Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Searchnut.com Redirect [Solved]

Started by C0D3BR3AK , Nov 20 2012 10:44 AM

  • This topic is locked This topic is locked

#1
C0D3BR3AK
Posted 20 November 2012 - 10:44 AM

C0D3BR3AK

    New Member

  • Member
  • Pip
  • 7 posts
Hi,

I recently tried to download a document and the website required me to install a downloader tool first. I stupidly ran the program, but then cancelled the install wizard at the initial screen. Unfortunately, it installed a bunch of malware before the install wizard even opened.

Symantec Antivirus blocked some files and I uninstalled the BHO and backup software and other apps that showed up in Add/Remove Programs. I noticed that any windows I had open would flicker and redraw several times a minute even if I wasn't doing anything. Also, when I opened invalid websites from Google Chrome or IE it would open a searchnut.com page pretending to be the page I wanted (e.g. http://schneider-electric.com would open as http://schneider-ele...m.searchnut.com). When I connected to my work VPN, most of my company's intranet pages failed to open and were replaced with searchnut pages. While I was browsing, the computer would often become unresponsive for several seconds and the mouse would not move.

I have tried multiple anti-malware apps: I ran Spybot Search & Destroy and it removed one malware app. SuperAntiSpyware didn't find anything. ComboFix deleted c:\users\SESA81379\g2mdlhlpx.exe and restored an infected c:\windows\SysWow64\userinit.exe. However, my browsers are still being redirected to searchnut.com. I thought it might be a problem in my wireless router, but I do not have any problems on another PC which uses that router.

Here is my OTL log. Please let me know what else to try. Thanks!

Eric
C0D3BR3AK

OTL logfile created on: 11/20/2012 10:58:31 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\SESA81379\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 71.32% Memory free
15.97 Gb Paging File | 13.45 Gb Available in Paging File | 84.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.63 Gb Total Space | 114.00 Gb Free Space | 16.32% Space Free | Partition Type: NTFS
Drive F: | 3.69 Gb Total Space | 3.61 Gb Free Space | 98.03% Space Free | Partition Type: FAT32

Computer Name: DJZJXN1-1 | User Name: SESA81379 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/20 10:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\SESA81379\Downloads\OTL.exe
PRC - [2012/06/09 01:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/06/09 01:28:32 | 000,103,576 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012/06/09 01:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/06/08 23:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012/05/23 15:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/09/16 07:31:34 | 000,189,832 | ---- | M] (IBM Corp) -- C:\Notes\SUService.exe
PRC - [2011/09/16 07:28:26 | 004,453,768 | ---- | M] (IBM) -- C:\Notes\nsd.exe
PRC - [2011/03/17 03:36:00 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/17 03:36:00 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/17 03:36:00 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/17 03:36:00 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\CCM\CcmExec.exe
PRC - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2009/09/17 00:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
PRC - [2007/05/21 07:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2012/10/31 17:15:05 | 000,460,312 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/31 17:15:04 | 012,455,448 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 17:15:02 | 004,007,448 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 17:13:47 | 000,587,288 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 17:13:46 | 000,123,928 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 17:13:35 | 000,156,712 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 17:13:34 | 000,274,984 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 17:13:32 | 002,168,360 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/06/14 22:17:14 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/14 22:17:04 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/14 22:17:01 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/14 22:16:54 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/14 22:16:52 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/15 11:54:16 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll
MOD - [2012/05/10 02:27:36 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MOD - [2012/05/10 02:27:24 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/10 02:10:54 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 02:07:04 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/10 02:06:59 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/10 02:06:57 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MOD - [2012/05/10 02:06:53 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/10 02:06:48 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2011/03/27 15:11:04 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/07/28 23:33:50 | 002,452,072 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/02/17 19:32:48 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 19:32:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/26 06:38:11 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2010/11/20 22:24:38 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2010/04/30 05:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:56 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\WMSvc.exe -- (WMSVC)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/09 01:28:58 | 000,433,816 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/06/09 01:28:30 | 000,354,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/06/09 00:39:40 | 011,839,488 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/06/08 23:15:22 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/09/16 07:31:34 | 000,189,832 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\SUService.exe -- (LNSUSvc)
SRV - [2011/09/16 07:28:26 | 004,453,768 | ---- | M] (IBM) [Auto | Running] -- C:\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/03/17 03:36:00 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/17 03:36:00 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/03/17 03:36:00 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/03/17 03:36:00 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/17 03:36:00 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/02/17 19:32:52 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 22:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 22:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/09/30 01:01:50 | 000,055,928 | ---- | M] (Schneider Electric (Australia)) [On_Demand | Stopped] -- C:\Cit720\Bin\TimeSyncService.exe -- (TimeSyncService)
SRV - [2010/09/02 17:01:50 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2010/09/02 16:59:34 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
SRV - [2010/07/31 07:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\CCM\TSManager.exe -- (smstsmgr)
SRV - [2009/09/17 06:06:00 | 001,246,496 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2009/09/17 00:03:00 | 000,369,952 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2009/09/17 00:00:02 | 000,292,128 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe -- (SentinelSecurityRuntime)
SRV - [2009/07/13 14:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\OpcEnum.exe -- (OpcEnum)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/06/09 01:29:20 | 000,063,128 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/06/09 01:29:18 | 000,031,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012/06/09 01:27:30 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/06/08 22:52:20 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/06/08 22:52:20 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/24 23:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth)
DRV:64bit: - [2011/09/22 20:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/29 22:01:10 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 13:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/04 11:07:58 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/18 05:42:50 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/25 12:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/25 12:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/03/17 03:37:00 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/03/17 03:36:00 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/03/17 03:36:00 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/17 03:36:00 | 000,062,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2011/03/17 03:36:00 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/17 19:32:52 | 000,416,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt)
DRV:64bit: - [2011/02/17 19:32:52 | 000,378,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus)
DRV:64bit: - [2011/02/17 19:32:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2011/02/17 19:32:52 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2011/02/17 19:32:50 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2011/02/17 19:32:50 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2011/02/17 19:32:50 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/02/17 19:32:50 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2011/02/14 14:24:32 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2011/02/14 14:24:32 | 000,017,048 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcm.sys -- (tcm)
DRV:64bit: - [2011/02/14 12:00:26 | 000,032,096 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btpmwx64.sys -- (BCMTPM)
DRV:64bit: - [2011/02/14 12:00:06 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011/02/14 12:00:04 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/02/14 11:59:56 | 000,376,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d557mgmt.sys -- (d557mgmt)
DRV:64bit: - [2011/02/14 11:59:56 | 000,127,104 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserdl.sys -- (qcusbserdl)
DRV:64bit: - [2011/02/14 11:59:56 | 000,121,600 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserdl2k.sys -- (qcusbserdl2k)
DRV:64bit: - [2011/02/14 11:59:56 | 000,008,832 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl.sys -- (QCFilterdl)
DRV:64bit: - [2011/02/14 11:59:56 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl2k.sys -- (qcfilterdl2k)
DRV:64bit: - [2011/02/14 11:59:54 | 000,328,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d557bus.sys -- (d557bus)
DRV:64bit: - [2011/02/14 11:59:54 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
DRV:64bit: - [2011/02/14 11:59:54 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
DRV:64bit: - [2011/02/13 15:34:32 | 000,014,848 | ---- | M] (Copyright© Digitech Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIGITECH.sys -- (DIGITECH)
DRV:64bit: - [2011/02/13 15:33:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/02/10 15:44:58 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011/02/10 15:44:58 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011/02/09 15:45:36 | 000,306,296 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/09 08:26:50 | 000,026,712 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/01/12 11:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/16 14:11:16 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/12/10 07:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 07:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser64)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/09/15 06:19:02 | 000,079,952 | R--- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2010/09/07 04:37:26 | 000,121,432 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2010/09/02 16:54:06 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2010/09/02 16:54:06 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2010/09/02 16:46:38 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
DRV:64bit: - [2010/08/30 15:47:16 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2010/08/30 15:47:16 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/08/13 08:16:52 | 000,065,808 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifP52x64.sys -- (IFCoEVB)
DRV:64bit: - [2010/08/13 08:16:46 | 000,339,728 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ifM52x64.sys -- (IFCoEMP)
DRV:64bit: - [2010/07/28 09:10:40 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/26 11:07:42 | 000,096,296 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2010/07/26 11:07:42 | 000,081,920 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
DRV:64bit: - [2010/07/26 11:07:32 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/06/21 22:37:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/06/20 21:45:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/04/25 20:30:52 | 000,041,040 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas2.sys -- (megasas2)
DRV:64bit: - [2010/01/21 08:00:02 | 000,179,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
DRV:64bit: - [2009/11/16 01:45:26 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 01:45:22 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/11/16 01:27:44 | 000,046,792 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ioatdma.sys -- (ioatdma)
DRV:64bit: - [2009/09/17 06:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2009/09/17 06:05:02 | 000,058,792 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SNTUSB64.SYS -- (SNTUSB64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/08 07:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 07:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/25 12:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 11:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 11:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/04/11 17:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE)
DRV:64bit: - [2007/04/11 17:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE)
DRV - [2012/09/12 03:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121119.022\ex64.sys -- (NAVEX15)
DRV - [2012/09/12 03:00:00 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121119.022\eng64.sys -- (NAVENG)
DRV - [2012/08/08 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/03/17 03:36:00 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/03/17 03:36:00 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/03/17 03:36:00 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/09/18 03:00:00 | 000,026,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/01/31 19:29:10 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\mnmdd.sys -- (mnmdd)
DRV - [1998/05/06 23:00:00 | 000,000,111 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\Windows\SysWow64\WINSOCK.SRG -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swebi.schneider-electric.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SESA81379\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SESA81379\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/ig
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\SESA81379\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Angry Birds = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: A Space Shooter for FREE = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\epbeobdmeddlnkokfiaijkfabecpmifa\4_0\
CHR - Extension: Plants vs Zombies = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Gmail = C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/11/20 10:35:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [IBM Lotus Notes Preloader] C:\Notes\nntspreld.exe (IBM Corp)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WallpaperSS] C:\Program Files (x86)\WallpaperSS\WallpaperSS.exe (Gianpaolo Bottin)
O4 - Startup: C:\Users\SESA81379\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SQM present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\MemoryStick\PortableApps\BitComet\BitComet.exe (www.BitComet.com)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: ads ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: americashome ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ads] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ccentral] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([cfapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ciobulletinboard] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([cst] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([empire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([financeportal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([findpart] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([findsku] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([ibat] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([insight] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intraapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intraapp] https in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intra-app] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intranet] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([intra-stage-wkg] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([isxinternal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([itops] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([jpaa] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([marcom] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([netapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([pricing] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgt] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgtdev] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgtinter] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([responsemgtstage] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([rightasset] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([saleshome] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([salestools] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([secempire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([smp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([spdtraining] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([steponelogin] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([training] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([upiguarani] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([videonam] http in Local intranet)
O15:64bit: - ..Trusted Domains: apc.com ([watt] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ads] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ccentral] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([cfapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([cfapp] https in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ciobulletinboard] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([cst] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([empire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([financeportal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([findpart] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([findsku] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([ibat] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([insight] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intraapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intraapp] https in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intra-app] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intranet] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([intra-stage-wkg] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([isxinternal] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([itops] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([jpaa] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([marcom] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([netapp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([pricing] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgt] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgtdev] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgtinter] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([responsemgtstage] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([rightasset] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([saleshome] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([salestools] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([secempire] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([smp] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([spdtraining] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([steponelogin] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([training] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([upiguarani] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([videonam] http in Local intranet)
O15:64bit: - ..Trusted Domains: apcc.com ([watt] http in Local intranet)
O15:64bit: - ..Trusted Domains: ccentral ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: cfapp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: cfapp ([]https in Local intranet)
O15:64bit: - ..Trusted Domains: ciobulletinboard ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: cst ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: empire ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: financeportal ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: findpart ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: findsku ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: ibat ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: insight ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intraapp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intraapp ([]https in Local intranet)
O15:64bit: - ..Trusted Domains: intra-app ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intranet ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: intra-stage-wkg ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: isxinternal ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: itops ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: jpaa ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: marcom ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: netapp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: pricing ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgt ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgtdev ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgtinter ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: responsemgtstage ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: rightasset ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: saleshome ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: saleshome.schneider-electric.com ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: salestools ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: schneider-electric.com ([americashome] http in Local intranet)
O15:64bit: - ..Trusted Domains: schneider-electric.com ([saleshome] http in Local intranet)
O15:64bit: - ..Trusted Domains: schneider-electric.com ([teamwork] http in Local intranet)
O15:64bit: - ..Trusted Domains: secempire ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: smp ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: spdtraining ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: steponelogin ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: teamwork ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: training ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: upiguarani ([]http in Local intranet)
O15:64bit: - ..Trusted Domains: watt ([]http in Local intranet)
O16:64bit: - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Reg Error: Key error.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CE335477-C2B3-4B59-8305-5D9A77D1F133} https://mft.schneide...Wizard7.1.0.ocx (MOVEitUpDownWiz Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/...perSetupSP1.cab (JuniperSetupControlXP Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.gad.schneider-electric.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EDDC719-F85F-47FF-A6F7-221B87C1D4B2}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28458400-8788-4FA9-8C45-AFCD01F51F2E}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2939071E-1819-4E80-A550-39444F0B948B}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C00B54D-44DD-4600-A71A-4CA42A90F225}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C00B54D-44DD-4600-A71A-4CA42A90F225}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24E812C-DDCD-4101-86E3-1E3FA93272E7}: NameServer = 107.6.133.8,23.23.180.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F65C9315-D9D2-4A50-BD6E-DDD55E4BDF38}: NameServer = 107.6.133.8,23.23.180.210
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/20 10:35:56 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/20 10:20:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/20 10:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/20 10:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/20 10:19:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/20 10:19:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/11/20 10:19:10 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/20 10:01:49 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Roaming\SUPERAntiSpyware.com
[2012/11/20 10:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/20 10:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/11/20 10:01:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/11/19 09:48:05 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Local\LogMeIn Rescue Applet
[2012/11/19 08:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/19 08:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/19 08:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/12 14:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012/11/12 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Roaming\Strongvault
[2012/11/12 14:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012/11/12 14:28:59 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Local\Stronghold_LLC
[2012/11/12 14:28:32 | 000,000,000 | ---D | C] -- C:\Users\SESA81379\AppData\Local\SwvUpdater

========== Files - Modified Within 30 Days ==========

[2012/11/20 10:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/20 10:47:39 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 10:47:39 | 000,019,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 10:43:05 | 000,982,332 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/20 10:43:05 | 000,804,614 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/20 10:43:05 | 000,175,136 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/20 10:36:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723623973-1505943458-2159161028-48993UA.job
[2012/11/20 10:35:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/20 10:35:20 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/20 10:35:19 | 000,000,463 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2012/11/20 10:32:31 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ae4e1840-e597-47e4-a774-b9007a08f7df.job
[2012/11/20 10:32:31 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 842275ad-ace0-4256-b3f7-3342ccccbc51.job
[2012/11/20 10:32:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/20 10:32:06 | 2136,338,431 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/20 10:01:18 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/19 23:36:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2723623973-1505943458-2159161028-48993Core.job
[2012/11/19 15:59:17 | 000,150,630 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-19.ctz
[2012/11/19 15:26:59 | 000,000,206 | ---- | M] () -- C:\Windows\FTRUN32.INI
[2012/11/19 09:54:49 | 000,000,078 | ---- | M] () -- C:\Windows\init.ini
[2012/11/19 08:28:47 | 000,000,552 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20121119-091849.backup
[2012/11/15 17:45:45 | 000,150,079 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-15.ctz
[2012/11/15 12:45:40 | 000,167,411 | ---- | M] () -- C:\Users\SESA81379\Desktop\SCADA-Compatibility-Matrix.pdf
[2012/11/14 14:21:41 | 000,149,012 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-14.ctz
[2012/11/14 10:09:28 | 010,035,200 | ---- | M] () -- C:\Users\SESA81379\Documents\SnippetKeeper Code.db
[2012/11/14 10:09:28 | 010,035,200 | ---- | M] () -- C:\Users\SESA81379\Documents\backup.db
[2012/11/13 19:06:24 | 000,146,018 | ---- | M] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-13.ctz
[2012/11/13 16:29:22 | 000,233,120 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2012/11/07 12:13:07 | 000,007,615 | ---- | M] () -- C:\Users\SESA81379\AppData\Local\Resmon.ResmonCfg
[2012/11/06 09:01:21 | 000,049,897 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/01 16:50:37 | 000,011,704 | ---- | M] () -- C:\Users\SESA81379\Desktop\citect.ini
[2012/10/22 15:37:58 | 018,055,824 | ---- | M] () -- C:\Users\SESA81379\Desktop\Citect SCADA 7.20 HF720SP358306.zip
[2012/10/22 12:12:14 | 000,002,625 | ---- | M] () -- C:\Users\Public\Desktop\Case Manager.lnk
[2012/10/22 09:39:40 | 000,127,313 | ---- | M] () -- C:\Users\SESA81379\Desktop\Eric Black SCADA Security_V1.pdf
[2012/10/22 09:25:46 | 000,036,633 | ---- | M] () -- C:\Users\SESA81379\Desktop\Training Receipt.pdf

========== Files Created - No Company Name ==========

[2012/11/20 10:20:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/20 10:20:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/20 10:20:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/20 10:20:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/20 10:20:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/20 10:02:02 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ae4e1840-e597-47e4-a774-b9007a08f7df.job
[2012/11/20 10:02:02 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 842275ad-ace0-4256-b3f7-3342ccccbc51.job
[2012/11/20 10:01:18 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/11/19 15:59:16 | 000,150,630 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-19.ctz
[2012/11/15 17:45:44 | 000,150,079 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-15.ctz
[2012/11/15 12:45:45 | 000,167,411 | ---- | C] () -- C:\Users\SESA81379\Desktop\SCADA-Compatibility-Matrix.pdf
[2012/11/14 14:21:41 | 000,149,012 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-14.ctz
[2012/11/13 19:06:24 | 000,146,018 | ---- | C] () -- C:\Users\SESA81379\Desktop\UserDefinedTypes 2012-11-13.ctz
[2012/11/01 16:50:35 | 000,011,704 | ---- | C] () -- C:\Users\SESA81379\Desktop\citect.ini
[2012/10/22 15:51:23 | 018,055,824 | ---- | C] () -- C:\Users\SESA81379\Desktop\Citect SCADA 7.20 HF720SP358306.zip
[2012/10/22 09:39:39 | 000,127,313 | ---- | C] () -- C:\Users\SESA81379\Desktop\Eric Black SCADA Security_V1.pdf
[2012/10/22 09:25:45 | 000,036,633 | ---- | C] () -- C:\Users\SESA81379\Desktop\Training Receipt.pdf
[2012/08/23 10:40:05 | 000,007,615 | ---- | C] () -- C:\Users\SESA81379\AppData\Local\Resmon.ResmonCfg
[2012/06/19 10:23:21 | 000,597,104 | ---- | C] () -- C:\Windows\SysWow64\RssHookDLL.dll
[2012/06/13 21:57:50 | 000,005,120 | ---- | C] () -- C:\Users\SESA81379\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/27 23:01:47 | 000,577,536 | ---- | C] () -- C:\Windows\SysWow64\ChilkatCsv.dll
[2012/05/01 12:59:11 | 000,000,363 | ---- | C] () -- C:\Users\SESA81379\.miwizrc
[2012/04/20 09:40:52 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/04/20 09:40:06 | 000,000,463 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/04/13 09:54:41 | 000,000,258 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/13 09:54:40 | 000,000,403 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/04/13 09:54:40 | 000,000,206 | ---- | C] () -- C:\Windows\FTRUN32.INI
[2012/04/11 11:37:21 | 000,001,272 | RHS- | C] () -- C:\Users\SESA81379\ntuser.pol
[2012/04/11 11:37:00 | 000,054,419 | ---- | C] () -- C:\Users\SESA81379\install.xml
[2012/04/11 09:35:55 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/04/11 09:35:55 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/04/11 09:35:54 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/04/11 09:35:54 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/04/11 09:35:54 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/06/02 08:28:42 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/04 10:32:17 | 000,015,641 | ---- | C] () -- C:\Windows\sapmsg_20110504_083214.ini
[2011/05/04 10:31:23 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011/05/04 10:31:23 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011/05/04 10:31:23 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011/05/04 10:31:23 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011/05/04 10:31:23 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011/05/03 18:33:21 | 000,000,117 | ---- | C] () -- C:\Windows\sapgraph.ini
[2011/05/03 18:33:20 | 000,131,699 | ---- | C] () -- C:\Windows\saplogon.ini
[2011/05/03 18:33:20 | 000,015,643 | ---- | C] () -- C:\Windows\sapmsg.ini
[2011/05/03 18:19:25 | 000,000,078 | ---- | C] () -- C:\Windows\init.ini
[2011/05/03 17:51:46 | 000,997,876 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/03 16:28:37 | 000,049,897 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/03 04:17:47 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/05/03 04:17:47 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/05/03 04:17:47 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/05/03 04:17:31 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/05/03 04:17:22 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/02/09 23:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/12 13:04:23 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\AT&T
[2011/05/04 10:39:39 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Autodesk
[2012/06/01 11:47:59 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\BitComet
[2011/05/04 10:48:50 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Canneverbe Limited
[2012/11/07 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Canon
[2012/09/27 12:35:34 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\CometPlayer
[2012/04/13 13:25:23 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Garmin
[2012/09/13 09:54:44 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\gsak
[2012/04/11 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\IrfanView
[2012/11/19 15:58:06 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Juniper Networks
[2012/09/05 13:30:45 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Leadertech
[2012/04/26 10:15:04 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\pdfforge
[2012/11/07 12:23:36 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\PrimoPDF
[2011/05/04 10:33:00 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\SAP
[2012/04/13 10:27:57 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Schneider Electric
[2012/04/12 09:34:07 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Sierra Wireless
[2012/11/12 14:29:26 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Strongvault
[2012/04/11 16:23:01 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Subversion
[2012/09/27 12:40:20 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\tigerplayer
[2012/05/28 08:52:24 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\WallpaperSS
[2012/04/13 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\Watchtower
[2012/05/03 12:31:17 | 000,000,000 | ---D | M] -- C:\Users\SESA81379\AppData\Roaming\webex

========== Purity Check ==========



< End of report >

Edited by C0D3BR3AK, 20 November 2012 - 10:59 AM.

  • 0

Advertisements

#2
Essexboy
Posted 20 November 2012 - 01:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there could you delete the IE, Firefox and Chrome shortcuts from the desktop and quick launch bar

You may recreate them in a bit

Launch your browser of choice and let me know if you are still getting redirected
  • 0

#3
C0D3BR3AK
Posted 20 November 2012 - 01:58 PM

C0D3BR3AK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for getting back to me so quickly. I don't have Firefox installed. I don't have any browser shortcuts on my desktop. I do have Chrome pinned to the taskbar. I unpinned it and ran it from the Start Menu with the same results. I have always been running IE from the Start Menu. I tried running iexplore.exe directly and still got searchnut.com.

Thanks.
  • 0

#4
Essexboy
Posted 20 November 2012 - 02:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that cuts out the one area where it attaches itself

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#5
C0D3BR3AK
Posted 20 November 2012 - 02:25 PM

C0D3BR3AK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
The first time I ran it, it crashed IE and the desktop manager. I ran it again and it seemed to work. Here's the log. I checked and I'm still getting redirected to searchnut.com but at least some more adware is gone.

# AdwCleaner v2.008 - Logfile created 11/20/2012 at 15:13:49
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : SESA81379 - DJZJXN1-1
# Boot Mode : Normal
# Running from : C:\Users\SESA81379\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\SESA81379\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\SESA81379\AppData\Roaming\pdfforge

***** [Registry] *****

Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16443

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\SESA81379\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.iminent.com/", "ht[...]
Deleted [l.2403] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://search.iminent.com/", "hxxp:[...]

*************************

AdwCleaner[S2].txt - [1181 octets] - [20/11/2012 15:13:49]

########## EOF - C:\AdwCleaner[S2].txt - [1241 octets] ##########

Edited by C0D3BR3AK, 20 November 2012 - 02:26 PM.

  • 0

#6
Essexboy
Posted 20 November 2012 - 02:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I see you have run Combofix, could you post the log please. It should be at C:\combofix.txt

I would also like a quick look at the MBR as well

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.

  • 0

#7
C0D3BR3AK
Posted 20 November 2012 - 02:47 PM

C0D3BR3AK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here are the RogueKiller and ComboFix logs you requested.

Attached Files


  • 0

#8
Essexboy
Posted 20 November 2012 - 02:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now check out two registry keys for IE

  • Run OTL.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#9
C0D3BR3AK
Posted 20 November 2012 - 04:38 PM

C0D3BR3AK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I had someone take a look at my PC and he found that it wouldn't allow some of the temporary internet files to be deleted. He renamed the temporary internet files folder and now it seems to be OK. Maybe the final pieces of malware were hiding in there. Now, I don't get the searchnut.com pages, I am able to connect to my VPN again, and I haven't noticed the mouse hangups.

I ran the test you requested (zip includes otl.txt and extras.txt files, but extras file was not updated by this run of OTL) in case there's still something left to remove, but I hate to take up your time when the problem seems to be resolved. Thanks so much for your help!
  • 0

#10
Essexboy
Posted 20 November 2012 - 05:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem, I usually clear the temp files at first but there was no need at first to run OTL in the fix mode

I am quite happy to confirm that all is gone, but you forgot to attach the file :)
  • 0

#11
C0D3BR3AK
Posted 20 November 2012 - 05:46 PM

C0D3BR3AK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Oops...I think I chose it but didn't attach it.

Attached Files

  • Attached File  OTL.zip   40.37KB   76 downloads

  • 0

#12
Essexboy
Posted 21 November 2012 - 08:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That does look OK now, if there are no further problems I will help you tidy up

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#13
C0D3BR3AK
Posted 21 November 2012 - 03:24 PM

C0D3BR3AK

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I was just about to go through your cleanup steps when I noticed my browsers are showing searchnut.com pages whenever the page I want cannot be found, again. That was working correctly earlier today. I'm not sure what happened. :bashhead:
  • 0

#14
Essexboy
Posted 21 November 2012 - 04:21 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you have Chrome set for synchronisation ? If so it will restore the malware every time it synchs..

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

  • 0

#15
Essexboy
Posted 25 November 2012 - 07:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP