business ....

I have done all of your instructed preliminaries.

Security Check:

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.4.402.287
Mozilla Firefox 15.0.1 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

After reboot, ERU for Windows NT (one of my attempts): "Unable to create file ... Registry backup will continue, but no restore information for the ERUNT program will be saved. This means that later restoration of the registry can only be done manually, by using another OS to copy back the file." I clicked OK, and then to continue several more times. (I think ERUNT was not properly installed.)
Is this a problem? Please instruct.

AdwCleaner:

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
# AdwCleaner v2.005 - Logfile created 10/24/2012 at 18:51:26
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Abba - ABBA-HP
# Boot Mode : Normal
# Running from : C:\Users\Abba\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Abba\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\Abba\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Abba\AppData\Local\Temp\[email protected]
Folder Deleted : C:\Users\Abba\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\chanan\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Eema\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\uriel\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\yechiel\AppData\Local\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\wt8vkde9.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Ba9b6b9ec-0bf3-4571-9e3d-c54835ca5410%[...]

Profile name : default
File : C:\Users\Eema\AppData\Roaming\Mozilla\Firefox\Profiles\5tt5b9hy.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\uriel\AppData\Roaming\Mozilla\Firefox\Profiles\gxcecgl8.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7B8db47e50-caca-4dc4-83af-3adbc24e0745[...]

Profile name : default
File : C:\Users\yechiel\AppData\Roaming\Mozilla\Firefox\Profiles\hcw7bhak.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\12.2.5.32");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bda279a3d-8305-4b17-a90b-348481999bb3[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Abba\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\yechiel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.33] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.36] : keyword = "isearch.avg.com",
Deleted [l.39] : search_url = "hxxp://isearch.avg.com/search?cid={95BF4C6E-74BC-4EF2-9E2F-45DF23EFE762}&mid=6427e69ffe8a47d09747d1e980e4e9f3-377f3538a4c27c7a1e2cc1189f5e1070271e47f6&lang=en&ds=AVG&pr=fr&d=2012-07-08 00:13:50&v=11.1.0.12&sap=dsp&q={searchTerms}",

File : C:\Users\chanan\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8275 octets] - [24/10/2012 18:51:26]

########## EOF - C:\AdwCleaner[S1].txt - [8335 octets] ##########
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

RogueKiller+:

vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Abba [Admin rights]
Mode : Remove -- Date : 10/24/2012 19:08:43

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS723232A7A364 +++++
--- User ---
[MBR] e3d0aa57cec2654e2db48d598ded406d
[BSP] 1bb9bea59dea1ebf7885b4e6125bf1ce : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 280927 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 575954944 | Size: 21966 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 620941312 | Size: 2043 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 0ff3f793128ea83adca0c8ebc9b34545
[BSP] 1bb9bea59dea1ebf7885b4e6125bf1ce : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 61440 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 128000000 | Size: 1000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 131999744 | Size: 1000 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Thank you again,

Aaron
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

Hi. I turned off my security software, and closed all programs, prior to running ComboFix.

Please note that I did not experience ComboFix asking me, or otherwise causing any reboots. When it was finished, I did so, twice, for good measure.

I still have the problems described, in particular, that browser tabs refresh themselves, jumping to http://www.v9.com/us/newtab .

I think I noted after ComboFix, is that when I opened Chrome, I got:

Your preferences file is corrupt or invalid.

Google Chrome is unable to recover your settings.

After I clicked OK, it /seems/ to have solved the problem for Chrome (and IE /maybe/, but still not for Firefox).

Below is the contents of COMBOFIX.TXT .

Thank you,

Aaron

--------------------------------------------------------------
ComboFix 12-10-24.02 - Abba 10/24/2012 22:40:03.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.3962.2118 [GMT 2:00]
Running from: c:\users\Abba\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-24 20:43 . 2012-10-24 20:43 -------- d-----w- c:\users\yechiel\AppData\Local\temp
2012-10-24 17:05 . 2012-10-24 17:05 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E910CA2-293B-4500-9D1C-EBA24D0F8BB6}\offreg.dll
2012-10-24 12:57 . 2012-10-24 12:57 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-24 11:22 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E910CA2-293B-4500-9D1C-EBA24D0F8BB6}\mpengine.dll
2012-10-24 11:11 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-24 09:58 . 2012-10-24 09:58 -------- d-----w- c:\users\Abba\AppData\Roaming\SpeedyPC Software
2012-10-24 09:58 . 2012-10-24 09:58 -------- d-----w- c:\users\Abba\AppData\Roaming\DriverCure
2012-10-24 09:58 . 2012-10-24 09:58 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-24 09:58 . 2012-10-24 09:58 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-24 09:58 . 2012-10-24 09:58 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-10-24 08:58 . 2012-10-24 08:58 -------- d-----w- c:\users\Abba\AppData\Local\Adobe
2012-10-24 08:57 . 2012-10-24 08:57 -------- d-----w- c:\program files (x86)\Foxit Software
2012-10-24 08:52 . 2012-10-24 08:52 -------- d-----w- c:\program files\Tracker Software
2012-10-24 08:42 . 2012-10-24 11:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-20 16:14 . 2012-10-07 04:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6B9BD79-D7C1-447C-AD47-61B0CB9C45B0}\gapaengine.dll
2012-10-07 04:18 . 2012-10-07 04:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-28 11:05 . 2012-09-28 11:05 -------- d-----w- c:\users\yechiel\AppData\Local\Motorola
2012-09-27 00:10 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 17:40 . 2012-05-08 00:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:40 . 2012-05-08 00:54 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 14:53 . 2012-08-27 04:33 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-04 13:22 . 2012-09-04 13:22 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 17:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-25 18:23 . 2012-08-25 18:23 49152 ----a-r- c:\users\Abba\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2012-08-25 18:23 . 2012-08-25 18:23 335872 ----a-r- c:\users\Abba\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2012-08-25 18:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-08-24 12:43 . 2012-08-24 12:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-22 18:12 . 2012-09-12 12:08 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 12:08 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 12:08 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 12:08 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-08-02 17:58 . 2012-09-12 12:08 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 12:08 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-31 08:31 . 2012-08-05 14:21 87152 ----a-w- c:\windows\system32\cpwmon64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-23 56128]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2012-04-02 183168]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-04-27 12313688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-06-12 184736]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-07-23 1128312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-13 658424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-14 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;שירות עדכון Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 116648]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-01 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2012-04-27 477056]
R3 gupdatem;שירות עדכון Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2012-03-07 1118480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-03-08 58000]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2012-07-23 44576]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-11-25 312688]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-04-27 372824]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-06-20 523680]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-26 33560]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-07-23 13632]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-28 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-28 165144]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-05-17 1327104]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-13 1128952]
S2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2012-03-21 536848]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-28 363800]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 195584]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-14 240408]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-03-15 514736]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-06-12 1421728]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-02-27 173656]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-02-27 26200]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-07-16 11471872]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2012-03-26 2891512]
S3 swg3kmbb02;Sierra Wireless QMI USB-NDIS 6.20 miniport for HP;c:\windows\system32\DRIVERS\swg3kmbb02.sys [2011-11-10 458752]
S3 swg3knmea02;Sierra Wireless QMI NMEA Communication - HP;c:\windows\system32\DRIVERS\swg3knmea02.sys [2011-08-18 259200]
S3 swg3kser02;Sierra Wireless QMI USB Device for Legacy Serial Communication - HP;c:\windows\system32\DRIVERS\swg3kser02.sys [2011-08-18 259200]
S3 swibus02;Sierra Wireless Bus Enumerator 02;c:\windows\system32\DRIVERS\swibus02.sys [2011-08-18 74752]
S3 swibusflt02;Sierra Wireless Bus Enumerator Filter 02;c:\windows\system32\DRIVERS\swibusflt02.sys [2011-08-18 74752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:40]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 10:58]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 10:58]
.
2012-10-24 c:\windows\Tasks\HPCeeScheduleForAbba.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-16 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?pc=CMNTDF
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\wt8vkde9.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-09-09 16:36; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-10-16 23:09; jid1-[email protected]; c:\users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\wt8vkde9.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MfeEpePcMonitor - c:\program files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-24 22:45:17
ComboFix-quarantined-files.txt 2012-10-24 20:45
.
Pre-Run: 226,635,317,248 bytes free
Post-Run: 226,876,252,160 bytes free
.
- - End Of File - - 4FD1F2D349F7BD4815706C548B393182
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#7
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

Hi. Thank you for your continued assistance.

I ran TDSSKiller, with it finding no threats. Output below.

Same with aswMBR. No reboot requested.

Still same browser redirects to http://www.v9.com/us/newtab . :-(

Thank you,

Aaron


---------------------------------------------------------------------------------
TDSSKiller:

23:58:12.0358 7400 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
23:58:12.0826 7400 ============================================================
23:58:12.0826 7400 Current date / time: 2012/10/24 23:58:12.0826
23:58:12.0826 7400 SystemInfo:
23:58:12.0826 7400
23:58:12.0826 7400 OS Version: 6.1.7601 ServicePack: 1.0
23:58:12.0826 7400 Product type: Workstation
23:58:12.0826 7400 ComputerName: ABBA-HP
23:58:12.0826 7400 UserName: Abba
23:58:12.0826 7400 Windows directory: C:\windows
23:58:12.0826 7400 System windows directory: C:\windows
23:58:12.0826 7400 Running under WOW64
23:58:12.0826 7400 Processor architecture: Intel x64
23:58:12.0826 7400 Number of processors: 4
23:58:12.0826 7400 Page size: 0x1000
23:58:12.0826 7400 Boot type: Normal boot
23:58:12.0826 7400 ============================================================
23:58:13.0247 7400 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:58:13.0247 7400 ============================================================
23:58:13.0247 7400 \Device\Harddisk0\DR0:
23:58:13.0247 7400 MBR partitions:
23:58:13.0247 7400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
23:58:13.0247 7400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x224AF800
23:58:13.0247 7400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22546000, BlocksNum 0x2AE7000
23:58:13.0247 7400 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502D000, BlocksNum 0x3FD800
23:58:13.0247 7400 ============================================================
23:58:13.0262 7400 C: <-> \Device\Harddisk0\DR0\Partition2
23:58:13.0294 7400 E: <-> \Device\Harddisk0\DR0\Partition4
23:58:13.0325 7400 G: <-> \Device\Harddisk0\DR0\Partition3
23:58:13.0325 7400 ============================================================
23:58:13.0325 7400 Initialize success
23:58:13.0325 7400 ============================================================
23:58:20.0984 5376 ============================================================
23:58:20.0984 5376 Scan started
23:58:20.0984 5376 Mode: Manual;
23:58:20.0984 5376 ============================================================
23:58:21.0374 5376 ================ Scan system memory ========================
23:58:21.0374 5376 System memory - ok
23:58:21.0374 5376 ================ Scan services =============================
23:58:21.0608 5376 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
23:58:21.0608 5376 1394ohci - ok
23:58:21.0655 5376 [ EE9407D42154190C3169D11EA4B8C711 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
23:58:21.0655 5376 Accelerometer - ok
23:58:21.0702 5376 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
23:58:21.0702 5376 ACPI - ok
23:58:21.0764 5376 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
23:58:21.0764 5376 AcpiPmi - ok
23:58:21.0874 5376 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:58:21.0874 5376 AdobeFlashPlayerUpdateSvc - ok
23:58:21.0920 5376 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
23:58:21.0936 5376 adp94xx - ok
23:58:21.0952 5376 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
23:58:21.0952 5376 adpahci - ok
23:58:21.0967 5376 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
23:58:21.0967 5376 adpu320 - ok
23:58:21.0998 5376 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
23:58:21.0998 5376 AeLookupSvc - ok
23:58:22.0045 5376 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
23:58:22.0061 5376 AFD - ok
23:58:22.0123 5376 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
23:58:22.0139 5376 AgereSoftModem - ok
23:58:22.0170 5376 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
23:58:22.0170 5376 agp440 - ok
23:58:22.0201 5376 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
23:58:22.0201 5376 ALG - ok
23:58:22.0232 5376 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
23:58:22.0248 5376 aliide - ok
23:58:22.0248 5376 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
23:58:22.0248 5376 amdide - ok
23:58:22.0264 5376 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
23:58:22.0264 5376 AmdK8 - ok
23:58:22.0279 5376 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
23:58:22.0279 5376 AmdPPM - ok
23:58:22.0295 5376 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
23:58:22.0295 5376 amdsata - ok
23:58:22.0326 5376 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
23:58:22.0326 5376 amdsbs - ok
23:58:22.0342 5376 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
23:58:22.0342 5376 amdxata - ok
23:58:22.0373 5376 [ B147910D07F862F1F5B7B80BF5D800BF ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys
23:58:22.0373 5376 AMPPAL - ok
23:58:22.0388 5376 [ B147910D07F862F1F5B7B80BF5D800BF ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys
23:58:22.0388 5376 AMPPALP - ok
23:58:22.0466 5376 [ 86DC20FF914596983023E9E4544667EE ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
23:58:22.0482 5376 AMPPALR3 - ok
23:58:22.0513 5376 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
23:58:22.0513 5376 AppID - ok
23:58:22.0544 5376 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
23:58:22.0560 5376 AppIDSvc - ok
23:58:22.0560 5376 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
23:58:22.0560 5376 Appinfo - ok
23:58:22.0654 5376 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:58:22.0654 5376 Apple Mobile Device - ok
23:58:22.0685 5376 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
23:58:22.0685 5376 AppMgmt - ok
23:58:22.0700 5376 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
23:58:22.0700 5376 arc - ok
23:58:22.0716 5376 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
23:58:22.0732 5376 arcsas - ok
23:58:22.0763 5376 [ DA63270378BAA19446F6DA23FEEB75D6 ] ARCVCAM C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
23:58:22.0763 5376 ARCVCAM - ok
23:58:22.0841 5376 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:58:22.0841 5376 aspnet_state - ok
23:58:22.0872 5376 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
23:58:22.0888 5376 AsyncMac - ok
23:58:22.0903 5376 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
23:58:22.0903 5376 atapi - ok
23:58:22.0950 5376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
23:58:22.0950 5376 AudioEndpointBuilder - ok
23:58:22.0966 5376 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
23:58:22.0966 5376 AudioSrv - ok
23:58:23.0122 5376 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
23:58:23.0137 5376 AVGIDSAgent - ok
23:58:23.0168 5376 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
23:58:23.0168 5376 AVGIDSDriver - ok
23:58:23.0184 5376 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
23:58:23.0184 5376 AVGIDSFilter - ok
23:58:23.0200 5376 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
23:58:23.0200 5376 AVGIDSHA - ok
23:58:23.0215 5376 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
23:58:23.0231 5376 Avgldx64 - ok
23:58:23.0231 5376 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
23:58:23.0231 5376 Avgmfx64 - ok
23:58:23.0262 5376 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
23:58:23.0262 5376 Avgrkx64 - ok
23:58:23.0278 5376 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
23:58:23.0278 5376 Avgtdia - ok
23:58:23.0340 5376 [ A313C4AE276E3C975A1BC27170AA23C6 ] avgtp C:\windows\system32\drivers\avgtpx64.sys
23:58:23.0340 5376 avgtp - ok
23:58:23.0371 5376 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
23:58:23.0371 5376 avgwd - ok
23:58:23.0402 5376 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
23:58:23.0418 5376 AxInstSV - ok
23:58:23.0449 5376 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
23:58:23.0465 5376 b06bdrv - ok
23:58:23.0496 5376 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
23:58:23.0496 5376 b57nd60a - ok
23:58:23.0558 5376 [ 47480F4260DAE9AA589BCAF924B3767A ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
23:58:23.0558 5376 BBSvc - ok
23:58:23.0574 5376 [ 6BF743CBF3BCD09DAB79245E60E1AE62 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
23:58:23.0574 5376 BBUpdate - ok
23:58:23.0605 5376 [ BC9E4469FE2CE605902D4C8BB09E8236 ] bcbtums C:\windows\system32\drivers\bcbtums.sys
23:58:23.0605 5376 bcbtums - ok
23:58:23.0636 5376 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
23:58:23.0636 5376 BDESVC - ok
23:58:23.0668 5376 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
23:58:23.0668 5376 Beep - ok
23:58:23.0699 5376 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
23:58:23.0699 5376 BFE - ok
23:58:23.0746 5376 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
23:58:23.0761 5376 BITS - ok
23:58:23.0777 5376 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\drivers\blbdrive.sys
23:58:23.0777 5376 blbdrive - ok
23:58:23.0824 5376 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:58:23.0824 5376 Bonjour Service - ok
23:58:23.0870 5376 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
23:58:23.0870 5376 bowser - ok
23:58:23.0902 5376 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
23:58:23.0902 5376 BrFiltLo - ok
23:58:23.0917 5376 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
23:58:23.0917 5376 BrFiltUp - ok
23:58:23.0964 5376 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
23:58:23.0964 5376 BridgeMP - ok
23:58:23.0995 5376 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
23:58:24.0011 5376 Browser - ok
23:58:24.0026 5376 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
23:58:24.0026 5376 Brserid - ok
23:58:24.0089 5376 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
23:58:24.0089 5376 BrSerWdm - ok
23:58:24.0136 5376 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
23:58:24.0136 5376 BrUsbMdm - ok
23:58:24.0136 5376 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
23:58:24.0136 5376 BrUsbSer - ok
23:58:24.0198 5376 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
23:58:24.0198 5376 BthEnum - ok
23:58:24.0214 5376 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
23:58:24.0214 5376 BTHMODEM - ok
23:58:24.0245 5376 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
23:58:24.0245 5376 BthPan - ok
23:58:24.0276 5376 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
23:58:24.0292 5376 BTHPORT - ok
23:58:24.0307 5376 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
23:58:24.0323 5376 bthserv - ok
23:58:24.0338 5376 [ 34C60D1F16D8FE67277DBB9D7E59F89D ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
23:58:24.0338 5376 BTHSSecurityMgr - ok
23:58:24.0354 5376 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
23:58:24.0354 5376 BTHUSB - ok
23:58:24.0401 5376 [ 93F0E54C65EF7FCB56287FA685E4C4B7 ] btwampfl C:\windows\system32\drivers\btwampfl.sys
23:58:24.0401 5376 btwampfl - ok
23:58:24.0432 5376 [ D1F3C58892C621935947C0261BAEF3C0 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
23:58:24.0432 5376 btwaudio - ok
23:58:24.0448 5376 [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
23:58:24.0463 5376 btwavdt - ok
23:58:24.0510 5376 [ CE6AD9E2874D19069569F03C819B558C ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:58:24.0526 5376 btwdins - ok
23:58:24.0557 5376 [ AC602E3B6940B48E454D90545D85E8C3 ] BTWDPAN C:\windows\system32\DRIVERS\btwdpan.sys
23:58:24.0557 5376 BTWDPAN - ok
23:58:24.0572 5376 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
23:58:24.0572 5376 btwl2cap - ok
23:58:24.0588 5376 [ BB892C59D453E127797F8C5B203678DC ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
23:58:24.0588 5376 btwrchid - ok
23:58:24.0619 5376 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
23:58:24.0619 5376 cdfs - ok
23:58:24.0666 5376 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
23:58:24.0666 5376 cdrom - ok
23:58:24.0682 5376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
23:58:24.0697 5376 CertPropSvc - ok
23:58:24.0697 5376 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
23:58:24.0697 5376 circlass - ok
23:58:24.0728 5376 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
23:58:24.0728 5376 CLFS - ok
23:58:24.0775 5376 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:58:24.0791 5376 clr_optimization_v2.0.50727_32 - ok
23:58:24.0822 5376 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:58:24.0822 5376 clr_optimization_v2.0.50727_64 - ok
23:58:24.0869 5376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:58:24.0900 5376 clr_optimization_v4.0.30319_32 - ok
23:58:24.0916 5376 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:58:24.0916 5376 clr_optimization_v4.0.30319_64 - ok
23:58:24.0947 5376 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\drivers\CmBatt.sys
23:58:24.0947 5376 CmBatt - ok
23:58:24.0962 5376 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
23:58:24.0962 5376 cmdide - ok
23:58:24.0994 5376 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
23:58:25.0009 5376 CNG - ok
23:58:25.0009 5376 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
23:58:25.0009 5376 Compbatt - ok
23:58:25.0025 5376 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
23:58:25.0025 5376 CompositeBus - ok
23:58:25.0040 5376 COMSysApp - ok
23:58:25.0134 5376 [ 04D9DC335863B587D8A421A257051D9A ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
23:58:25.0134 5376 cphs - ok
23:58:25.0150 5376 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
23:58:25.0150 5376 crcdisk - ok
23:58:25.0181 5376 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
23:58:25.0181 5376 CryptSvc - ok
23:58:25.0228 5376 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
23:58:25.0228 5376 CSC - ok
23:58:25.0259 5376 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
23:58:25.0259 5376 CscService - ok
23:58:25.0290 5376 [ B9AAC23BCC9326E5E50D937FECB7DCB5 ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
23:58:25.0306 5376 DAMDrv - ok
23:58:25.0337 5376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
23:58:25.0352 5376 DcomLaunch - ok
23:58:25.0384 5376 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
23:58:25.0399 5376 defragsvc - ok
23:58:25.0415 5376 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
23:58:25.0415 5376 DfsC - ok
23:58:25.0430 5376 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
23:58:25.0430 5376 Dhcp - ok
23:58:25.0446 5376 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
23:58:25.0446 5376 discache - ok
23:58:25.0493 5376 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
23:58:25.0493 5376 Disk - ok
23:58:25.0524 5376 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\windows\system32\drivers\dmvsc.sys
23:58:25.0524 5376 dmvsc - ok
23:58:25.0540 5376 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
23:58:25.0540 5376 Dnscache - ok
23:58:25.0571 5376 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
23:58:25.0571 5376 dot3svc - ok
23:58:25.0602 5376 [ B42ED0320C6E41102FDE0005154849BB ] dot4 C:\windows\system32\DRIVERS\Dot4.sys
23:58:25.0602 5376 dot4 - ok
23:58:25.0633 5376 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
23:58:25.0633 5376 Dot4Print - ok
23:58:25.0664 5376 [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan C:\windows\system32\DRIVERS\Dot4Scan.sys
23:58:25.0664 5376 Dot4Scan - ok
23:58:25.0680 5376 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
23:58:25.0680 5376 dot4usb - ok
23:58:25.0774 5376 [ 47BA566049A337A81ACBFA566EF9E795 ] DpHost C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
23:58:25.0789 5376 DpHost - ok
23:58:25.0820 5376 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
23:58:25.0820 5376 DPS - ok
23:58:25.0852 5376 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
23:58:25.0852 5376 drmkaud - ok
23:58:25.0898 5376 [ AE2661B8ADFA325AF0EA096D969533F3 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
23:58:25.0914 5376 DXGKrnl - ok
23:58:25.0961 5376 [ E53D32044F4A03D64D6C91CF0A22A77E ] e1cexpress C:\windows\system32\DRIVERS\e1c62x64.sys
23:58:25.0961 5376 e1cexpress - ok
23:58:25.0992 5376 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
23:58:25.0992 5376 EapHost - ok
23:58:26.0086 5376 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
23:58:26.0117 5376 ebdrv - ok
23:58:26.0148 5376 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
23:58:26.0148 5376 EFS - ok
23:58:26.0195 5376 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
23:58:26.0210 5376 ehRecvr - ok
23:58:26.0226 5376 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
23:58:26.0226 5376 ehSched - ok
23:58:26.0258 5376 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
23:58:26.0274 5376 elxstor - ok
23:58:26.0274 5376 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
23:58:26.0289 5376 ErrDev - ok
23:58:26.0321 5376 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
23:58:26.0321 5376 EventSystem - ok
23:58:26.0414 5376 [ 23D401A43DADED10A153B9F3A7E66C91 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:58:26.0414 5376 EvtEng - ok
23:58:26.0461 5376 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
23:58:26.0461 5376 exfat - ok
23:58:26.0477 5376 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
23:58:26.0477 5376 fastfat - ok
23:58:26.0523 5376 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
23:58:26.0539 5376 Fax - ok
23:58:26.0555 5376 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
23:58:26.0555 5376 fdc - ok
23:58:26.0586 5376 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
23:58:26.0601 5376 fdPHost - ok
23:58:26.0601 5376 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
23:58:26.0601 5376 FDResPub - ok
23:58:26.0633 5376 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
23:58:26.0633 5376 FileInfo - ok
23:58:26.0633 5376 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
23:58:26.0648 5376 Filetrace - ok
23:58:26.0679 5376 [ 79ACD8C7AB9F5ED5A3AECCDC9F882457 ] FLCDLOCK c:\windows\SysWOW64\flcdlock.exe
23:58:26.0679 5376 FLCDLOCK - ok
23:58:26.0711 5376 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
23:58:26.0711 5376 flpydisk - ok
23:58:26.0726 5376 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
23:58:26.0726 5376 FltMgr - ok
23:58:26.0773 5376 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
23:58:26.0789 5376 FontCache - ok
23:58:26.0820 5376 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:58:26.0820 5376 FontCache3.0.0.0 - ok
23:58:26.0835 5376 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
23:58:26.0835 5376 FsDepends - ok
23:58:26.0867 5376 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
23:58:26.0867 5376 Fs_Rec - ok
23:58:26.0898 5376 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
23:58:26.0898 5376 fvevol - ok
23:58:26.0929 5376 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
23:58:26.0929 5376 gagp30kx - ok
23:58:26.0960 5376 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
23:58:26.0960 5376 GEARAspiWDM - ok
23:58:27.0023 5376 [ 9F9AFF5594C6B6FBE49F8C2A91756158 ] GobiQDLService C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
23:58:27.0023 5376 GobiQDLService - ok
23:58:27.0054 5376 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
23:58:27.0069 5376 gpsvc - ok
23:58:27.0132 5376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:27.0132 5376 gupdate - ok
23:58:27.0147 5376 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:58:27.0147 5376 gupdatem - ok
23:58:27.0194 5376 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:58:27.0194 5376 gusvc - ok
23:58:27.0210 5376 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
23:58:27.0210 5376 hcw85cir - ok
23:58:27.0257 5376 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
23:58:27.0257 5376 HdAudAddService - ok
23:58:27.0272 5376 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
23:58:27.0272 5376 HDAudBus - ok
23:58:27.0272 5376 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
23:58:27.0272 5376 HidBatt - ok
23:58:27.0288 5376 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
23:58:27.0303 5376 HidBth - ok
23:58:27.0303 5376 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
23:58:27.0303 5376 HidIr - ok
23:58:27.0335 5376 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
23:58:27.0335 5376 hidserv - ok
23:58:27.0381 5376 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
23:58:27.0381 5376 HidUsb - ok
23:58:27.0413 5376 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
23:58:27.0413 5376 hkmsvc - ok
23:58:27.0444 5376 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
23:58:27.0444 5376 HomeGroupListener - ok
23:58:27.0475 5376 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
23:58:27.0475 5376 HomeGroupProvider - ok
23:58:27.0506 5376 [ 44AD1D87919994161131D5FB16C5B551 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
23:58:27.0522 5376 HP Power Assistant Service - ok
23:58:27.0584 5376 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
23:58:27.0584 5376 HP Support Assistant Service - ok
23:58:27.0647 5376 [ 5838D8904E9682C2B5BAA01E3077C8AA ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
23:58:27.0662 5376 hpCMSrv - ok
23:58:27.0693 5376 [ 7D2F0F709D88ED2617AFB0864D7B963E ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
23:58:27.0693 5376 hpdskflt - ok
23:58:27.0756 5376 [ DBB4F22314B4AF7DAADA06DFFE3BE240 ] HPFSService c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
23:58:27.0771 5376 HPFSService - ok
23:58:27.0818 5376 [ 4968C0728E257B3B6210244A9CDE2A08 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
23:58:27.0834 5376 hpHotkeyMonitor - ok
23:58:27.0865 5376 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\drivers\HpqKbFiltr.sys
23:58:27.0865 5376 HpqKbFiltr - ok
23:58:27.0927 5376 [ A88142EAA5405894E76BC3FB50F07AAC ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:58:27.0927 5376 hpqwmiex - ok
23:58:27.0959 5376 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
23:58:27.0959 5376 HpSAMD - ok
23:58:27.0974 5376 [ 21685DC7E55FE3A0BB74DDD1606843B8 ] hpsrv C:\windows\system32\Hpservice.exe
23:58:27.0974 5376 hpsrv - ok
23:58:28.0005 5376 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
23:58:28.0005 5376 HTTP - ok
23:58:28.0021 5376 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
23:58:28.0037 5376 hwpolicy - ok
23:58:28.0068 5376 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
23:58:28.0068 5376 i8042prt - ok
23:58:28.0115 5376 [ 88D26E2881646FAD2B2114CF8C75FC3C ] iaStor C:\windows\system32\drivers\iaStor.sys
23:58:28.0115 5376 iaStor - ok
23:58:28.0177 5376 [ E649C7C8591D71A0489E356402D16F4C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:58:28.0177 5376 IAStorDataMgrSvc - ok
23:58:28.0193 5376 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
23:58:28.0208 5376 iaStorV - ok
23:58:28.0271 5376 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:58:28.0271 5376 IDriverT - ok
23:58:28.0333 5376 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:58:28.0349 5376 idsvc - ok
23:58:28.0411 5376 [ F7DE1BDF1A7461BCBF46A6DA659609A2 ] IFXSpMgtSrv C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
23:58:28.0427 5376 IFXSpMgtSrv - ok
23:58:28.0442 5376 [ A426260D5760FA948F6BABDCF6D95161 ] IFXTCS C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
23:58:28.0458 5376 IFXTCS - ok
23:58:28.0692 5376 [ 3FB253E8059A1AAC3A8B83A31D094CC5 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
23:58:28.0926 5376 igfx - ok
23:58:28.0941 5376 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
23:58:28.0941 5376 iirsp - ok
23:58:28.0973 5376 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
23:58:28.0988 5376 IKEEXT - ok
23:58:29.0019 5376 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
23:58:29.0019 5376 IntcDAud - ok
23:58:29.0082 5376 [ 0043EC20C06FD9FE339B5D37474B731E ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
23:58:29.0097 5376 Intel® Capability Licensing Service Interface - ok
23:58:29.0129 5376 [ CAF14AD24DFE1C4ABE0D7DFF1C68D4E0 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
23:58:29.0129 5376 Intel® ME Service - ok
23:58:29.0144 5376 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
23:58:29.0144 5376 intelide - ok
23:58:29.0175 5376 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
23:58:29.0175 5376 intelppm - ok
23:58:29.0207 5376 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
23:58:29.0222 5376 IPBusEnum - ok
23:58:29.0238 5376 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
23:58:29.0253 5376 IpFilterDriver - ok
23:58:29.0269 5376 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
23:58:29.0285 5376 iphlpsvc - ok
23:58:29.0300 5376 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
23:58:29.0300 5376 IPMIDRV - ok
23:58:29.0316 5376 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
23:58:29.0316 5376 IPNAT - ok
23:58:29.0363 5376 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:58:29.0378 5376 iPod Service - ok
23:58:29.0394 5376 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
23:58:29.0409 5376 IRENUM - ok
23:58:29.0425 5376 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
23:58:29.0425 5376 isapnp - ok
23:58:29.0456 5376 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
23:58:29.0472 5376 iScsiPrt - ok
23:58:29.0503 5376 [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
23:58:29.0503 5376 iusb3hcs - ok
23:58:29.0519 5376 [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
23:58:29.0534 5376 iusb3hub - ok
23:58:29.0565 5376 [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
23:58:29.0565 5376 iusb3xhc - ok
23:58:29.0612 5376 [ 4E0B89D1F647166EC78FEF5430126EE0 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
23:58:29.0612 5376 jhi_service - ok
23:58:29.0643 5376 [ B0C3023507CD1C2EB63249FC952504AE ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
23:58:29.0643 5376 JMCR - ok
23:58:29.0675 5376 [ FBF2B35AD5911C9DFD00D83CC7BCF0B2 ] johci C:\windows\system32\DRIVERS\johci.sys
23:58:29.0690 5376 johci - ok
23:58:29.0706 5376 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
23:58:29.0721 5376 kbdclass - ok
23:58:29.0737 5376 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
23:58:29.0737 5376 kbdhid - ok
23:58:29.0784 5376 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
23:58:29.0784 5376 KeyIso - ok
23:58:29.0815 5376 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
23:58:29.0815 5376 KSecDD - ok
23:58:29.0831 5376 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
23:58:29.0831 5376 KSecPkg - ok
23:58:29.0862 5376 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
23:58:29.0862 5376 ksthunk - ok
23:58:29.0893 5376 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
23:58:29.0893 5376 KtmRm - ok
23:58:29.0924 5376 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
23:58:29.0940 5376 LanmanServer - ok
23:58:29.0955 5376 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
23:58:29.0955 5376 LanmanWorkstation - ok
23:58:30.0002 5376 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
23:58:30.0002 5376 lltdio - ok
23:58:30.0033 5376 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
23:58:30.0049 5376 lltdsvc - ok
23:58:30.0065 5376 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
23:58:30.0065 5376 lmhosts - ok
23:58:30.0096 5376 [ 23C20B19120BE3394EB7968ABD755A2D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:58:30.0111 5376 LMS - ok
23:58:30.0143 5376 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
23:58:30.0143 5376 LSI_FC - ok
23:58:30.0158 5376 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
23:58:30.0158 5376 LSI_SAS - ok
23:58:30.0174 5376 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
23:58:30.0174 5376 LSI_SAS2 - ok
23:58:30.0189 5376 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
23:58:30.0189 5376 LSI_SCSI - ok
23:58:30.0221 5376 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
23:58:30.0221 5376 luafv - ok
23:58:30.0314 5376 [ FEB36A80C89BEBAC887487E876AC2B04 ] McAfee Endpoint Encryption Agent C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
23:58:30.0330 5376 McAfee Endpoint Encryption Agent - ok
23:58:30.0392 5376 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
23:58:30.0408 5376 McComponentHostService - ok
23:58:30.0423 5376 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
23:58:30.0423 5376 Mcx2Svc - ok
23:58:30.0439 5376 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
23:58:30.0439 5376 megasas - ok
23:58:30.0470 5376 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
23:58:30.0470 5376 MegaSR - ok
23:58:30.0501 5376 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
23:58:30.0501 5376 MEIx64 - ok
23:58:30.0533 5376 [ AE02A1774F1B5DB1C199261E6A65BEED ] MfeEpeOpal C:\windows\system32\drivers\MfeEpeOpal.sys
23:58:30.0533 5376 MfeEpeOpal - ok
23:58:30.0548 5376 [ 9D751D1EF4283A551C762C3EDCB85B44 ] MfeEpePc C:\windows\system32\drivers\MfeEpePc.sys
23:58:30.0548 5376 MfeEpePc - ok
23:58:30.0595 5376 Microsoft SharePoint Workspace Audit Service - ok
23:58:30.0611 5376 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
23:58:30.0611 5376 MMCSS - ok
23:58:30.0642 5376 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
23:58:30.0642 5376 Modem - ok
23:58:30.0657 5376 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
23:58:30.0657 5376 monitor - ok
23:58:30.0689 5376 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
23:58:30.0689 5376 mouclass - ok
23:58:30.0720 5376 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
23:58:30.0720 5376 mouhid - ok
23:58:30.0751 5376 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
23:58:30.0751 5376 mountmgr - ok
23:58:30.0782 5376 [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:58:30.0798 5376 MozillaMaintenance - ok
23:58:30.0813 5376 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
23:58:30.0813 5376 MpFilter - ok
23:58:30.0845 5376 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
23:58:30.0845 5376 mpio - ok
23:58:30.0860 5376 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
23:58:30.0860 5376 mpsdrv - ok
23:58:30.0891 5376 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
23:58:30.0907 5376 MpsSvc - ok
23:58:30.0923 5376 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
23:58:30.0923 5376 MRxDAV - ok
23:58:30.0938 5376 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
23:58:30.0938 5376 mrxsmb - ok
23:58:30.0954 5376 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
23:58:30.0954 5376 mrxsmb10 - ok
23:58:30.0969 5376 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
23:58:30.0969 5376 mrxsmb20 - ok
23:58:30.0985 5376 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
23:58:30.0985 5376 msahci - ok
23:58:31.0001 5376 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
23:58:31.0016 5376 msdsm - ok
23:58:31.0032 5376 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
23:58:31.0032 5376 MSDTC - ok
23:58:31.0047 5376 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
23:58:31.0047 5376 Msfs - ok
23:58:31.0079 5376 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
23:58:31.0079 5376 mshidkmdf - ok
23:58:31.0079 5376 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
23:58:31.0094 5376 msisadrv - ok
23:58:31.0110 5376 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
23:58:31.0125 5376 MSiSCSI - ok
23:58:31.0125 5376 msiserver - ok
23:58:31.0141 5376 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
23:58:31.0141 5376 MSKSSRV - ok
23:58:31.0188 5376 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:58:31.0188 5376 MsMpSvc - ok
23:58:31.0203 5376 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
23:58:31.0219 5376 MSPCLOCK - ok
23:58:31.0219 5376 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
23:58:31.0219 5376 MSPQM - ok
23:58:31.0235 5376 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
23:58:31.0250 5376 MsRPC - ok
23:58:31.0266 5376 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
23:58:31.0266 5376 mssmbios - ok
23:58:31.0281 5376 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
23:58:31.0281 5376 MSTEE - ok
23:58:31.0297 5376 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
23:58:31.0297 5376 MTConfig - ok
23:58:31.0313 5376 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
23:58:31.0313 5376 Mup - ok
23:58:31.0391 5376 [ 48C9BA25EDA90E3DB07ADAC8CD32F5F3 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:58:31.0391 5376 MyWiFiDHCPDNS - ok
23:58:31.0422 5376 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
23:58:31.0437 5376 napagent - ok
23:58:31.0469 5376 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
23:58:31.0469 5376 NativeWifiP - ok
23:58:31.0515 5376 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
23:58:31.0531 5376 NDIS - ok
23:58:31.0547 5376 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
23:58:31.0547 5376 NdisCap - ok
23:58:31.0562 5376 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
23:58:31.0562 5376 NdisTapi - ok
23:58:31.0593 5376 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
23:58:31.0593 5376 Ndisuio - ok
23:58:31.0625 5376 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
23:58:31.0625 5376 NdisWan - ok
23:58:31.0656 5376 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
23:58:31.0656 5376 NDProxy - ok
23:58:31.0687 5376 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
23:58:31.0687 5376 NetBIOS - ok
23:58:31.0703 5376 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
23:58:31.0703 5376 NetBT - ok
23:58:31.0734 5376 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
23:58:31.0734 5376 Netlogon - ok
23:58:31.0765 5376 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
23:58:31.0781 5376 Netman - ok
23:58:31.0827 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:31.0843 5376 NetMsmqActivator - ok
23:58:31.0843 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:31.0843 5376 NetPipeActivator - ok
23:58:31.0874 5376 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
23:58:31.0874 5376 netprofm - ok
23:58:31.0890 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:31.0890 5376 NetTcpActivator - ok
23:58:31.0890 5376 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:58:31.0890 5376 NetTcpPortSharing - ok
23:58:32.0108 5376 [ 262225F08B891FD7F16B3B93A3177C1F ] NETwNs64 C:\windows\system32\DRIVERS\Netwsw00.sys
23:58:32.0155 5376 NETwNs64 - ok
23:58:32.0186 5376 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
23:58:32.0186 5376 nfrd960 - ok
23:58:32.0217 5376 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
23:58:32.0217 5376 NisDrv - ok
23:58:32.0233 5376 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:58:32.0249 5376 NisSrv - ok
23:58:32.0280 5376 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
23:58:32.0280 5376 NlaSvc - ok
23:58:32.0311 5376 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\windows\system32\drivers\ccdcmbx64.sys
23:58:32.0311 5376 nmwcd - ok
23:58:32.0342 5376 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\windows\system32\drivers\ccdcmbox64.sys
23:58:32.0342 5376 nmwcdc - ok
23:58:32.0373 5376 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
23:58:32.0373 5376 Npfs - ok
23:58:32.0389 5376 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
23:58:32.0389 5376 nsi - ok
23:58:32.0405 5376 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
23:58:32.0405 5376 nsiproxy - ok
23:58:32.0436 5376 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
23:58:32.0451 5376 Ntfs - ok
23:58:32.0467 5376 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
23:58:32.0467 5376 Null - ok
23:58:32.0498 5376 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
23:58:32.0498 5376 nvraid - ok
23:58:32.0498 5376 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
23:58:32.0498 5376 nvstor - ok
23:58:32.0529 5376 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
23:58:32.0529 5376 nv_agp - ok
23:58:32.0545 5376 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
23:58:32.0545 5376 ohci1394 - ok
23:58:32.0592 5376 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:58:32.0592 5376 ose - ok
23:58:32.0732 5376 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:58:32.0763 5376 osppsvc - ok
23:58:32.0795 5376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
23:58:32.0810 5376 p2pimsvc - ok
23:58:32.0826 5376 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
23:58:32.0826 5376 p2psvc - ok
23:58:32.0857 5376 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
23:58:32.0857 5376 Parport - ok
23:58:32.0873 5376 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
23:58:32.0873 5376 partmgr - ok
23:58:32.0888 5376 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
23:58:32.0888 5376 PcaSvc - ok
23:58:32.0919 5376 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\windows\system32\DRIVERS\pccsmcfdx64.sys
23:58:32.0919 5376 pccsmcfd - ok
23:58:32.0935 5376 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
23:58:32.0935 5376 pci - ok
23:58:32.0951 5376 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
23:58:32.0951 5376 pciide - ok
23:58:32.0966 5376 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
23:58:32.0966 5376 pcmcia - ok
23:58:32.0982 5376 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
23:58:32.0982 5376 pcw - ok
23:58:33.0013 5376 pdfcDispatcher - ok
23:58:33.0044 5376 [ BAF3216DDAA12E66EBBB31760E02BC14 ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
23:58:33.0044 5376 PdiService - ok
23:58:33.0075 5376 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
23:58:33.0075 5376 PEAUTH - ok
23:58:33.0122 5376 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
23:58:33.0138 5376 PeerDistSvc - ok
23:58:33.0200 5376 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
23:58:33.0216 5376 PerfHost - ok
23:58:33.0263 5376 [ F20612DF7E12DE3A087D0F44CC545FB1 ] PersonalSecureDrive C:\windows\System32\drivers\psd.sys
23:58:33.0263 5376 PersonalSecureDrive - ok
23:58:33.0325 5376 [ FE29C5873E3B67484AFEB0BB35123DBD ] PersonalSecureDriveService C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
23:58:33.0325 5376 PersonalSecureDriveService - ok
23:58:33.0372 5376 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
23:58:33.0403 5376 pla - ok
23:58:33.0450 5376 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
23:58:33.0450 5376 PlugPlay - ok
23:58:33.0465 5376 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
23:58:33.0465 5376 PNRPAutoReg - ok
23:58:33.0481 5376 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
23:58:33.0481 5376 PNRPsvc - ok
23:58:33.0512 5376 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
23:58:33.0512 5376 PolicyAgent - ok
23:58:33.0543 5376 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
23:58:33.0543 5376 Power - ok
23:58:33.0575 5376 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
23:58:33.0575 5376 PptpMiniport - ok
23:58:33.0590 5376 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
23:58:33.0606 5376 Processor - ok
23:58:33.0621 5376 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
23:58:33.0621 5376 ProfSvc - ok
23:58:33.0637 5376 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
23:58:33.0637 5376 ProtectedStorage - ok
23:58:33.0668 5376 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
23:58:33.0668 5376 Psched - ok
23:58:33.0699 5376 [ D5132DDFDAA653CF2D7D621FD604BB5A ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
23:58:33.0699 5376 PxHlpa64 - ok
23:58:33.0746 5376 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
23:58:33.0762 5376 ql2300 - ok
23:58:33.0777 5376 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
23:58:33.0777 5376 ql40xx - ok
23:58:33.0809 5376 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
23:58:33.0809 5376 QWAVE - ok
23:58:33.0824 5376 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
23:58:33.0840 5376 QWAVEdrv - ok
23:58:33.0840 5376 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
23:58:33.0840 5376 RasAcd - ok
23:58:33.0871 5376 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
23:58:33.0871 5376 RasAgileVpn - ok
23:58:33.0887 5376 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
23:58:33.0887 5376 RasAuto - ok
23:58:33.0887 5376 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
23:58:33.0902 5376 Rasl2tp - ok
23:58:33.0918 5376 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
23:58:33.0933 5376 RasMan - ok
23:58:33.0933 5376 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
23:58:33.0949 5376 RasPppoe - ok
23:58:33.0949 5376 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
23:58:33.0965 5376 RasSstp - ok
23:58:33.0980 5376 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
23:58:33.0980 5376 rdbss - ok
23:58:34.0011 5376 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
23:58:34.0011 5376 rdpbus - ok
23:58:34.0011 5376 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
23:58:34.0011 5376 RDPCDD - ok
23:58:34.0043 5376 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
23:58:34.0043 5376 RDPDR - ok
23:58:34.0074 5376 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
23:58:34.0074 5376 RDPENCDD - ok
23:58:34.0089 5376 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
23:58:34.0089 5376 RDPREFMP - ok
23:58:34.0121 5376 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
23:58:34.0121 5376 RDPWD - ok
23:58:34.0152 5376 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
23:58:34.0152 5376 rdyboost - ok
23:58:34.0214 5376 [ 0C2B4C3B10D183BE116A38353E937F62 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:58:34.0214 5376 RegSrvc - ok
23:58:34.0245 5376 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
23:58:34.0245 5376 RemoteAccess - ok
23:58:34.0277 5376 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
23:58:34.0292 5376 RemoteRegistry - ok
23:58:34.0323 5376 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
23:58:34.0323 5376 RFCOMM - ok
23:58:34.0401 5376 [ DBF241307AAB32837A5FD07F002ED90F ] RoxioBurnLauncher C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
23:58:34.0401 5376 RoxioBurnLauncher - ok
23:58:34.0479 5376 [ 74D8C5F0CEE3E882FDE2B3C1EC689819 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:58:34.0495 5376 RoxMediaDB12OEM - ok
23:58:34.0526 5376 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
23:58:34.0526 5376 RpcEptMapper - ok
23:58:34.0557 5376 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
23:58:34.0557 5376 RpcLocator - ok
23:58:34.0573 5376 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
23:58:34.0589 5376 RpcSs - ok
23:58:34.0620 5376 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
23:58:34.0620 5376 rspndr - ok
23:58:34.0635 5376 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
23:58:34.0651 5376 s3cap - ok
23:58:34.0651 5376 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
23:58:34.0651 5376 SamSs - ok
23:58:34.0682 5376 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
23:58:34.0682 5376 sbp2port - ok
23:58:34.0698 5376 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
23:58:34.0713 5376 SCardSvr - ok
23:58:34.0713 5376 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
23:58:34.0729 5376 scfilter - ok
23:58:34.0745 5376 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
23:58:34.0760 5376 Schedule - ok
23:58:34.0776 5376 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
23:58:34.0776 5376 SCPolicySvc - ok
23:58:34.0807 5376 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
23:58:34.0807 5376 sdbus - ok
23:58:34.0823 5376 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
23:58:34.0838 5376 SDRSVC - ok
23:58:34.0869 5376 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
23:58:34.0869 5376 secdrv - ok
23:58:34.0869 5376 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
23:58:34.0885 5376 seclogon - ok
23:58:34.0901 5376 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
23:58:34.0901 5376 SENS - ok
23:58:34.0932 5376 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
23:58:34.0932 5376 SensrSvc - ok
23:58:34.0963 5376 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
23:58:34.0963 5376 Serenum - ok
23:58:34.0979 5376 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
23:58:34.0979 5376 Serial - ok
23:58:35.0010 5376 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
23:58:35.0010 5376 sermouse - ok
23:58:35.0057 5376 [ F31E9531AF225CA25350D5E87E999B31 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
23:58:35.0072 5376 ServiceLayer - ok
23:58:35.0103 5376 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
23:58:35.0103 5376 SessionEnv - ok
23:58:35.0135 5376 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
23:58:35.0135 5376 sffdisk - ok
23:58:35.0135 5376 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
23:58:35.0135 5376 sffp_mmc - ok
23:58:35.0150 5376 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
23:58:35.0150 5376 sffp_sd - ok
23:58:35.0166 5376 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
23:58:35.0166 5376 sfloppy - ok
23:58:35.0197 5376 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
23:58:35.0213 5376 SharedAccess - ok
23:58:35.0228 5376 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
23:58:35.0228 5376 ShellHWDetection - ok
23:58:35.0259 5376 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
23:58:35.0259 5376 SiSRaid2 - ok
23:58:35.0291 5376 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
23:58:35.0291 5376 SiSRaid4 - ok
23:58:35.0400 5376 [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
23:58:35.0431 5376 Skype C2C Service - ok
23:58:35.0478 5376 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
23:58:35.0478 5376 SkypeUpdate - ok
23:58:35.0509 5376 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
23:58:35.0509 5376 Smb - ok
23:58:35.0540 5376 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
23:58:35.0540 5376 SNMPTRAP - ok
23:58:35.0556 5376 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
23:58:35.0556 5376 spldr - ok
23:58:35.0587 5376 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
23:58:35.0587 5376 Spooler - ok
23:58:35.0665 5376 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
23:58:35.0681 5376 sppsvc - ok
23:58:35.0696 5376 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
23:58:35.0696 5376 sppuinotify - ok
23:58:35.0774 5376 [ 685D7FDA1A2E019446872472A6295063 ] SPUVCbv C:\windows\system32\Drivers\SPUVCbv_x64.sys
23:58:35.0790 5376 SPUVCbv - ok
23:58:35.0821 5376 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
23:58:35.0821 5376 srv - ok
23:58:35.0837 5376 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
23:58:35.0837 5376 srv2 - ok
23:58:35.0852 5376 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
23:58:35.0852 5376 srvnet - ok
23:58:35.0883 5376 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
23:58:35.0883 5376 SSDPSRV - ok
23:58:35.0899 5376 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
23:58:35.0899 5376 SstpSvc - ok
23:58:35.0961 5376 [ 703A26203F4B0C410CA257F0436934FC ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
23:58:35.0961 5376 STacSV - ok
23:58:35.0993 5376 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
23:58:35.0993 5376 stexstor - ok
23:58:36.0024 5376 [ 8ADD3AFDDF008998BE9E7571381F62DC ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
23:58:36.0024 5376 STHDA - ok
23:58:36.0086 5376 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
23:58:36.0102 5376 stisvc - ok
23:58:36.0133 5376 [ F0B57D2DEC5F97E621FF5E986319EED2 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:58:36.0149 5376 stllssvr - ok
23:58:36.0164 5376 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
23:58:36.0164 5376 storflt - ok
23:58:36.0180 5376 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
23:58:36.0195 5376 StorSvc - ok
23:58:36.0227 5376 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
23:58:36.0227 5376 storvsc - ok
23:58:36.0242 5376 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
23:58:36.0242 5376 swenum - ok
23:58:36.0289 5376 [ E783AA53FCEECC6576EB66E90D67CAA0 ] swg3kmbb02 C:\windows\system32\DRIVERS\swg3kmbb02.sys
23:58:36.0289 5376 swg3kmbb02 - ok
23:58:36.0336 5376 [ C9AADBA1EAF597D7EC02A529CC64234A ] swg3knmea02 C:\windows\system32\DRIVERS\swg3knmea02.sys
23:58:36.0336 5376 swg3knmea02 - ok
23:58:36.0367 5376 [ C9AADBA1EAF597D7EC02A529CC64234A ] swg3kser02 C:\windows\system32\DRIVERS\swg3kser02.sys
23:58:36.0383 5376 swg3kser02 - ok
23:58:36.0414 5376 [ 3911ADB9A2E6E34E583C93A440343114 ] swibus02 C:\windows\system32\DRIVERS\swibus02.sys
23:58:36.0414 5376 swibus02 - ok
23:58:36.0429 5376 [ 3911ADB9A2E6E34E583C93A440343114 ] swibusflt02 C:\windows\system32\DRIVERS\swibusflt02.sys
23:58:36.0429 5376 swibusflt02 - ok
23:58:36.0461 5376 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
23:58:36.0476 5376 swprv - ok
23:58:36.0523 5376 [ 48A191AE1F810F3F76F04187BA6B0F14 ] SynTP C:\windows\system32\drivers\SynTP.sys
23:58:36.0523 5376 SynTP - ok
23:58:36.0570 5376 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
23:58:36.0601 5376 SysMain - ok
23:58:36.0632 5376 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
23:58:36.0632 5376 TabletInputService - ok
23:58:36.0648 5376 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
23:58:36.0648 5376 TapiSrv - ok
23:58:36.0663 5376 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
23:58:36.0663 5376 TBS - ok
23:58:36.0726 5376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
23:58:36.0726 5376 Tcpip - ok
23:58:36.0757 5376 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
23:58:36.0773 5376 TCPIP6 - ok
23:58:36.0788 5376 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
23:58:36.0804 5376 tcpipreg - ok
23:58:36.0804 5376 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
23:58:36.0804 5376 TDPIPE - ok
23:58:36.0835 5376 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
23:58:36.0835 5376 TDTCP - ok
23:58:36.0835 5376 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
23:58:36.0851 5376 tdx - ok
23:58:36.0851 5376 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
23:58:36.0851 5376 TermDD - ok
23:58:36.0882 5376 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
23:58:36.0897 5376 TermService - ok
23:58:36.0897 5376 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
23:58:36.0897 5376 Themes - ok
23:58:36.0929 5376 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
23:58:36.0929 5376 THREADORDER - ok
23:58:36.0944 5376 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
23:58:36.0944 5376 TPM - ok
23:58:36.0960 5376 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
23:58:36.0960 5376 TrkWks - ok
23:58:36.0991 5376 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
23:58:36.0991 5376 TrustedInstaller - ok
23:58:37.0022 5376 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
23:58:37.0022 5376 tssecsrv - ok
23:58:37.0053 5376 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
23:58:37.0053 5376 TsUsbFlt - ok
23:58:37.0069 5376 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
23:58:37.0069 5376 TsUsbGD - ok
23:58:37.0100 5376 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
23:58:37.0100 5376 tunnel - ok
23:58:37.0100 5376 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
23:58:37.0100 5376 uagp35 - ok
23:58:37.0178 5376 [ F0458A5ABFC8C269798D398F664666A8 ] uArcCapture C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe
23:58:37.0194 5376 uArcCapture - ok
23:58:37.0225 5376 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
23:58:37.0225 5376 udfs - ok
23:58:37.0256 5376 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
23:58:37.0256 5376 UI0Detect - ok
23:58:37.0287 5376 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
23:58:37.0287 5376 uliagpkx - ok
23:58:37.0334 5376 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
23:58:37.0334 5376 umbus - ok
23:58:37.0365 5376 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
23:58:37.0365 5376 UmPass - ok
23:58:37.0397 5376 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
23:58:37.0412 5376 UmRdpService - ok
23:58:37.0459 5376 [ 25F4EFE9D0624C7C7B0EC823DE901BF3 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:58:37.0459 5376 UNS - ok
23:58:37.0490 5376 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
23:58:37.0490 5376 upnphost - ok
23:58:37.0537 5376 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
23:58:37.0537 5376 upperdev - ok
23:58:37.0568 5376 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
23:58:37.0568 5376 USBAAPL64 - ok
23:58:37.0599 5376 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
23:58:37.0599 5376 usbccgp - ok
23:58:37.0615 5376 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
23:58:37.0631 5376 usbcir - ok
23:58:37.0631 5376 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\windows\system32\drivers\usbehci.sys
23:58:37.0646 5376 usbehci - ok
23:58:37.0662 5376 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
23:58:37.0677 5376 usbhub - ok
23:58:37.0693 5376 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\windows\system32\drivers\usbohci.sys
23:58:37.0693 5376 usbohci - ok
23:58:37.0709 5376 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
23:58:37.0724 5376 usbprint - ok
23:58:37.0755 5376 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\drivers\usbser.sys
23:58:37.0755 5376 usbser - ok
23:58:37.0755 5376 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys
23:58:37.0771 5376 UsbserFilt - ok
23:58:37.0771 5376 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
23:58:37.0787 5376 USBSTOR - ok
23:58:37.0787 5376 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
23:58:37.0787 5376 usbuhci - ok
23:58:37.0818 5376 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
23:58:37.0818 5376 usbvideo - ok
23:58:37.0833 5376 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
23:58:37.0833 5376 UxSms - ok
23:58:37.0865 5376 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
23:58:37.0865 5376 VaultSvc - ok
23:58:37.0958 5376 [ EF3BD2119454883B0D5463AD5327DD10 ] vcsFPService C:\windows\system32\vcsFPService.exe
23:58:37.0974 5376 vcsFPService - ok
23:58:38.0005 5376 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
23:58:38.0005 5376 vdrvroot - ok
23:58:38.0021 5376 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
23:58:38.0036 5376 vds - ok
23:58:38.0083 5376 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
23:58:38.0083 5376 vga - ok
23:58:38.0099 5376 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
23:58:38.0099 5376 VgaSave - ok
23:58:38.0114 5376 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
23:58:38.0130 5376 vhdmp - ok
23:58:38.0145 5376 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
23:58:38.0161 5376 viaide - ok
23:58:38.0177 5376 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
23:58:38.0177 5376 vmbus - ok
23:58:38.0177 5376 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
23:58:38.0177 5376 VMBusHID - ok
23:58:38.0192 5376 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
23:58:38.0192 5376 volmgr - ok
23:58:38.0223 5376 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
23:58:38.0223 5376 volmgrx - ok
23:58:38.0239 5376 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
23:58:38.0239 5376 volsnap - ok
23:58:38.0270 5376 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
23:58:38.0270 5376 vsmraid - ok
23:58:38.0333 5376 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
23:58:38.0348 5376 VSS - ok
23:58:38.0411 5376 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
23:58:38.0411 5376 vToolbarUpdater12.2.6 - ok
23:58:38.0426 5376 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
23:58:38.0426 5376 vwifibus - ok
23:58:38.0457 5376 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
23:58:38.0457 5376 vwififlt - ok
23:58:38.0473 5376 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
23:58:38.0473 5376 vwifimp - ok
23:58:38.0504 5376 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
23:58:38.0504 5376 W32Time - ok
23:58:38.0535 5376 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
23:58:38.0535 5376 WacomPen - ok
23:58:38.0582 5376 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
23:58:38.0582 5376 WANARP - ok
23:58:38.0582 5376 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
23:58:38.0582 5376 Wanarpv6 - ok
23:58:38.0660 5376 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
23:58:38.0676 5376 WatAdminSvc - ok
23:58:38.0723 5376 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
23:58:38.0754 5376 wbengine - ok
23:58:38.0769 5376 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
23:58:38.0785 5376 WbioSrvc - ok
23:58:38.0785 5376 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
23:58:38.0801 5376 wcncsvc - ok
23:58:38.0816 5376 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
23:58:38.0816 5376 WcsPlugInService - ok
23:58:38.0832 5376 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
23:58:38.0832 5376 Wd - ok
23:58:38.0863 5376 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
23:58:38.0879 5376 Wdf01000 - ok
23:58:38.0894 5376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
23:58:38.0894 5376 WdiServiceHost - ok
23:58:38.0894 5376 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
23:58:38.0894 5376 WdiSystemHost - ok
23:58:38.0910 5376 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
23:58:38.0925 5376 WebClient - ok
23:58:38.0925 5376 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
23:58:38.0941 5376 Wecsvc - ok
23:58:38.0957 5376 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
23:58:38.0957 5376 wercplsupport - ok
23:58:38.0988 5376 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
23:58:38.0988 5376 WerSvc - ok
23:58:39.0019 5376 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
23:58:39.0019 5376 WfpLwf - ok
23:58:39.0050 5376 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
23:58:39.0050 5376 WIMMount - ok
23:58:39.0066 5376 WinDefend - ok
23:58:39.0081 5376 WinHttpAutoProxySvc - ok
23:58:39.0128 5376 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
23:58:39.0128 5376 Winmgmt - ok
23:58:39.0191 5376 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
23:58:39.0222 5376 WinRM - ok
23:58:39.0253 5376 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
23:58:39.0253 5376 WinUSB - ok
23:58:39.0284 5376 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
23:58:39.0300 5376 Wlansvc - ok
23:58:39.0300 5376 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
23:58:39.0300 5376 WmiAcpi - ok
23:58:39.0331 5376 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
23:58:39.0331 5376 wmiApSrv - ok
23:58:39.0362 5376 WMPNetworkSvc - ok
23:58:39.0378 5376 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
23:58:39.0378 5376 WPCSvc - ok
23:58:39.0393 5376 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
23:58:39.0409 5376 WPDBusEnum - ok
23:58:39.0425 5376 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
23:58:39.0425 5376 ws2ifsl - ok
23:58:39.0440 5376 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
23:58:39.0440 5376 wscsvc - ok
23:58:39.0440 5376 WSearch - ok
23:58:39.0503 5376 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
23:58:39.0534 5376 wuauserv - ok
23:58:39.0549 5376 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
23:58:39.0549 5376 WudfPf - ok
23:58:39.0565 5376 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
23:58:39.0581 5376 WUDFRd - ok
23:58:39.0596 5376 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
23:58:39.0596 5376 wudfsvc - ok
23:58:39.0612 5376 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
23:58:39.0612 5376 WwanSvc - ok
23:58:39.0737 5376 [ D2FE4103450E52CB248D842501F84B90 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
23:58:39.0752 5376 ZeroConfigService - ok
23:58:39.0783 5376 ================ Scan global ===============================
23:58:39.0799 5376 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
23:58:39.0815 5376 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
23:58:39.0830 5376 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
23:58:39.0846 5376 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
23:58:39.0877 5376 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
23:58:39.0877 5376 [Global] - ok
23:58:39.0877 5376 ================ Scan MBR ==================================
23:58:39.0877 5376 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:58:40.0080 5376 \Device\Harddisk0\DR0 - ok
23:58:40.0080 5376 ================ Scan VBR ==================================
23:58:40.0080 5376 [ BB32744E5DCBF9BB80166913766AC053 ] \Device\Harddisk0\DR0\Partition1
23:58:40.0080 5376 \Device\Harddisk0\DR0\Partition1 - ok
23:58:40.0095 5376 [ 449C69E70E2CFE1DDDF363E5D5BBFDC5 ] \Device\Harddisk0\DR0\Partition2
23:58:40.0095 5376 \Device\Harddisk0\DR0\Partition2 - ok
23:58:40.0127 5376 [ 954B630EE0D124F55D8C652BEF78EB98 ] \Device\Harddisk0\DR0\Partition3
23:58:40.0127 5376 \Device\Harddisk0\DR0\Partition3 - ok
23:58:40.0142 5376 [ 50DA88D2193FD819969555E8A9840418 ] \Device\Harddisk0\DR0\Partition4
23:58:40.0142 5376 \Device\Harddisk0\DR0\Partition4 - ok
23:58:40.0142 5376 ============================================================
23:58:40.0142 5376 Scan finished
23:58:40.0142 5376 ============================================================
23:58:40.0158 7984 Detected object count: 0
23:58:40.0158 7984 Actual detected object count: 0


aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-25 00:04:29
-----------------------------
00:04:29.489 OS Version: Windows x64 6.1.7601 Service Pack 1
00:04:29.489 Number of processors: 4 586 0x3A09
00:04:29.489 ComputerName: ABBA-HP UserName: Abba
00:04:30.285 Initialize success
00:06:38.676 AVAST engine defs: 12102400
00:06:47.537 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:06:47.553 Disk 0 Vendor: Hitachi_ EC2O Size: 305245MB BusType: 3
00:06:47.553 Disk 0 MBR read successfully
00:06:47.568 Disk 0 MBR scan
00:06:47.568 Disk 0 Windows 7 default MBR code
00:06:47.568 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
00:06:47.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 280927 MB offset 616448
00:06:47.615 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 21966 MB offset 575954944
00:06:47.646 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620941312
00:06:47.677 Disk 0 scanning C:\windows\system32\drivers
00:06:56.959 Service scanning
00:07:26.225 Modules scanning
00:07:26.225 Disk 0 trace - called modules:
00:07:26.771 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
00:07:26.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800708e060]
00:07:26.787 3 CLASSPNP.SYS[fffff88001d5b43f] -> nt!IofCallDriver -> [0xfffffa8006f2fb10]
00:07:26.787 5 hpdskflt.sys[fffff88001d02299] -> nt!IofCallDriver -> [0xfffffa8005dfb550]
00:07:26.802 7 ACPI.sys[fffff88000f857a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005e1f050]
00:07:27.535 AVAST engine scan C:\windows
00:07:30.577 AVAST engine scan C:\windows\system32
00:09:59.995 AVAST engine scan C:\windows\system32\drivers
00:10:10.260 AVAST engine scan C:\Users\Abba
00:11:20.304 AVAST engine scan C:\ProgramData
00:11:57.354 Scan finished successfully
00:13:46.695 Disk 0 MBR has been saved successfully to "C:\Users\Abba\Desktop\MBR.dat"
00:13:46.695 The log file has been saved successfully to "C:\Users\Abba\Desktop\aswMBR.txt"
  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" File not found
    O4 - HKLM..\Run: [] File not found
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/10/24 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\DriverCure
    [2012/10/24 11:58:21 | 000,000,000 | ---D | M] -- C:\Users\Abba\AppData\Roaming\SpeedyPC Software
    [2012/10/24 11:58:21 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Roaming\SpeedyPC Software
    [2012/10/24 11:58:21 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Roaming\DriverCure
    [2012/10/24 11:58:16 | 000,000,000 | ---D | C] -- C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
    [2012/10/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
    [2012/10/24 11:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
    [2012/10/24 11:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
  • 0

#9
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

Hi. I ran the fix, with the output below. The computer did not ask for a reboot, but I did nonetheless.

Unfortunately, no change, and all new Firefox browser tabs, and some links too, immediately redirect to: http://www.v9.com/us/newtab . <GRRR>

Aaron


----------------------------------------------------------------------
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MfeEpePcMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Abba\AppData\Roaming\DriverCure folder moved successfully.
C:\Users\Abba\AppData\Roaming\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\Users\Abba\AppData\Roaming\SpeedyPC Software folder moved successfully.
Folder C:\Users\Abba\AppData\Roaming\SpeedyPC Software\ not found.
Folder C:\Users\Abba\AppData\Roaming\DriverCure\ not found.
C:\Users\Abba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software folder moved successfully.
C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\Images folder moved successfully.
C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3 folder moved successfully.
C:\Program Files (x86)\Common Files\SpeedyPC Software folder moved successfully.
C:\ProgramData\SpeedyPC Software\UUS3\SpeedyPC folder moved successfully.
C:\ProgramData\SpeedyPC Software\UUS3 folder moved successfully.
C:\ProgramData\SpeedyPC Software\SpeedyPC Pro folder moved successfully.
C:\ProgramData\SpeedyPC Software folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Tabs folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan\animation folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Scan folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\recommendations folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list\process folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\list folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Icons folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\headers folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\group folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\general folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Frame folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\defrag folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\buttons folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images\Audio folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\Images folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\uninstall folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML\images folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC\HTML folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software\SpeedyPC folder moved successfully.
C:\Program Files (x86)\SpeedyPC Software folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Abba\Downloads\cmd.bat deleted successfully.
C:\Users\Abba\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Abba

User: All Users

User: chanan

User: Default

User: Default User

User: Eema

User: Public

User: uriel

User: yechiel

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Abba
->Flash cache emptied: 54482 bytes

User: All Users

User: chanan

User: Default

User: Default User

User: Eema
->Flash cache emptied: 2038 bytes

User: Public

User: uriel
->Flash cache emptied: 2349 bytes

User: yechiel
->Flash cache emptied: 19872 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10252012_081747
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I want you to reset firefox back to defaults, to do this I need you to do this

  • At the top of the Firefox window, click the "Firefox" button,
  • go over to the "Help" sub-menu
    • (on Windows XP, click the Help menu at the top of the Firefox window) and select "Troubleshooting Information".
  • Click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • click "Reset Firefox" in the confirmation window that opens.
  • Firefox will close and be reset. When it's done. Click "Finish" and Firefox will open.

restart the computer and check firefox for me now

Gringo
  • 0

Advertisements


#11
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

Yay!! It looks like it is finally licked. Thank you very much.

I wonder in retrospect which of the various tools you had me run, did the actual cleanup work (with the FF reset).

Thank you again for your time and concern.

Aaron
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

It is a combination of things, had to remove the virus for the reset to work

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#13
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

I continued with your instructions. The first time now that I reran ComboFix, it hung for a very long time (~20 minutes) while preparing the log file. I finally killed it, and restarted it. But to tell the truth, I noticed that some other used were still logged in, so they likely had something running. (I logged them out prior to re-running ComboFix.)

Note: at no point was I asked for a reboot.

The log file is below.

The v9.com virus seems to have been eradicated, thank goodness, and thanx to you.

Aaron


--------------------------------------
ComboFix 12-10-25.02 - Abba 10/25/2012 23:54:58.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.3962.1980 [GMT 2:00]
Running from: c:\users\Abba\Desktop\ComboFix.exe
Command switches used :: c:\users\Abba\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-25 to 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 21:58 . 2012-10-25 21:58 -------- d-----w- c:\users\yechiel\AppData\Local\temp
2012-10-25 21:58 . 2012-10-25 21:58 -------- d-----w- c:\users\uriel\AppData\Local\temp
2012-10-25 21:58 . 2012-10-25 21:58 -------- d-----w- c:\users\Eema\AppData\Local\temp
2012-10-25 21:58 . 2012-10-25 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-25 21:58 . 2012-10-25 21:58 -------- d-----w- c:\users\chanan\AppData\Local\temp
2012-10-25 13:54 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6FDCA3D-8548-4103-A81F-68C83DFC9297}\mpengine.dll
2012-10-25 08:49 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-25 06:17 . 2012-10-25 06:17 -------- d-----w- C:\_OTL
2012-10-24 08:58 . 2012-10-24 08:58 -------- d-----w- c:\users\Abba\AppData\Local\Adobe
2012-10-24 08:57 . 2012-10-24 08:57 -------- d-----w- c:\program files (x86)\Foxit Software
2012-10-24 08:52 . 2012-10-24 08:52 -------- d-----w- c:\program files\Tracker Software
2012-10-24 08:42 . 2012-10-24 11:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-10-20 16:14 . 2012-10-07 04:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6B9BD79-D7C1-447C-AD47-61B0CB9C45B0}\gapaengine.dll
2012-10-07 04:18 . 2012-10-07 04:18 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-28 11:05 . 2012-09-28 11:05 -------- d-----w- c:\users\yechiel\AppData\Local\Motorola
2012-09-27 00:10 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 17:40 . 2012-05-08 00:54 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 17:40 . 2012-05-08 00:54 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 14:53 . 2012-08-27 04:33 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-04 13:22 . 2012-09-04 13:22 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-30 20:03 . 2012-08-30 20:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-03-20 17:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-25 18:23 . 2012-08-25 18:23 49152 ----a-r- c:\users\Abba\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2012-08-25 18:23 . 2012-08-25 18:23 335872 ----a-r- c:\users\Abba\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2012-08-25 18:21 . 2003-03-19 02:05 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2012-08-24 12:43 . 2012-08-24 12:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-22 18:12 . 2012-09-12 12:08 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 12:08 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 12:08 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 12:08 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-08-02 17:58 . 2012-09-12 12:08 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 12:08 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-31 08:31 . 2012-08-05 14:21 87152 ----a-w- c:\windows\system32\cpwmon64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-03-26 1516600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-23 56128]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-06-20 333728]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-27 291608]
"DsMgr"="c:\program files (x86)\Hewlett-Packard\HP GPS and Location\dsMgr.exe" [2012-04-02 183168]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2012-04-27 12313688]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2012-06-12 184736]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2012-07-23 1128312]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-13 658424]
"Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-2 1380128]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2012-01-31 21:19 75648 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-08-13 5167736]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [2012-02-14 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;שירות עדכון Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 116648]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-01 195584]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2012-02-02 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-02-02 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2012-02-02 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-02-02 39976]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2012-01-31 64312]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2012-04-27 477056]
R3 gupdatem;שירות עדכון Google (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 116648]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-13 115168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-02-26 273168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2012-03-07 1118480]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-10 1255736]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 19224]
S0 MfeEpeOpal;MfeEpeOpal; [x]
S0 MfeEpePc;MfeEpePc; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-03-08 58000]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2012-07-23 44576]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]
S2 GobiQDLService;Sierra Wireless QDL Service;c:\program files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-11-25 312688]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2012-04-27 372824]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-06-20 523680]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-04-26 33560]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-07-23 13632]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-03-07 629984]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-03-28 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-03-28 165144]
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2012-05-17 1327104]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-13 1128952]
S2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [2012-03-21 536848]
S2 uArcCapture;ArcCapture;c:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [2012-02-03 498352]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-03-28 363800]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2012-03-20 2694224]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-02-26 2669840]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 195584]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2012-02-03 42816]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [2012-02-14 240408]
S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2012-03-15 514736]
S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-06-12 1421728]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 356632]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 789272]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2012-02-27 173656]
S3 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2012-02-27 26200]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-07-16 11471872]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv_x64.sys [2012-03-26 2891512]
S3 swg3kmbb02;Sierra Wireless QMI USB-NDIS 6.20 miniport for HP;c:\windows\system32\DRIVERS\swg3kmbb02.sys [2011-11-10 458752]
S3 swg3knmea02;Sierra Wireless QMI NMEA Communication - HP;c:\windows\system32\DRIVERS\swg3knmea02.sys [2011-08-18 259200]
S3 swg3kser02;Sierra Wireless QMI USB Device for Legacy Serial Communication - HP;c:\windows\system32\DRIVERS\swg3kser02.sys [2011-08-18 259200]
S3 swibus02;Sierra Wireless Bus Enumerator 02;c:\windows\system32\DRIVERS\swibus02.sys [2011-08-18 74752]
S3 swibusflt02;Sierra Wireless Bus Enumerator Filter 02;c:\windows\system32\DRIVERS\swibusflt02.sys [2011-08-18 74752]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:40]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 10:58]
.
2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-12 10:58]
.
2012-10-24 c:\windows\Tasks\HPCeeScheduleForAbba.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-02 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-02 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-02 439064]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-16 1425408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?pc=CMNTDF
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mStart Page = hxxp://www.bing.com?pc=CMNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Abba\AppData\Roaming\Mozilla\Firefox\Profiles\cb0v57a7.default-1351162456026\
FF - ExtSQL: 2012-10-24 13:03; [email protected]; c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF - ExtSQL: 2012-10-24 13:04; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-25 23:59:35
ComboFix-quarantined-files.txt 2012-10-25 21:59
ComboFix2.txt 2012-10-24 20:45
.
Pre-Run: 224,578,039,808 bytes free
Post-Run: 224,505,192,448 bytes free
.
- - End Of File - - CB1F4ABA32F10A4D7E6BA0FD911A5A4D
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#15
AaronN

AaronN

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Dear Gringo,

Below is your requested results. BTW, what are you trying to track down?

Did I mention that it was apparently Foxit Reader's recent installation package, which supplied me with this lovely virus? Please see http://www.techsuppo...-pdf-reader.htm .

Thanx,

Aaron


------------------------------
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Alcor Micro Smart Card Reader Driver
Apple Application Support
Apple Software Update
ArcSoft Webcam Sharing Manager
Audacity 2.0
Bing Bar
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX 9 Runtime
Energy Star Digital Logo
File Sanitizer For HP ProtectTools
File Uploader
FileZilla Client 3.5.3
Google Chrome
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP ESU for Microsoft Windows 7
HP GPS and Location
HP HD Webcam Driver
HP Hotkey Support
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP System Default Settings
HP Wallpaper
HP Webcam
IDT Audio
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
M50: An Introduction to Mathematica in the Classroom (T-WIN-M50
McAfee Security Scan Plus
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
Nokia Connectivity Cable Driver
Nokia PC Suite
opensource
PC Connectivity Solution
PDF Complete Special Edition
Picasa 3
PuTTY version 0.62
QuickTime
Roxio Activation Module
Roxio CinePlayer Decoder Pack
Roxio Express Labeler 3
Roxio MyDVD Business 2010
Roxio Secure Burn
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sierra Wireless (HP un2430) Mobile Broadband Driver Package
Skype Click to Call
Skype™ 5.10
SSH Secure Shell
Theft Recovery for HP ProtectTools
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VIP Access SDK (1.1.0.7)
Visual Studio 2008 x64 Redistributables
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP