Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Agent


  • Please log in to reply
18 replies to this topic

#1 woodchip442

woodchip442

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 21 April 2012 - 09:04 AM

Some of the things going wrong.
winrscmde stopped working ( all the time)
TODO list keeps popping up
Microsoft© reg server stopped
Cumputer shuts down
C:\administrato\AppData\local\CDBD\prcdenbl.dll Mod counldnt be found
HTCVB server stopped
SED.DET stopped
Com Surrogate stopped

At the bottom is a esrt list.( It did not clean the files)
32 pop up windows mostly the TODO list

Thank You so much for your help.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 9:29:51 on 2012-04-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1809 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\.\globalroot\systemroot\svchost.exe
C:\Windows\SysWOW64\WerFault.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [CDDB] RUNDLL32.EXE C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll,DbiDRLoadDBObject
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-28 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-2-13 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253088]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-2-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-9-13 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-2-20 79360]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe --> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 9:37:25.97 ===============
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 9:29:51 on 2012-04-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1809 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\.\globalroot\systemroot\svchost.exe
C:\Windows\SysWOW64\WerFault.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [CDDB] RUNDLL32.EXE C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll,DbiDRLoadDBObject
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-28 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-2-13 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253088]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-2-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-9-13 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-2-20 79360]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe --> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 9:37:25.97 ===============

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Administrator at 9:29:51 on 2012-04-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1809 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wermgr.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\.\globalroot\systemroot\svchost.exe
C:\Windows\SysWOW64\WerFault.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.charter.net/google/index.php?q=
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No File
BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
TB: Charter Toolbar: {4e7bd74f-2b8d-469e-85ab-af21f3d9ae2f} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [CDDB] RUNDLL32.EXE C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll,DbiDRLoadDBObject
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Bing Bar] "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-28 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-4-1 450848]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-2-13 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 253088]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-6-13 40384]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-2-20 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-9-13 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2009-2-20 79360]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\system32\DRIVERS\HtcVComV64.sys --> C:\Windows\system32\DRIVERS\HtcVComV64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-5-25 43032]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe --> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 9:37:25.97 ===============

C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll a variant of Win32/Boaxxe.D trojan cleaned by deleting - quarantined
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W0V6MQZN\14[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Administrator\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111003082824393.rsc multiple threats deleted - quarantined

Attached Files



BC AdBot (Login to Remove)

 


#2 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 23 April 2012 - 06:22 AM

Hi,
I posted in the wrong forums. How do I move my page the the right page?


Thanks

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 26 April 2012 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#4 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 26 April 2012 - 02:03 PM

When I try ans run combofix I get Hidec.3xe stopped,grep.3xe stopped,freewarw reg.exe stopped,windows command processor stopped. When I run Security Check it runs but will not put anything in wordpad. Printer stopped printing. Can I throught this thing out the window?


Thanks Mark

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 27 April 2012 - 06:58 AM

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

although disabled these AV may be the cause of these messages from ComboFix.

Let see what I can find with this tool.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#6 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 27 April 2012 - 07:53 AM

OTL Extras logfile created on: 4/27/2012 8:23:34 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.49% Memory free
8.22 Gb Paging File | 5.17 Gb Available in Paging File | 62.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 325.24 Gb Free Space | 69.83% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 2E 4C DA 37 FB E8 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B05A880-9C8B-4E69-B8A8-AD324487029C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18F49F96-D2A5-4240-8AFB-0BFD2061D5FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{1D5F44EE-EFB5-4E3D-9A41-6D14ECD88E20}" = lport=445 | protocol=6 | dir=in | app=system |
"{2E161FAE-6F0C-4698-9F14-513B4246A0D5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3DFDC7C8-272E-4C5E-BC28-CE881EF7CE8D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B563A4D-DF7E-45D8-8E1F-4644954A4D62}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{60761A17-9DF1-476E-80BC-E124796981EB}" = lport=1723 | protocol=6 | dir=in | app=system |
"{62F7009A-A21D-439F-9A37-66BB50C492CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{63159044-02EC-4A9C-AD8B-A626CC2F9D67}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{675D4A9D-F04C-41AB-9FF5-E59E25FC7863}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{694044B9-87B1-4303-B96E-33DC16F7E402}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{758EBE6F-5D0D-473B-8C4E-A6C1F3E5F74B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{768551E7-BF8A-41DC-92AB-739871EC503B}" = rport=1701 | protocol=17 | dir=out | app=system |
"{78217E1D-3204-44C4-A382-4E2893893AD6}" = rport=138 | protocol=17 | dir=out | app=system |
"{7A99E74D-8D87-4308-9C3C-8E54A2BF68EB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{833FF4DA-75A9-42FA-A17F-AEA5FD7F8828}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9EC25662-B411-4374-B319-CEBA7B53C252}" = rport=137 | protocol=17 | dir=out | app=system |
"{ABD4650C-4049-4CF5-BD0E-7BFDA20388B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BDA99E5B-2F01-42AA-98A0-BD9907A31C24}" = lport=138 | protocol=17 | dir=in | app=system |
"{BFA74C42-FE0E-4730-B820-8D62DD1D8791}" = rport=139 | protocol=6 | dir=out | app=system |
"{C53ACE2D-883C-437D-9F09-B222CF0B15B1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{CD9BE3E9-5E98-4784-9E25-36401BCC988C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D3B846C2-806E-4879-9A06-F6AA735F0537}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4BBC64A-76F7-45E2-8EF7-859D8D935199}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D78A0C1A-0BDB-45B0-B9BA-F7B928049588}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB258E1A-0351-49C1-A54B-609E950D6075}" = lport=1701 | protocol=17 | dir=in | app=system |
"{DF8BD670-F4A6-4C4F-9C96-35C8C138D117}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E2C3D445-D844-4F2F-A4B2-E6C6A49ED8B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{E843E9F5-A39E-4584-940E-CD2E4FCCEC61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EAA8018E-BBFA-4BA1-8F3F-DFDE5795DF07}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{EE0126B3-3A46-4BA3-9999-443E13E8A0E3}" = rport=1723 | protocol=6 | dir=out | app=system |
"{EF25E3FE-080F-4762-BE9D-C0E2D861C1E8}" = rport=445 | protocol=6 | dir=out | app=system |
"{FBC3FD6D-7F3F-4E0F-9667-310CBE157237}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0578E9FD-BAD7-4326-B904-FFCDFC0891B0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{065CFBAA-2A2B-4C9A-8AFD-238293B84117}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{07321962-BE4D-4BFD-84CA-E47FBCA36771}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{0E945590-FE70-47C8-9BAB-F62FA2C108F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0FC1D8EC-A24A-4C28-A9A2-9785F67F4D3E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{10509AFE-3C38-4DFE-8BA3-5526EB170014}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{1D89A75A-B1DC-4AFA-8AB1-6B65741F7CCB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{21A755FB-5292-4690-BE5A-BAD0F83B6D1A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22D94506-B253-465B-B5FD-893DE698091A}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{34F6DEC4-8FD4-4E86-830A-8B39E21A36D1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{35787FA8-22C5-403B-B451-B3D423EB7F12}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3872EAB0-FF23-468E-9D92-4440F1F65730}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{38EDB4AB-15CA-4095-8692-04E934E8D629}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AD158A3-3A9F-43B1-A172-768D74C0FFD7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B1A583A-B458-4CA1-9AB3-EFE6044CA219}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{419893D7-35A3-452B-AEA8-CB2633DF6F6E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{48B90090-35E6-46E0-BAFD-3BB53C2CF410}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{497E06AF-2D0E-4D0D-964F-10A9C1E8BAAE}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{4F751C6A-0E58-4E43-9649-2801E8016DEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55E2E505-08BE-4FD1-969D-4437A554D385}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{650398E9-DED8-4144-A024-35DB19EB4DD1}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{6B047CFC-0358-4656-A73D-7FBC8B915CAC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{72A2295D-6CB7-47A6-AF28-4763546E9A75}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{730DEBAE-8284-4DF7-8960-695CAC2BEF94}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{74855295-D0AD-4093-8D5C-4CE46CFEF962}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75D51660-7125-4AED-B585-BACFEA09D248}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{793E74C4-29C9-49F9-82D6-9B6F903727BF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D9C40BB-CBA3-431B-9C7E-F20079A1521D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93B76E6A-9F8F-4738-82B7-C0A95B7ECEE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9836CD5F-3135-4418-9E49-B17ACDE8C034}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9FA2BA0E-02B8-4B2C-9E34-66E437DAC815}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{A2292E48-6807-4864-BE33-A550D9892B4A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A9663B35-0621-4EE6-986F-A56BF53E113F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE0696C2-4583-43B2-A4B3-BD67CA5D88A4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0405C14-3391-4D9E-9503-37C68F2E1D7F}" = protocol=6 | dir=out | app=system |
"{B805C2F1-4D5D-4C43-9230-F31CA5C4B9DC}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B80853EF-2045-44AD-8CAF-4F50B64D4EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{B9E7E22C-F522-4DF7-9485-95A31B656080}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C13B8A4A-D89C-4795-86DF-1E44CBB527D4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{C4792BF7-869A-4FDE-8F44-D559808C6064}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C554BA86-172B-46FC-8443-A772AE8FFFED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6605D5C-0B0F-4207-B91A-379770330745}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CEFF3D28-570E-4833-964C-9B59A67C4970}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{D1402EBB-7B0E-44CD-A68A-CEAE16BA4A36}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0AEF0F1-5FCE-476A-BFC7-4562E5572973}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E202D339-F781-47CE-B6F2-44DF2E8C9C7E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E2FDE584-B4CC-4A76-BE30-B60766EDA5D7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E56AA5EA-8341-4E21-9918-62CCC16A925F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8871627-3401-408C-BB42-FAA63616F705}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{EE071898-ADBA-4D1E-9B9A-F4A7D6638632}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EFC425D0-3320-4327-96A5-723578B0CAB4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F04610D5-C035-4319-A6CF-9577854614E6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{625E8149-24E5-49C6-A0A3-1FBF8DDA6E34}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"TCP Query User{83104317-2002-4A44-A54A-D6055A926D9F}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E94FDC76-A6E6-4278-968C-0027D7376313}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{151E6CC5-BC8C-43DB-8740-49AA9AE2AEA0}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{82ECE4DE-CE2E-441B-A274-FAC472C0E88B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
"UDP Query User{D376DD67-8727-4029-B2BE-AEC617AA12CE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{44C05FED-4BA8-4C65-A39D-FA83451E6ACB}" = AVG 2012
"{5349A735-7482-406F-9FE4-3BB24608479D}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87AEED05-C717-47bc-93BB-F8E527D2690F}" = Canon D400-450
"{88381CA0-AB27-45B5-8BB8-E68987822AF8}" = AVG 2012
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{11E0AC7D-6822-4F67-865F-EE1C13D28C38}" = QuickBooks Pro 2011
"{1D70AABC-CB59-4700-A708-EA56D1CA07B0}" = QuickBooks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 24
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53E2DCBB-E6F7-4C83-B1EF-F78435B9814E}" = Sound Blaster X-Fi Xtreme Audio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf12
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{85195381-0426-4715-8D25-E21B9457FC00}" = Ad-Aware
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3CF41F1-0373-4DD7-BE99-F33B00E51033}" = Nero 7 Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF3C503-946E-45EA-B347-EACC41781989}" = W Photo Studio
"{D42AA29E-653A-4221-860C-07F0C5341AF7}" = Preferred Lot Manager
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio Control Panel
"avast5" = avast! Free Antivirus
"chartertoolbar" = Charter Toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HTC_WModemDriver" = WModem Driver Installer
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PM FASTrack v6" = PM FASTrack v6
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"WaveStudio 7" = Creative WaveStudio 7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Charter Browser Updater" = Charter Browser Updater

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6/11/2010 9:20:23 AM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/12/2010 3:04:18 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/12/2010 3:09:01 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/12/2010 3:23:16 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/12/2010 4:13:46 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/12/2010 9:32:03 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/12/2010 9:32:04 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/13/2010 8:43:21 AM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/13/2010 4:52:51 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

Error - 6/13/2010 4:52:53 PM | Computer Name = USER-PC | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 4/20/2012 7:59:26 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x117c, application
start time 0x01cd1f519d7f976b.

Error - 4/20/2012 7:59:39 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x788, application
start time 0x01cd1f51a5613a84.

Error - 4/20/2012 7:59:52 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x104c, application
start time 0x01cd1f51ad3c4f41.

Error - 4/20/2012 8:00:05 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x14f4, application
start time 0x01cd1f51b51f2382.

Error - 4/20/2012 8:00:18 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x156c, application
start time 0x01cd1f51bd085ffa.

Error - 4/20/2012 8:00:32 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x2f4, application
start time 0x01cd1f51c4e7a0c3.

Error - 4/20/2012 8:00:45 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1448, application
start time 0x01cd1f51ccd090f1.

Error - 4/20/2012 8:00:58 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x1224, application
start time 0x01cd1f51d4ac181d.

Error - 4/20/2012 8:01:11 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0x540, application
start time 0x01cd1f51dc8c3dc4.

Error - 4/20/2012 8:01:24 PM | Computer Name = USER-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918d1f, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
exception code 0xc0000005, fault offset 0x0001da22, process id 0xc34, application
start time 0x01cd1f51e468a9ce.

[ OSession Events ]
Error - 4/22/2012 4:11:04 PM | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 290
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/26/2012 7:18:03 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/26/2012 8:18:03 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/26/2012 8:18:03 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/26/2012 9:16:10 AM | Computer Name = USER-PC | Source = DCOM | ID = 10010
Description =

Error - 4/26/2012 12:47:11 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/26/2012 12:47:11 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/26/2012 2:48:05 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/26/2012 2:48:05 PM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/27/2012 7:18:00 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/27/2012 7:18:00 AM | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
OTL logfile created on: 4/27/2012 8:23:34 AM - Run 1
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 47.49% Memory free
8.22 Gb Paging File | 5.17 Gb Available in Paging File | 62.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 325.24 Gb Free Space | 69.83% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBHelp.exe (Intuit, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (CrypKey License) -- C:\Windows\SysNative\crypserv.exe (CrypKey (Canada) Ltd.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\ckldrv.sys ()
DRV:64bit: - (HtcVCom32) -- C:\Windows\SysNative\DRIVERS\HtcVComV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (HtcUsbMdmV64) -- C:\Windows\SysNative\DRIVERS\HtcUsbMdmV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0DA39010-CEDA-4003-A0BF-BC1F4D712B08}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{BE0D7700-4DA0-4791-8527-C05915B8B3BB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/05/04 20:38:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/03 08:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/13 08:08:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CDDB] RUNDLL32.EXE C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll,DbiDRLoadDBObject File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{484974FF-E74F-4E2E-8EC7-45D60B2FBF63}: DhcpNameServer = 192.168.17.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\Late 2011\PA191906.JPG
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\Late 2011\PA191906.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f3c437c-382d-11e0-8d06-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{0f3c437c-382d-11e0-8d06-002185c46500}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{3548e3a1-3b95-11e0-81c0-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{3548e3a1-3b95-11e0-81c0-002185c46500}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{61717e23-7a56-11e0-8d24-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{61717e23-7a56-11e0-8d24-002185c46500}\Shell\AutoRun\command - "" = E:\PWLaunch.exe
O33 - MountPoints2\{f8a04df5-5a3d-11e0-8119-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{f8a04df5-5a3d-11e0-8119-002185c46500}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 08:21:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/04/26 14:58:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/26 14:58:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/26 14:57:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/26 14:56:13 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/04/26 14:53:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/24 07:24:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/04/23 21:30:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/04/23 21:16:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/22 16:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2012/04/21 09:26:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/04/20 13:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/20 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2012/04/20 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/04/20 11:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/04/20 11:51:30 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 11:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/19 21:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/04/19 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\ToolBox_4911mf12_Win_EN
[2012/04/19 21:02:59 | 000,066,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNAS0MMK.DLL
[2012/04/19 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\D420_MFDrivers_Win_x64_us_EN7
[2012/04/19 20:02:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\WebPostTools
[2012/04/19 19:09:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/04/19 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/04/19 19:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/19 19:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/19 19:08:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/19 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/19 18:36:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/19 08:13:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/19 08:13:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/19 08:12:59 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/19 08:12:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/19 08:12:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/19 08:12:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/19 08:12:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/19 08:12:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/19 08:12:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/19 08:12:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/19 08:12:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/19 08:10:20 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/19 08:10:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/19 08:10:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/16 15:52:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2012/04/16 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CDDB
[2012/04/14 10:02:33 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/08 15:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 15:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 15:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/07 10:27:01 | 054,215,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/04/07 09:59:10 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/04/07 09:59:10 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/07 09:59:10 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/04/07 09:59:09 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/07 09:59:09 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/07 09:59:08 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/07 09:59:08 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/07 09:59:07 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/07 09:59:05 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/04/07 09:59:05 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/04/05 09:24:30 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 08:21:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/04/27 08:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 07:12:32 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 07:12:32 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 18:14:51 | 096,333,007 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/26 14:56:21 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/04/26 14:35:18 | 000,879,714 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2012/04/26 07:11:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 07:11:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/25 18:12:19 | 000,692,953 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/25 14:31:50 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/25 12:59:45 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/04/25 12:48:45 | 511,997,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/23 21:36:50 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/04/23 21:30:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/04/23 21:16:47 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/23 21:05:41 | 000,869,194 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe.p9ku3p0.partial
[2012/04/23 11:10:28 | 000,106,522 | ---- | M] () -- C:\Users\Administrator\Desktop\closeout_18956_7.pdf
[2012/04/23 06:51:55 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/23 06:51:55 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/04/21 19:14:50 | 000,002,341 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/21 09:26:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/04/21 09:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012/04/19 21:18:53 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2012/04/19 21:18:15 | 006,261,592 | ---- | M] () -- C:\Users\Administrator\Desktop\ToolBox_4911mf12_Win_EN.exe
[2012/04/19 21:08:01 | 020,398,080 | ---- | M] () -- C:\Users\Administrator\Desktop\MF4350_MFDrivers_Win_x64_us_EN-7.exe
[2012/04/19 21:02:25 | 014,622,720 | ---- | M] () -- C:\Users\Administrator\Desktop\D420_MFDrivers_Win_x64_us_EN7.exe
[2012/04/19 20:10:40 | 000,000,036 | ---- | M] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/04/19 19:58:00 | 012,955,610 | ---- | M] () -- C:\Users\Administrator\Desktop\WPTools.zip
[2012/04/19 19:08:48 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 10:07:17 | 000,821,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/19 10:07:17 | 000,675,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/19 10:07:17 | 000,132,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/19 08:10:16 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/16 15:52:27 | 000,025,773 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2012/04/15 16:58:01 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/15 16:58:01 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/15 16:57:27 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/14 10:02:43 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 10:02:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 10:02:34 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 11:23:46 | 000,314,641 | ---- | M] () -- C:\Users\Administrator\Desktop\Trailblazer title.pdf
[2012/04/08 15:11:14 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/08 15:09:21 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/07 10:15:12 | 000,401,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/30 11:19:42 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Preferred Lot Manager.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/26 14:34:53 | 000,879,714 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2012/04/24 07:17:23 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/04/23 21:36:50 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/04/23 21:04:46 | 000,869,194 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe.p9ku3p0.partial
[2012/04/23 11:10:28 | 000,106,522 | ---- | C] () -- C:\Users\Administrator\Desktop\closeout_18956_7.pdf
[2012/04/21 09:23:58 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012/04/20 11:26:59 | 511,997,700 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 21:18:53 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2012/04/19 21:18:15 | 006,261,592 | ---- | C] () -- C:\Users\Administrator\Desktop\ToolBox_4911mf12_Win_EN.exe
[2012/04/19 21:08:01 | 020,398,080 | ---- | C] () -- C:\Users\Administrator\Desktop\MF4350_MFDrivers_Win_x64_us_EN-7.exe
[2012/04/19 21:02:25 | 014,622,720 | ---- | C] () -- C:\Users\Administrator\Desktop\D420_MFDrivers_Win_x64_us_EN7.exe
[2012/04/19 20:10:40 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/04/19 20:08:04 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2012/04/19 19:57:59 | 012,955,610 | ---- | C] () -- C:\Users\Administrator\Desktop\WPTools.zip
[2012/04/19 19:08:48 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 08:10:16 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/16 15:52:27 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2012/04/13 11:23:46 | 000,314,641 | ---- | C] () -- C:\Users\Administrator\Desktop\Trailblazer title.pdf
[2012/04/08 15:09:21 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 09:24:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/20 16:34:46 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/26 20:02:54 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/09/26 20:02:33 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/09/26 20:02:33 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/11 10:51:46 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/04 15:56:14 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/10/05 19:39:23 | 000,018,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 09:22:40 | 000,002,105 | ---- | C] () -- C:\Windows\checkip.dat
[2010/09/12 09:20:46 | 000,002,973 | ---- | C] () -- C:\Windows\ipconfig.dat
[2010/07/13 13:41:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/09 09:24:01 | 000,000,639 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

========== LOP Check ==========

[2011/10/03 08:28:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG
[2011/10/02 09:50:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/04/20 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2010/11/18 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GARMIN
[2012/02/13 10:38:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010/01/17 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2009/02/26 19:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/02/28 13:17:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012/04/16 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011/04/27 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RegistryKeys
[2011/02/14 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Smith Micro
[2012/04/20 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/03/27 08:30:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teleca
[2011/01/09 15:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\W Photo Studio
[2011/01/09 14:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\W Photo Studio Viewer
[2009/09/06 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Walgreens
[2010/12/02 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ytdi
[2012/04/25 12:59:45 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/04/25 09:09:28 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2009/11/20 10:48:01 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-1000\desktop.ini
[2012/04/23 19:14:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$I0G9NJ8.url
[2012/04/23 15:53:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$I3J7IU6.url
[2012/04/23 15:53:29 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$IFLCAIN.url
[2012/04/23 16:31:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$IHU0XDK.url
[2012/04/23 15:53:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$IJB35LY.url
[2009/02/22 10:07:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$ILAMFQH.zip
[2012/04/23 16:31:34 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$IM0J1HI.url
[2012/04/26 14:55:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$IOK2OEP.exe
[2012/04/23 15:53:35 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$ISW83H9.url
[2012/04/23 19:15:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$IVW5NVJ.url
[2012/04/19 20:15:01 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$R0G9NJ8.url
[2012/04/19 20:15:00 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$R3J7IU6.url
[2012/04/19 20:15:01 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$RFLCAIN.url
[2012/04/19 20:15:01 | 000,000,261 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$RHU0XDK.url
[2012/04/19 20:15:01 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$RJB35LY.url
[2012/04/19 20:15:01 | 000,000,238 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$RM0J1HI.url
[2012/04/26 14:30:03 | 004,477,246 | R--- | M] (Swearware) -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$ROK2OEP.exe
[2012/04/19 20:15:00 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$RSW83H9.url
[2012/04/19 20:15:01 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\$RVW5NVJ.url
[2009/01/28 03:49:03 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-1970889631-2844708747-3082358778-500\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009/04/11 02:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008/01/20 22:50:26 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2009/04/11 03:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\SysNative\autochk.exe
[2009/04/11 03:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008/01/20 22:49:38 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008/10/29 02:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 03:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008/10/27 22:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008/10/29 02:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/10/30 01:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008/01/20 22:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 22:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: IASTORV.SYS >
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009/02/13 03:24:13 | 001,233,920 | ---- | M] (Microsoft Corporation) MD5=08E8EF6A8D18BD1D89896903DCD103D2 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_ee74eaec2aa8523e\kernel32.dll
[2008/01/20 22:48:14 | 001,213,952 | ---- | M] (Microsoft Corporation) MD5=1122C8BE4BC4F392598A9543DC1014E0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_efdc80c50ea8f9e4\kernel32.dll
[2009/02/13 03:47:27 | 001,233,408 | ---- | M] (Microsoft Corporation) MD5=1A5CE3CDE414ED758D4E1616F422C20B -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_ede0a61311929b23\kernel32.dll
[2009/02/13 04:19:50 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=1B5BE39A927C36B3162ADA23B6CA001E -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_fa751df65c5ab198\kernel32.dll
[2009/02/13 04:54:16 | 001,210,880 | ---- | M] (Microsoft Corporation) MD5=2EEE45C483BA534A84CACC9D8001FE0E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_f02073a427f9ef9d\kernel32.dll
[2009/02/13 03:16:20 | 000,841,216 | ---- | M] (Microsoft Corporation) MD5=4118366CDDA655F8AEDB20CD03DEBAE9 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_f8c9953e5f091439\kernel32.dll
[2009/02/13 03:25:34 | 000,840,704 | ---- | M] (Microsoft Corporation) MD5=444A00544B4EDFEDD8FCCD281EDE3ED4 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_f835506545f35d1e\kernel32.dll
[2008/01/20 22:48:58 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=799EEDF377F3B72DB30192AD9FD3C7F3 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_fa312b174309bbdf\kernel32.dll
[2009/02/13 04:57:39 | 001,208,832 | ---- | M] (Microsoft Corporation) MD5=8331C9E592358DE5157169699BD836D7 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_efd6b6170eac8ed6\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\SysNative\kernel32.dll
[2009/04/11 03:11:15 | 001,217,536 | ---- | M] (Microsoft Corporation) MD5=A1489655AB04BBB5290C3FC274D33E57 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_f1c7f9d10bcac530\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\SysWOW64\kernel32.dll
[2009/04/11 02:26:44 | 000,858,112 | ---- | M] (Microsoft Corporation) MD5=A5830F679B5B38AE9700A72087178745 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_fc1ca423402b872b\kernel32.dll
[2009/02/13 04:47:47 | 000,855,552 | ---- | M] (Microsoft Corporation) MD5=D4902D1DC60CB71197EFE4474A582841 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_fa2b6069430d50d1\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2008/01/20 22:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 02:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 22:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 03:11:16 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NDIS.SYS >
[2008/01/20 22:50:38 | 000,739,384 | ---- | M] (Microsoft Corporation) MD5=2A2EE457AF36C5C9A6808C768BD3A12B -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_03e5c74ad46c7e4e\ndis.sys
[2009/04/11 03:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\SysNative\drivers\ndis.sys
[2009/04/11 03:15:34 | 000,738,264 | ---- | M] (Microsoft Corporation) MD5=65950E07329FCEE8E6516B17C8D0ABB6 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_05d14056d18e499a\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

< MD5 for: NTFS.SYS >
[2009/04/11 03:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\SysNative\drivers\ntfs.sys
[2009/04/11 03:15:34 | 001,515,496 | ---- | M] (Microsoft Corporation) MD5=BAC869DFB98E499BA4D9BB1FB43270E1 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_047b3e4cd26ad615\ntfs.sys
[2008/01/20 22:50:39 | 001,540,152 | ---- | M] (Microsoft Corporation) MD5=FE86BA5AC3B50E2CA911E9C60C07B638 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_028fc540d5490ac9\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2008/01/20 22:52:05 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=96E310EC2BB1FC55FA4D32839AA990A2 -- C:\Windows\winsxs\amd64_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_6a5ccd73c670213d\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006/11/02 07:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\SysNative\proquota.exe
[2006/11/02 07:16:03 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=98559F204D7547D50176CEE965B623A1 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_81aed15f4dd7884b\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\SysWOW64\proquota.exe
[2006/11/02 05:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\SysNative\qmgr.dll
[2009/04/11 03:11:22 | 001,081,856 | ---- | M] (Microsoft Corporation) MD5=6D316F4859634071CC25C4FD4589AD2C -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_819ad97caef1480e\qmgr.dll
[2008/01/20 22:50:12 | 001,082,368 | ---- | M] (Microsoft Corporation) MD5=D896A0D43F8AB81ECB1FC6C24DECFD58 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_7faf6070b1cf7cc2\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/17 10:54:44 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=439017BE66398AB809D81B3AE8393883 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_34a17b8490538c82\spoolsv.exe
[2010/08/17 10:02:18 | 000,270,848 | ---- | M] (Microsoft Corporation) MD5=7F59AA690212241B398D6DBE4071EE3C -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_32cba802932180c9\spoolsv.exe
[2010/08/17 10:04:48 | 000,267,776 | ---- | M] (Microsoft Corporation) MD5=92E6738D25C2123BE9515C0EAC0776CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_3260788179ed5d57\spoolsv.exe
[2008/01/20 22:49:35 | 000,267,264 | ---- | M] (Microsoft Corporation) MD5=E6519A9E756D74DC51C697BA62162F51 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_326a3ea579e6364c\spoolsv.exe
[2009/04/11 03:10:56 | 000,268,288 | ---- | M] (Microsoft Corporation) MD5=EADA445EAEDD1D7DF4C5EB42B3612729 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_3455b7b177080198\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\SysNative\spoolsv.exe
[2010/08/17 10:54:20 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=F66FF751E7EFC816D266977939EF5DC3 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_33f36be77751de08\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 22:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/20 22:48:44 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=8F26CCF26436315033192266A7135FF5 -- C:\Windows\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009/04/11 03:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\SysNative\termsrv.dll
[2009/04/11 03:11:26 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=5CDD30BC217082DAC71A9878D9BFD566 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_eca9565809c353e4\termsrv.dll
[2008/01/20 22:48:12 | 000,546,816 | ---- | M] (Microsoft Corporation) MD5=F870A5589D6A94B426EFB13689023946 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_eabddd4c0ca18898\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 22:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 22:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D44D0CA3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

Thank You so much for your time. A window pop up and said Access violatation at address763ce124 in module 'kernel 32.dll' read of FFFFFFFF

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 27 April 2012 - 09:54 AM

A window pop up and said Access violatation at address763ce124 in module 'kernel 32.dll' read of FFFFFFFF

When did you get this message?

Run OTL - Double-click OTL.exe Posted Image to start it.

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - File not found
    O4 - HKCU..\Run: [CDDB] RUNDLL32.EXE C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll,DbiDRLoadDBObject File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D44D0CA3
    @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
====


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please let me know what problem persists.

#8 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 27 April 2012 - 10:06 AM

The window pop up at the end.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 27 April 2012 - 10:10 AM

Execute my previous instructions and let me know if the problem persists.

#10 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 27 April 2012 - 10:17 AM

Onthe otl scan it says PRC file not found. Not Responding. Will try to run eset now.

#11 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 27 April 2012 - 01:40 PM

I did as you asked. I posted the new results below. I ran ESET no problem found. I ran Malwarebytes it found Trojen Agent. After I rebooted these two files popped up. I will post below.

Again Thank You for your time.


OTL logfile created on: 4/27/2012 1:57:48 PM - Run 2
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 56.88% Memory free
8.18 Gb Paging File | 5.68 Gb Available in Paging File | 69.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 325.02 Gb Free Space | 69.78% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\SDL.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LvApi11\LvApi11.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll ()
MOD - C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll ()
MOD - C:\Program Files (x86)\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV:64bit: - (CrypKey License) -- C:\Windows\SysNative\crypserv.exe (CrypKey (Canada) Ltd.)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (LVUVC64) Logitech Webcam 500(UVC) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\AVGIDSFilter.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\AVGIDSDriver.Sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (NetworkX) -- C:\Windows\SysNative\ckldrv.sys ()
DRV:64bit: - (HtcVCom32) -- C:\Windows\SysNative\DRIVERS\HtcVComV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (HtcUsbMdmV64) -- C:\Windows\SysNative\DRIVERS\HtcUsbMdmV64.sys (QUALCOMM Incorporated)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (SMSIVZAM5X64) -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys (Smith Micro Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.charter.net/google/index.php?q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0DA39010-CEDA-4003-A0BF-BC1F4D712B08}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{BE0D7700-4DA0-4791-8527-C05915B8B3BB}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/05/04 20:38:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/03 08:37:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/13 08:08:14 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL File not found
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Charter Toolbar) - {4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - C:\PROGRA~2\CHARTE~1\CHARTE~1.DLL File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [CDDB] RUNDLL32.EXE C:\Users\Administrator\AppData\Local\CDDB\prcdenbl.dll,DbiDRLoadDBObject File not found
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.17.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{484974FF-E74F-4E2E-8EC7-45D60B2FBF63}: DhcpNameServer = 192.168.17.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb4 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\intu-help-qb4 {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administrator\Pictures\Late 2011\PA191906.JPG
O24 - Desktop BackupWallPaper: C:\Users\Administrator\Pictures\Late 2011\PA191906.JPG
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0f3c437c-382d-11e0-8d06-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{0f3c437c-382d-11e0-8d06-002185c46500}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{3548e3a1-3b95-11e0-81c0-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{3548e3a1-3b95-11e0-81c0-002185c46500}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O33 - MountPoints2\{61717e23-7a56-11e0-8d24-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{61717e23-7a56-11e0-8d24-002185c46500}\Shell\AutoRun\command - "" = E:\PWLaunch.exe
O33 - MountPoints2\{f8a04df5-5a3d-11e0-8119-002185c46500}\Shell - "" = AutoRun
O33 - MountPoints2\{f8a04df5-5a3d-11e0-8119-002185c46500}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/27 11:08:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/27 08:21:31 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/04/26 14:58:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/26 14:58:33 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/26 14:57:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/26 14:56:13 | 004,477,246 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/04/26 14:53:37 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/24 07:24:37 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2012/04/23 21:30:33 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/04/23 21:16:46 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/22 16:13:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apps
[2012/04/21 09:26:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/04/20 13:10:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/04/20 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2012/04/20 11:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2012/04/20 11:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/04/20 11:51:30 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/04/20 11:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/04/19 21:18:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/04/19 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\ToolBox_4911mf12_Win_EN
[2012/04/19 21:02:59 | 000,066,048 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNAS0MMK.DLL
[2012/04/19 21:02:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\D420_MFDrivers_Win_x64_us_EN7
[2012/04/19 20:02:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\WebPostTools
[2012/04/19 19:09:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/04/19 19:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/04/19 19:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/19 19:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/19 19:08:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/19 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/19 18:36:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/19 08:13:00 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/19 08:13:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/19 08:12:59 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/19 08:12:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/19 08:12:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/19 08:12:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/19 08:12:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/19 08:12:58 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/19 08:12:58 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/19 08:12:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/19 08:12:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/19 08:10:20 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/19 08:10:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/19 08:10:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/16 15:52:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2012/04/16 13:37:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CDDB
[2012/04/14 10:02:33 | 008,766,112 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/08 15:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 15:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 15:08:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/07 10:27:01 | 054,215,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/04/07 09:59:10 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/04/07 09:59:10 | 001,555,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/04/07 09:59:10 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/04/07 09:59:09 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/04/07 09:59:09 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/04/07 09:59:08 | 001,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/04/07 09:59:08 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/04/07 09:59:07 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/04/07 09:59:05 | 000,708,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpencom.dll
[2012/04/07 09:59:05 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpencom.dll
[2012/04/05 09:24:30 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/27 13:51:43 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/27 13:51:43 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/04/27 13:50:09 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/04/27 13:48:57 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 13:48:57 | 000,003,840 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/27 13:48:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/27 13:48:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/04/27 13:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/27 09:05:32 | 096,364,059 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/27 08:21:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/04/26 14:56:21 | 004,477,246 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/04/26 14:35:18 | 000,879,714 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2012/04/25 18:12:19 | 000,692,953 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/25 14:31:50 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/25 12:48:45 | 511,997,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/23 21:36:50 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/04/23 21:30:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2012/04/23 21:16:47 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/23 21:05:41 | 000,869,194 | ---- | M] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe.p9ku3p0.partial
[2012/04/23 11:10:28 | 000,106,522 | ---- | M] () -- C:\Users\Administrator\Desktop\closeout_18956_7.pdf
[2012/04/21 19:14:50 | 000,002,341 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/04/21 09:26:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\dds.scr
[2012/04/21 09:23:58 | 000,000,000 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2012/04/19 21:18:53 | 000,001,907 | ---- | M] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2012/04/19 21:18:15 | 006,261,592 | ---- | M] () -- C:\Users\Administrator\Desktop\ToolBox_4911mf12_Win_EN.exe
[2012/04/19 21:08:01 | 020,398,080 | ---- | M] () -- C:\Users\Administrator\Desktop\MF4350_MFDrivers_Win_x64_us_EN-7.exe
[2012/04/19 21:02:25 | 014,622,720 | ---- | M] () -- C:\Users\Administrator\Desktop\D420_MFDrivers_Win_x64_us_EN7.exe
[2012/04/19 20:10:40 | 000,000,036 | ---- | M] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/04/19 19:58:00 | 012,955,610 | ---- | M] () -- C:\Users\Administrator\Desktop\WPTools.zip
[2012/04/19 19:08:48 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 10:07:17 | 000,821,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/19 10:07:17 | 000,675,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/19 10:07:17 | 000,132,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/19 08:10:16 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/04/16 15:52:27 | 000,025,773 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2012/04/15 16:58:01 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/04/15 16:58:01 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/04/15 16:57:27 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/04/14 10:02:43 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 10:02:43 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 10:02:34 | 008,766,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/13 11:23:46 | 000,314,641 | ---- | M] () -- C:\Users\Administrator\Desktop\Trailblazer title.pdf
[2012/04/08 15:11:14 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/04/08 15:09:21 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/07 10:15:12 | 000,401,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/30 11:19:42 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Preferred Lot Manager.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/26 14:34:53 | 000,879,714 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe
[2012/04/24 07:17:23 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/04/23 21:36:50 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2012/04/23 21:04:46 | 000,869,194 | ---- | C] () -- C:\Users\Administrator\Desktop\SecurityCheck.exe.p9ku3p0.partial
[2012/04/23 11:10:28 | 000,106,522 | ---- | C] () -- C:\Users\Administrator\Desktop\closeout_18956_7.pdf
[2012/04/21 09:23:58 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2012/04/20 11:26:59 | 511,997,700 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/19 21:18:53 | 000,001,907 | ---- | C] () -- C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
[2012/04/19 21:18:15 | 006,261,592 | ---- | C] () -- C:\Users\Administrator\Desktop\ToolBox_4911mf12_Win_EN.exe
[2012/04/19 21:08:01 | 020,398,080 | ---- | C] () -- C:\Users\Administrator\Desktop\MF4350_MFDrivers_Win_x64_us_EN-7.exe
[2012/04/19 21:02:25 | 014,622,720 | ---- | C] () -- C:\Users\Administrator\Desktop\D420_MFDrivers_Win_x64_us_EN7.exe
[2012/04/19 20:10:40 | 000,000,036 | ---- | C] () -- C:\Users\Administrator\AppData\Local\housecall.guid.cache
[2012/04/19 20:08:04 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2012/04/19 19:57:59 | 012,955,610 | ---- | C] () -- C:\Users\Administrator\Desktop\WPTools.zip
[2012/04/19 19:08:48 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/19 08:10:16 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/04/16 15:52:27 | 000,025,773 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\UserTile.png
[2012/04/13 11:23:46 | 000,314,641 | ---- | C] () -- C:\Users\Administrator\Desktop\Trailblazer title.pdf
[2012/04/08 15:09:21 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/05 09:24:31 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/20 16:34:46 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/09/26 20:02:54 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2011/09/26 20:02:33 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/09/26 20:02:33 | 000,000,054 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/07/11 10:51:46 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/01/04 15:56:14 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2010/10/05 19:39:23 | 000,018,432 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 09:22:40 | 000,002,105 | ---- | C] () -- C:\Windows\checkip.dat
[2010/09/12 09:20:46 | 000,002,973 | ---- | C] () -- C:\Windows\ipconfig.dat
[2010/07/13 13:41:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/05/09 09:24:01 | 000,000,639 | ---- | C] () -- C:\ProgramData\nvUnsupRes.dat

========== LOP Check ==========

[2011/10/03 08:28:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG
[2011/10/02 09:50:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/04/20 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverCure
[2010/11/18 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GARMIN
[2012/02/13 10:38:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\GetRightToGo
[2010/01/17 15:11:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2009/02/26 19:07:11 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2012/02/28 13:17:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Origin
[2012/04/16 15:52:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\PeerNetworking
[2011/04/27 16:57:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RegistryKeys
[2011/02/14 18:49:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Smith Micro
[2012/04/20 11:56:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SpeedMaxPc
[2011/03/27 08:30:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Teleca
[2011/01/09 15:21:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\W Photo Studio
[2011/01/09 14:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\W Photo Studio Viewer
[2009/09/06 08:57:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Walgreens
[2010/12/02 14:22:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ytdi
[2012/04/27 13:50:09 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/04/27 13:47:16 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:D44D0CA3
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
New file #1

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

New File #2

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 28 April 2012 - 08:18 AM

Are you referring to these files?

New file #1

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

New File #2

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799


imageres.dll is a .dll file used to add Icons to your folders etc.

Are you having difficulties in this area?
===

Please run these tool.


Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Before you post the logs please try to run ComboFix and post the log if you can.

Please post the logs for my review.

#13 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 28 April 2012 - 03:11 PM

Here are two of the logs you asked for. I will run ComboFix. Im sorry but how do I attach MBR.dat file

Mark

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-28 15:36:40
-----------------------------
15:36:40.126 OS Version: Windows x64 6.0.6002 Service Pack 2
15:36:40.126 Number of processors: 4 586 0x1707
15:36:40.127 ComputerName: USER-PC UserName:
15:36:41.914 Initialize success
15:36:42.194 AVAST engine defs: 10063001
15:36:45.719 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
15:36:45.721 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3
15:36:45.726 Disk 0 MBR read successfully
15:36:45.729 Disk 0 MBR scan
15:36:45.938 Disk 0 Windows VISTA default MBR code
15:36:45.945 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476938 MB offset 2048
15:36:46.330 Disk 0 scanning C:\Windows\system32\drivers
15:36:56.664 Service scanning
15:37:02.139 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
15:37:13.214 Modules scanning
15:37:13.219 Disk 0 trace - called modules:
15:37:13.228 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:37:13.232 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800604d4c0]
15:37:13.236 3 CLASSPNP.SYS[fffffa6000fcfc33] -> nt!IofCallDriver -> [0xfffffa8004c1b520]
15:37:13.240 5 acpi.sys[fffffa60008fefde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8004c17590]
15:37:14.006 AVAST engine scan C:\Windows
15:37:16.756 AVAST engine scan C:\Windows\system32
15:40:39.606 AVAST engine scan C:\Windows\system32\drivers
15:40:55.703 AVAST engine scan C:\Users\Administrator
15:45:37.065 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
15:45:37.104 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"
15:46:09.440 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
15:46:09.444 The log file has been saved successfully to "C:\Users\Administrator\Desktop\here.txt"


11:23:02.0881 1492 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
11:23:03.0244 1492 ============================================================
11:23:03.0244 1492 Current date / time: 2012/04/28 11:23:03.0244
11:23:03.0244 1492 SystemInfo:
11:23:03.0244 1492
11:23:03.0244 1492 OS Version: 6.0.6002 ServicePack: 2.0
11:23:03.0244 1492 Product type: Workstation
11:23:03.0244 1492 ComputerName: USER-PC
11:23:03.0244 1492 UserName: Administrator
11:23:03.0244 1492 Windows directory: C:\Windows
11:23:03.0244 1492 System windows directory: C:\Windows
11:23:03.0244 1492 Running under WOW64
11:23:03.0244 1492 Processor architecture: Intel x64
11:23:03.0244 1492 Number of processors: 4
11:23:03.0244 1492 Page size: 0x1000
11:23:03.0244 1492 Boot type: Normal boot
11:23:03.0244 1492 ============================================================
11:23:04.0206 1492 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:23:04.0213 1492 ============================================================
11:23:04.0213 1492 \Device\Harddisk0\DR0:
11:23:04.0223 1492 MBR partitions:
11:23:04.0223 1492 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
11:23:04.0223 1492 ============================================================
11:23:04.0299 1492 C: <-> \Device\Harddisk0\DR0\Partition0
11:23:04.0299 1492 ============================================================
11:23:04.0299 1492 Initialize success
11:23:04.0299 1492 ============================================================
11:23:07.0580 4456 ============================================================
11:23:07.0580 4456 Scan started
11:23:07.0580 4456 Mode: Manual;
11:23:07.0580 4456 ============================================================
11:23:09.0335 4456 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
11:23:09.0339 4456 ACPI - ok
11:23:09.0456 4456 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:23:09.0458 4456 AdobeARMservice - ok
11:23:10.0170 4456 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:23:10.0172 4456 AdobeFlashPlayerUpdateSvc - ok
11:23:10.0244 4456 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
11:23:10.0250 4456 adp94xx - ok
11:23:10.0267 4456 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
11:23:10.0271 4456 adpahci - ok
11:23:10.0287 4456 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
11:23:10.0290 4456 adpu160m - ok
11:23:10.0301 4456 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
11:23:10.0304 4456 adpu320 - ok
11:23:10.0342 4456 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
11:23:10.0343 4456 AeLookupSvc - ok
11:23:10.0394 4456 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
11:23:10.0399 4456 AFD - ok
11:23:10.0441 4456 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
11:23:10.0442 4456 agp440 - ok
11:23:10.0472 4456 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
11:23:10.0474 4456 aic78xx - ok
11:23:10.0485 4456 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
11:23:10.0487 4456 ALG - ok
11:23:10.0499 4456 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
11:23:10.0500 4456 aliide - ok
11:23:10.0508 4456 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
11:23:10.0509 4456 amdide - ok
11:23:10.0524 4456 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
11:23:10.0525 4456 AmdK8 - ok
11:23:10.0572 4456 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
11:23:10.0574 4456 Appinfo - ok
11:23:10.0684 4456 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:23:10.0685 4456 Apple Mobile Device - ok
11:23:10.0732 4456 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
11:23:10.0734 4456 arc - ok
11:23:10.0772 4456 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
11:23:10.0775 4456 arcsas - ok
11:23:10.0842 4456 aspnet_state - ok
11:23:10.0881 4456 aswFsBlk (4a57b2c375d82cbeb28454e0460d65ad) C:\Windows\system32\drivers\aswFsBlk.sys
11:23:10.0882 4456 aswFsBlk - ok
11:23:10.0911 4456 aswMonFlt (0dfa8428e92fa0398a4557077e03d0be) C:\Windows\system32\drivers\aswMonFlt.sys
11:23:10.0913 4456 aswMonFlt - ok
11:23:10.0944 4456 aswRdr (061bf40c947848b6f4a478c600b0298c) C:\Windows\system32\drivers\aswRdr.sys
11:23:10.0946 4456 aswRdr - ok
11:23:10.0967 4456 aswSP (6b31b59c48a5f45e9f26de37acae7db4) C:\Windows\system32\drivers\aswSP.sys
11:23:10.0970 4456 aswSP - ok
11:23:10.0992 4456 aswTdi (5c06c8ed0627a970dc7a4b6624f3bd08) C:\Windows\system32\drivers\aswTdi.sys
11:23:10.0994 4456 aswTdi - ok
11:23:11.0029 4456 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:11.0030 4456 AsyncMac - ok
11:23:11.0051 4456 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
11:23:11.0052 4456 atapi - ok
11:23:11.0110 4456 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
11:23:11.0116 4456 AudioEndpointBuilder - ok
11:23:11.0120 4456 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
11:23:11.0124 4456 AudioSrv - ok
11:23:11.0457 4456 avast! Antivirus (ae28ba1361d8040d8850f21cacfccce9) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:23:11.0458 4456 avast! Antivirus - ok
11:23:11.0460 4456 avast! Mail Scanner (ae28ba1361d8040d8850f21cacfccce9) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:23:11.0461 4456 avast! Mail Scanner - ok
11:23:11.0465 4456 avast! Web Scanner (ae28ba1361d8040d8850f21cacfccce9) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
11:23:11.0466 4456 avast! Web Scanner - ok
11:23:11.0773 4456 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:23:11.0822 4456 AVGIDSAgent - ok
11:23:11.0933 4456 AVGIDSDriver (fa46adf6e497cf185160f09e603ce2a3) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
11:23:11.0936 4456 AVGIDSDriver - ok
11:23:11.0955 4456 AVGIDSEH (d6b93e5d8b96a66f55a4d2ee7f24667c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
11:23:11.0956 4456 AVGIDSEH - ok
11:23:11.0975 4456 AVGIDSFilter (ff6551f1ab0da3b30c9dec923f21b504) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
11:23:11.0977 4456 AVGIDSFilter - ok
11:23:12.0010 4456 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
11:23:12.0014 4456 Avgldx64 - ok
11:23:12.0028 4456 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:23:12.0030 4456 Avgmfx64 - ok
11:23:12.0046 4456 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:23:12.0047 4456 Avgrkx64 - ok
11:23:12.0073 4456 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
11:23:12.0078 4456 Avgtdia - ok
11:23:12.0130 4456 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:23:12.0134 4456 avgwd - ok
11:23:12.0199 4456 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
11:23:12.0206 4456 BFE - ok
11:23:12.0279 4456 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
11:23:12.0292 4456 BITS - ok
11:23:12.0331 4456 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
11:23:12.0331 4456 blbdrive - ok
11:23:12.0430 4456 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:23:12.0436 4456 Bonjour Service - ok
11:23:12.0474 4456 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
11:23:12.0476 4456 bowser - ok
11:23:12.0497 4456 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
11:23:12.0499 4456 BrFiltLo - ok
11:23:12.0503 4456 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
11:23:12.0504 4456 BrFiltUp - ok
11:23:12.0547 4456 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
11:23:12.0549 4456 Browser - ok
11:23:12.0595 4456 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
11:23:12.0597 4456 Brserid - ok
11:23:12.0609 4456 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
11:23:12.0611 4456 BrSerWdm - ok
11:23:12.0622 4456 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
11:23:12.0622 4456 BrUsbMdm - ok
11:23:12.0627 4456 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
11:23:12.0629 4456 BrUsbSer - ok
11:23:12.0670 4456 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
11:23:12.0672 4456 BTHMODEM - ok
11:23:12.0716 4456 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
11:23:12.0719 4456 cdfs - ok
11:23:12.0805 4456 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
11:23:12.0807 4456 cdrom - ok
11:23:12.0855 4456 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
11:23:12.0856 4456 CertPropSvc - ok
11:23:12.0876 4456 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
11:23:12.0878 4456 circlass - ok
11:23:12.0924 4456 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
11:23:12.0929 4456 CLFS - ok
11:23:12.0974 4456 clr_optimization_v2.0.50727_32 - ok
11:23:13.0000 4456 clr_optimization_v2.0.50727_64 - ok
11:23:13.0067 4456 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:23:13.0070 4456 clr_optimization_v4.0.30319_32 - ok
11:23:13.0103 4456 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:23:13.0106 4456 clr_optimization_v4.0.30319_64 - ok
11:23:13.0125 4456 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
11:23:13.0127 4456 cmdide - ok
11:23:13.0131 4456 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
11:23:13.0133 4456 Compbatt - ok
11:23:13.0136 4456 COMSysApp - ok
11:23:13.0228 4456 cpuz132 - ok
11:23:13.0262 4456 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
11:23:13.0264 4456 crcdisk - ok
11:23:13.0335 4456 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:23:13.0338 4456 Creative ALchemy AL6 Licensing Service - ok
11:23:13.0383 4456 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:23:13.0385 4456 Creative Audio Engine Licensing Service - ok
11:23:13.0405 4456 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
11:23:13.0407 4456 Creative Media Toolbox 6 Licensing Service - ok
11:23:13.0473 4456 CrypKey License (2177a0f611584bca1dfdd7eeb35c0224) C:\Windows\system32\crypserv.exe
11:23:13.0476 4456 CrypKey License - ok
11:23:13.0554 4456 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
11:23:13.0557 4456 CryptSvc - ok
11:23:13.0663 4456 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
11:23:13.0667 4456 CTAudSvcService - ok
11:23:13.0727 4456 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
11:23:13.0736 4456 DcomLaunch - ok
11:23:13.0813 4456 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
11:23:13.0815 4456 DfsC - ok
11:23:14.0076 4456 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
11:23:14.0114 4456 DFSR - ok
11:23:14.0228 4456 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
11:23:14.0230 4456 Dhcp - ok
11:23:14.0259 4456 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
11:23:14.0261 4456 disk - ok
11:23:14.0297 4456 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
11:23:14.0300 4456 Dnscache - ok
11:23:14.0344 4456 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
11:23:14.0347 4456 dot3svc - ok
11:23:14.0383 4456 dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
11:23:14.0385 4456 dot4 - ok
11:23:14.0392 4456 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:23:14.0393 4456 Dot4Print - ok
11:23:14.0403 4456 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
11:23:14.0404 4456 dot4usb - ok
11:23:14.0422 4456 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
11:23:14.0425 4456 DPS - ok
11:23:14.0464 4456 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
11:23:14.0465 4456 drmkaud - ok
11:23:14.0520 4456 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
11:23:14.0531 4456 DXGKrnl - ok
11:23:14.0570 4456 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
11:23:14.0573 4456 E1G60 - ok
11:23:14.0587 4456 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
11:23:14.0589 4456 EapHost - ok
11:23:14.0640 4456 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
11:23:14.0643 4456 Ecache - ok
11:23:14.0681 4456 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
11:23:14.0685 4456 ehRecvr - ok
11:23:14.0736 4456 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
11:23:14.0739 4456 ehSched - ok
11:23:14.0765 4456 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
11:23:14.0766 4456 ehstart - ok
11:23:14.0787 4456 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
11:23:14.0792 4456 elxstor - ok
11:23:14.0832 4456 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
11:23:14.0837 4456 EMDMgmt - ok
11:23:14.0854 4456 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
11:23:14.0855 4456 ErrDev - ok
11:23:14.0898 4456 esgiguard - ok
11:23:14.0947 4456 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
11:23:14.0950 4456 EventSystem - ok
11:23:14.0980 4456 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
11:23:14.0983 4456 exfat - ok
11:23:15.0011 4456 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
11:23:15.0014 4456 fastfat - ok
11:23:15.0024 4456 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
11:23:15.0025 4456 fdc - ok
11:23:15.0052 4456 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
11:23:15.0053 4456 fdPHost - ok
11:23:15.0060 4456 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
11:23:15.0062 4456 FDResPub - ok
11:23:15.0083 4456 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
11:23:15.0085 4456 FileInfo - ok
11:23:15.0094 4456 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
11:23:15.0095 4456 Filetrace - ok
11:23:15.0109 4456 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:15.0110 4456 flpydisk - ok
11:23:15.0138 4456 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
11:23:15.0142 4456 FltMgr - ok
11:23:15.0443 4456 FontCache (de67b1afab1ddb6ca0bba89a776f26fa) C:\Windows\system32\FntCache.dll
11:23:15.0456 4456 FontCache - ok
11:23:15.0504 4456 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:23:15.0505 4456 FontCache3.0.0.0 - ok
11:23:15.0541 4456 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
11:23:15.0543 4456 Fs_Rec - ok
11:23:15.0563 4456 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
11:23:15.0565 4456 gagp30kx - ok
11:23:15.0592 4456 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:23:15.0593 4456 GEARAspiWDM - ok
11:23:15.0596 4456 GMSIPCI - ok
11:23:16.0568 4456 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
11:23:16.0578 4456 gpsvc - ok
11:23:16.0626 4456 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
11:23:16.0630 4456 HdAudAddService - ok
11:23:16.0716 4456 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:23:16.0759 4456 HDAudBus - ok
11:23:16.0798 4456 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
11:23:16.0800 4456 HidBth - ok
11:23:16.0819 4456 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
11:23:16.0820 4456 HidIr - ok
11:23:16.0848 4456 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
11:23:16.0850 4456 hidserv - ok
11:23:16.0875 4456 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
11:23:16.0876 4456 HidUsb - ok
11:23:16.0888 4456 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
11:23:16.0890 4456 hkmsvc - ok
11:23:16.0919 4456 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
11:23:16.0921 4456 HpCISSs - ok
11:23:16.0958 4456 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:23:16.0959 4456 HTCAND64 - ok
11:23:17.0005 4456 HtcUsbMdmV64 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys
11:23:17.0007 4456 HtcUsbMdmV64 - ok
11:23:17.0032 4456 HtcVCom32 (7c7c986776d00e575bfbde5dcbdc615d) C:\Windows\system32\DRIVERS\HtcVComV64.sys
11:23:17.0034 4456 HtcVCom32 - ok
11:23:17.0081 4456 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
11:23:17.0089 4456 HTTP - ok
11:23:17.0103 4456 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
11:23:17.0104 4456 i2omp - ok
11:23:17.0140 4456 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
11:23:17.0141 4456 i8042prt - ok
11:23:17.0162 4456 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
11:23:17.0166 4456 iaStorV - ok
11:23:17.0273 4456 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:23:17.0282 4456 idsvc - ok
11:23:17.0287 4456 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
11:23:17.0288 4456 iirsp - ok
11:23:17.0343 4456 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
11:23:17.0349 4456 IKEEXT - ok
11:23:17.0440 4456 IntcAzAudAddService (46cb3abe8150e7b181e86d4906de17e8) C:\Windows\system32\drivers\RTKVHD64.sys
11:23:17.0457 4456 IntcAzAudAddService - ok
11:23:17.0554 4456 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
11:23:17.0555 4456 intelide - ok
11:23:17.0564 4456 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
11:23:17.0566 4456 intelppm - ok
11:23:17.0585 4456 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
11:23:17.0588 4456 IPBusEnum - ok
11:23:17.0609 4456 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:17.0611 4456 IpFilterDriver - ok
11:23:17.0640 4456 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
11:23:17.0644 4456 iphlpsvc - ok
11:23:17.0647 4456 IpInIp - ok
11:23:17.0673 4456 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
11:23:17.0675 4456 IPMIDRV - ok
11:23:17.0706 4456 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
11:23:17.0709 4456 IPNAT - ok
11:23:17.0815 4456 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
11:23:17.0826 4456 iPod Service - ok
11:23:17.0843 4456 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
11:23:17.0844 4456 IRENUM - ok
11:23:17.0874 4456 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
11:23:17.0875 4456 isapnp - ok
11:23:17.0920 4456 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
11:23:17.0924 4456 iScsiPrt - ok
11:23:17.0938 4456 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
11:23:17.0939 4456 iteatapi - ok
11:23:17.0968 4456 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
11:23:17.0970 4456 iteraid - ok
11:23:17.0984 4456 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
11:23:17.0986 4456 kbdclass - ok
11:23:17.0994 4456 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:23:17.0995 4456 kbdhid - ok
11:23:18.0022 4456 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:23:18.0024 4456 KeyIso - ok
11:23:18.0063 4456 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
11:23:18.0070 4456 KSecDD - ok
11:23:18.0099 4456 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
11:23:18.0100 4456 ksthunk - ok
11:23:18.0147 4456 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
11:23:18.0152 4456 KtmRm - ok
11:23:18.0190 4456 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
11:23:18.0193 4456 LanmanServer - ok
11:23:18.0227 4456 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
11:23:18.0232 4456 LanmanWorkstation - ok
11:23:18.0352 4456 Lavasoft Ad-Aware Service (ea38136981c61c571d52c380daad46ef) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
11:23:18.0376 4456 Lavasoft Ad-Aware Service - ok
11:23:18.0395 4456 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
11:23:18.0396 4456 Lavasoft Kernexplorer - ok
11:23:18.0484 4456 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
11:23:18.0486 4456 Lbd - ok
11:23:18.0502 4456 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
11:23:18.0504 4456 lltdio - ok
11:23:18.0536 4456 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
11:23:18.0541 4456 lltdsvc - ok
11:23:18.0556 4456 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
11:23:18.0558 4456 lmhosts - ok
11:23:18.0575 4456 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
11:23:18.0577 4456 LSI_FC - ok
11:23:18.0591 4456 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
11:23:18.0593 4456 LSI_SAS - ok
11:23:18.0602 4456 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
11:23:18.0604 4456 LSI_SCSI - ok
11:23:18.0609 4456 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
11:23:18.0611 4456 luafv - ok
11:23:18.0653 4456 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:23:18.0655 4456 LVPr2M64 - ok
11:23:18.0658 4456 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:23:18.0659 4456 LVPr2Mon - ok
11:23:18.0712 4456 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
11:23:18.0715 4456 LVPrcS64 - ok
11:23:18.0774 4456 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
11:23:18.0778 4456 LVRS64 - ok
11:23:19.0133 4456 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:23:19.0221 4456 LVUVC64 - ok
11:23:19.0367 4456 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:23:19.0368 4456 MBAMProtector - ok
11:23:19.0420 4456 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:23:19.0429 4456 MBAMService - ok
11:23:19.0445 4456 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
11:23:19.0448 4456 Mcx2Svc - ok
11:23:19.0496 4456 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
11:23:19.0498 4456 megasas - ok
11:23:19.0537 4456 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
11:23:19.0542 4456 MegaSR - ok
11:23:19.0617 4456 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:23:19.0619 4456 Microsoft Office Groove Audit Service - ok
11:23:19.0636 4456 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
11:23:19.0638 4456 MMCSS - ok
11:23:19.0651 4456 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
11:23:19.0653 4456 Modem - ok
11:23:19.0697 4456 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
11:23:19.0699 4456 monitor - ok
11:23:19.0720 4456 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
11:23:19.0722 4456 mouclass - ok
11:23:19.0754 4456 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
11:23:19.0756 4456 mouhid - ok
11:23:19.0773 4456 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
11:23:19.0775 4456 MountMgr - ok
11:23:19.0833 4456 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
11:23:19.0836 4456 mpio - ok
11:23:19.0871 4456 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
11:23:19.0873 4456 mpsdrv - ok
11:23:19.0918 4456 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
11:23:19.0926 4456 MpsSvc - ok
11:23:19.0957 4456 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
11:23:19.0958 4456 Mraid35x - ok
11:23:19.0967 4456 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
11:23:19.0969 4456 MRxDAV - ok
11:23:20.0021 4456 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:20.0024 4456 mrxsmb - ok
11:23:20.0053 4456 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:20.0057 4456 mrxsmb10 - ok
11:23:20.0078 4456 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:20.0081 4456 mrxsmb20 - ok
11:23:20.0113 4456 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
11:23:20.0115 4456 msahci - ok
11:23:20.0143 4456 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
11:23:20.0144 4456 msdsm - ok
11:23:20.0195 4456 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
11:23:20.0198 4456 MSDTC - ok
11:23:20.0239 4456 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
11:23:20.0240 4456 Msfs - ok
11:23:20.0275 4456 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
11:23:20.0276 4456 msisadrv - ok
11:23:20.0316 4456 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
11:23:20.0319 4456 MSiSCSI - ok
11:23:20.0323 4456 msiserver - ok
11:23:20.0373 4456 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
11:23:20.0374 4456 MSKSSRV - ok
11:23:20.0400 4456 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:20.0401 4456 MSPCLOCK - ok
11:23:20.0410 4456 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
11:23:20.0445 4456 MSPQM - ok
11:23:20.0729 4456 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
11:23:20.0734 4456 MsRPC - ok
11:23:20.0764 4456 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
11:23:20.0766 4456 mssmbios - ok
11:23:20.0803 4456 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
11:23:20.0805 4456 MSTEE - ok
11:23:20.0841 4456 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
11:23:20.0843 4456 Mup - ok
11:23:20.0879 4456 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
11:23:20.0885 4456 napagent - ok
11:23:20.0938 4456 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
11:23:20.0941 4456 NativeWifiP - ok
11:23:21.0064 4456 NBService (5e8edd6a52e897c19ec6e149fe6c7a8e) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
11:23:21.0074 4456 NBService - ok
11:23:21.0121 4456 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
11:23:21.0130 4456 NDIS - ok
11:23:21.0152 4456 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:21.0153 4456 NdisTapi - ok
11:23:21.0164 4456 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:21.0165 4456 Ndisuio - ok
11:23:21.0204 4456 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:21.0207 4456 NdisWan - ok
11:23:21.0231 4456 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
11:23:21.0233 4456 NDProxy - ok
11:23:21.0258 4456 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
11:23:21.0260 4456 NetBIOS - ok
11:23:21.0297 4456 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
11:23:21.0301 4456 netbt - ok
11:23:21.0329 4456 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:23:21.0331 4456 Netlogon - ok
11:23:21.0369 4456 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
11:23:21.0374 4456 Netman - ok
11:23:21.0434 4456 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
11:23:21.0439 4456 netprofm - ok
11:23:21.0518 4456 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:21.0520 4456 NetTcpPortSharing - ok
11:23:21.0572 4456 NetworkX (a97d9b1c2eeb2e169d2593e7073bcd27) C:\Windows\System32\ckldrv.sys
11:23:21.0574 4456 NetworkX - ok
11:23:21.0598 4456 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
11:23:21.0600 4456 nfrd960 - ok
11:23:21.0649 4456 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
11:23:21.0653 4456 NlaSvc - ok
11:23:21.0751 4456 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
11:23:21.0755 4456 NMIndexingService - ok
11:23:21.0783 4456 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
11:23:21.0785 4456 Npfs - ok
11:23:21.0813 4456 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
11:23:21.0815 4456 nsi - ok
11:23:21.0839 4456 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
11:23:21.0840 4456 nsiproxy - ok
11:23:21.0933 4456 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
11:23:21.0951 4456 Ntfs - ok
11:23:22.0105 4456 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
11:23:22.0106 4456 Null - ok
11:23:22.0610 4456 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:23:22.0973 4456 nvlddmkm - ok
11:23:23.0112 4456 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
11:23:23.0115 4456 nvraid - ok
11:23:23.0129 4456 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
11:23:23.0131 4456 nvstor - ok
11:23:23.0183 4456 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
11:23:23.0189 4456 nvsvc - ok
11:23:23.0318 4456 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
11:23:23.0343 4456 nvUpdatusService - ok
11:23:23.0450 4456 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
11:23:23.0453 4456 nv_agp - ok
11:23:23.0456 4456 NwlnkFlt - ok
11:23:23.0461 4456 NwlnkFwd - ok
11:23:23.0564 4456 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:23:23.0569 4456 odserv - ok
11:23:23.0599 4456 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
11:23:23.0602 4456 ohci1394 - ok
11:23:23.0633 4456 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:23:23.0635 4456 ose - ok
11:23:23.0745 4456 P17 (634347adebc790b8f07654a3ea8034fd) C:\Windows\system32\drivers\P17.sys
11:23:23.0766 4456 P17 - ok
11:23:23.0876 4456 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:23:23.0886 4456 p2pimsvc - ok
11:23:23.0893 4456 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:23:23.0899 4456 p2psvc - ok
11:23:23.0962 4456 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
11:23:23.0964 4456 Parport - ok
11:23:23.0990 4456 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
11:23:23.0992 4456 partmgr - ok
11:23:24.0016 4456 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
11:23:24.0019 4456 PcaSvc - ok
11:23:24.0045 4456 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
11:23:24.0048 4456 pci - ok
11:23:24.0085 4456 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
11:23:24.0086 4456 pciide - ok
11:23:24.0109 4456 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
11:23:24.0112 4456 pcmcia - ok
11:23:24.0179 4456 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
11:23:24.0189 4456 PEAUTH - ok
11:23:24.0245 4456 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
11:23:24.0247 4456 PerfHost - ok
11:23:24.0333 4456 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
11:23:24.0348 4456 pla - ok
11:23:24.0388 4456 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
11:23:24.0394 4456 PlugPlay - ok
11:23:24.0411 4456 PnkBstrA - ok
11:23:24.0470 4456 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:23:24.0476 4456 PNRPAutoReg - ok
11:23:24.0483 4456 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
11:23:24.0489 4456 PNRPsvc - ok
11:23:24.0535 4456 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
11:23:24.0543 4456 PolicyAgent - ok
11:23:24.0595 4456 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
11:23:24.0597 4456 PptpMiniport - ok
11:23:24.0629 4456 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
11:23:24.0631 4456 Processor - ok
11:23:24.0679 4456 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
11:23:24.0683 4456 ProfSvc - ok
11:23:24.0695 4456 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:23:24.0696 4456 ProtectedStorage - ok
11:23:24.0720 4456 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
11:23:24.0722 4456 PSched - ok
11:23:24.0832 4456 QBCFMonitorService (de050f20f541c3731c2cca1f8224c9b2) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
11:23:24.0834 4456 QBCFMonitorService - ok
11:23:24.0850 4456 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
11:23:24.0852 4456 QBFCService - ok
11:23:24.0926 4456 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
11:23:24.0940 4456 ql2300 - ok
11:23:24.0991 4456 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
11:23:24.0993 4456 ql40xx - ok
11:23:25.0044 4456 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
11:23:25.0047 4456 QWAVE - ok
11:23:25.0072 4456 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
11:23:25.0074 4456 QWAVEdrv - ok
11:23:25.0081 4456 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
11:23:25.0082 4456 RasAcd - ok
11:23:25.0114 4456 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
11:23:25.0117 4456 RasAuto - ok
11:23:25.0147 4456 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:23:25.0149 4456 Rasl2tp - ok
11:23:25.0184 4456 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
11:23:25.0189 4456 RasMan - ok
11:23:25.0220 4456 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
11:23:25.0222 4456 RasPppoe - ok
11:23:25.0259 4456 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
11:23:25.0261 4456 RasSstp - ok
11:23:25.0301 4456 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
11:23:25.0305 4456 rdbss - ok
11:23:25.0321 4456 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:23:25.0322 4456 RDPCDD - ok
11:23:25.0373 4456 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
11:23:25.0377 4456 rdpdr - ok
11:23:25.0412 4456 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
11:23:25.0414 4456 RDPENCDD - ok
11:23:25.0457 4456 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
11:23:25.0461 4456 RDPWD - ok
11:23:25.0497 4456 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
11:23:25.0500 4456 RemoteAccess - ok
11:23:25.0534 4456 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
11:23:25.0538 4456 RemoteRegistry - ok
11:23:25.0562 4456 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
11:23:25.0564 4456 RpcLocator - ok
11:23:25.0607 4456 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
11:23:25.0613 4456 RpcSs - ok
11:23:25.0643 4456 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
11:23:25.0645 4456 rspndr - ok
11:23:25.0810 4456 RTL8169 (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
11:23:25.0813 4456 RTL8169 - ok
11:23:25.0820 4456 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
11:23:25.0821 4456 SamSs - ok
11:23:25.0851 4456 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
11:23:25.0853 4456 sbp2port - ok
11:23:25.0899 4456 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
11:23:25.0902 4456 SCardSvr - ok
11:23:25.0955 4456 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
11:23:25.0965 4456 Schedule - ok
11:23:25.0994 4456 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
11:23:25.0994 4456 SCPolicySvc - ok
11:23:26.0023 4456 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
11:23:26.0027 4456 SDRSVC - ok
11:23:26.0085 4456 SeaPort (4a5809a1d796e2675ac0332bf7b0cb11) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:23:26.0087 4456 SeaPort - ok
11:23:26.0127 4456 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:23:26.0128 4456 secdrv - ok
11:23:26.0137 4456 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
11:23:26.0139 4456 seclogon - ok
11:23:26.0149 4456 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
11:23:26.0152 4456 SENS - ok
11:23:26.0173 4456 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
11:23:26.0174 4456 Serenum - ok
11:23:26.0185 4456 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
11:23:26.0187 4456 Serial - ok
11:23:26.0205 4456 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
11:23:26.0207 4456 sermouse - ok
11:23:26.0284 4456 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
11:23:26.0287 4456 SessionEnv - ok
11:23:26.0300 4456 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
11:23:26.0301 4456 sffdisk - ok
11:23:26.0308 4456 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
11:23:26.0309 4456 sffp_mmc - ok
11:23:26.0323 4456 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
11:23:26.0324 4456 sffp_sd - ok
11:23:26.0332 4456 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
11:23:26.0333 4456 sfloppy - ok
11:23:26.0370 4456 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
11:23:26.0375 4456 SharedAccess - ok
11:23:26.0407 4456 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
11:23:26.0412 4456 ShellHWDetection - ok
11:23:26.0438 4456 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
11:23:26.0439 4456 SiSRaid2 - ok
11:23:26.0451 4456 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
11:23:26.0453 4456 SiSRaid4 - ok
11:23:26.0558 4456 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
11:23:26.0587 4456 slsvc - ok
11:23:26.0669 4456 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
11:23:26.0672 4456 SLUINotify - ok
11:23:26.0709 4456 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
11:23:26.0712 4456 Smb - ok
11:23:26.0781 4456 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
11:23:26.0782 4456 SMSIVZAM5X64 - ok
11:23:26.0818 4456 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
11:23:26.0820 4456 SNMPTRAP - ok
11:23:26.0852 4456 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
11:23:26.0854 4456 spldr - ok
11:23:26.0887 4456 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
11:23:26.0891 4456 Spooler - ok
11:23:26.0938 4456 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
11:23:26.0944 4456 srv - ok
11:23:27.0009 4456 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
11:23:27.0012 4456 srv2 - ok
11:23:27.0068 4456 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
11:23:27.0071 4456 srvnet - ok
11:23:27.0087 4456 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
11:23:27.0090 4456 SSDPSRV - ok
11:23:27.0140 4456 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
11:23:27.0143 4456 SstpSvc - ok
11:23:27.0188 4456 Steam Client Service - ok
11:23:27.0291 4456 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
11:23:27.0295 4456 Stereo Service - ok
11:23:27.0335 4456 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
11:23:27.0343 4456 stisvc - ok
11:23:27.0379 4456 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
11:23:27.0380 4456 swenum - ok
11:23:27.0428 4456 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
11:23:27.0435 4456 swprv - ok
11:23:27.0458 4456 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
11:23:27.0460 4456 Symc8xx - ok
11:23:27.0481 4456 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
11:23:27.0483 4456 Sym_hi - ok
11:23:27.0498 4456 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
11:23:27.0499 4456 Sym_u3 - ok
11:23:27.0550 4456 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
11:23:27.0562 4456 SysMain - ok
11:23:27.0586 4456 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
11:23:27.0589 4456 TabletInputService - ok
11:23:27.0621 4456 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
11:23:27.0625 4456 TapiSrv - ok
11:23:27.0640 4456 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
11:23:27.0643 4456 TBS - ok
11:23:27.0751 4456 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
11:23:27.0767 4456 Tcpip - ok
11:23:27.0867 4456 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
11:23:27.0874 4456 Tcpip6 - ok
11:23:27.0930 4456 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
11:23:27.0932 4456 tcpipreg - ok
11:23:27.0956 4456 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
11:23:27.0958 4456 TDPIPE - ok
11:23:27.0970 4456 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
11:23:27.0972 4456 TDTCP - ok
11:23:27.0998 4456 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
11:23:28.0000 4456 tdx - ok
11:23:28.0031 4456 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
11:23:28.0033 4456 TermDD - ok
11:23:28.0059 4456 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
11:23:28.0067 4456 TermService - ok
11:23:28.0098 4456 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
11:23:28.0102 4456 Themes - ok
11:23:28.0125 4456 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
11:23:28.0126 4456 THREADORDER - ok
11:23:28.0150 4456 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
11:23:28.0153 4456 TrkWks - ok
11:23:28.0201 4456 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
11:23:28.0202 4456 TrustedInstaller - ok
11:23:28.0220 4456 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:23:28.0221 4456 tssecsrv - ok
11:23:28.0251 4456 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
11:23:28.0253 4456 tunmp - ok
11:23:28.0301 4456 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
11:23:28.0302 4456 tunnel - ok
11:23:28.0319 4456 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
11:23:28.0321 4456 uagp35 - ok
11:23:28.0352 4456 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
11:23:28.0356 4456 udfs - ok
11:23:28.0391 4456 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
11:23:28.0393 4456 UI0Detect - ok
11:23:28.0412 4456 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
11:23:28.0413 4456 uliagpkx - ok
11:23:28.0451 4456 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
11:23:28.0454 4456 uliahci - ok
11:23:28.0487 4456 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
11:23:28.0490 4456 UlSata - ok
11:23:28.0509 4456 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
11:23:28.0513 4456 ulsata2 - ok
11:23:28.0541 4456 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
11:23:28.0543 4456 umbus - ok
11:23:28.0631 4456 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:23:28.0637 4456 UMVPFSrv - ok
11:23:28.0670 4456 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
11:23:28.0675 4456 upnphost - ok
11:23:28.0719 4456 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
11:23:28.0720 4456 USBAAPL64 - ok
11:23:28.0745 4456 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
11:23:28.0746 4456 usbaudio - ok
11:23:28.0786 4456 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
11:23:28.0787 4456 usbccgp - ok
11:23:28.0813 4456 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
11:23:28.0815 4456 usbcir - ok
11:23:28.0847 4456 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
11:23:28.0849 4456 usbehci - ok
11:23:28.0887 4456 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
11:23:28.0891 4456 usbhub - ok
11:23:28.0914 4456 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
11:23:28.0916 4456 usbohci - ok
11:23:28.0929 4456 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
11:23:28.0931 4456 usbprint - ok
11:23:28.0977 4456 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
11:23:28.0979 4456 usbscan - ok
11:23:29.0006 4456 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:23:29.0008 4456 USBSTOR - ok
11:23:29.0021 4456 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
11:23:29.0022 4456 usbuhci - ok
11:23:29.0052 4456 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
11:23:29.0056 4456 usbvideo - ok
11:23:29.0070 4456 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
11:23:29.0073 4456 UxSms - ok
11:23:29.0110 4456 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
11:23:29.0117 4456 vds - ok
11:23:29.0143 4456 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
11:23:29.0144 4456 vga - ok
11:23:29.0160 4456 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
11:23:29.0160 4456 VgaSave - ok
11:23:29.0174 4456 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
11:23:29.0176 4456 viaide - ok
11:23:29.0197 4456 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
11:23:29.0199 4456 volmgr - ok
11:23:29.0242 4456 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
11:23:29.0246 4456 volmgrx - ok
11:23:29.0282 4456 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
11:23:29.0285 4456 volsnap - ok
11:23:29.0304 4456 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
11:23:29.0307 4456 vsmraid - ok
11:23:29.0369 4456 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
11:23:29.0379 4456 VSS - ok
11:23:29.0458 4456 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
11:23:29.0464 4456 W32Time - ok
11:23:29.0491 4456 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
11:23:29.0492 4456 WacomPen - ok
11:23:29.0538 4456 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:23:29.0540 4456 Wanarp - ok
11:23:29.0544 4456 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
11:23:29.0545 4456 Wanarpv6 - ok
11:23:29.0590 4456 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
11:23:29.0598 4456 wcncsvc - ok
11:23:29.0620 4456 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
11:23:29.0623 4456 WcsPlugInService - ok
11:23:29.0639 4456 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
11:23:29.0641 4456 Wd - ok
11:23:29.0708 4456 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
11:23:29.0719 4456 Wdf01000 - ok
11:23:29.0750 4456 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
11:23:29.0754 4456 WdiServiceHost - ok
11:23:29.0757 4456 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
11:23:29.0759 4456 WdiSystemHost - ok
11:23:29.0812 4456 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
11:23:29.0817 4456 WebClient - ok
11:23:29.0874 4456 Wecsvc (bd9a749f36710ffa02e0e530f7451936) C:\Windows\system32\wecsvc.dll
11:23:29.0878 4456 Wecsvc - ok
11:23:29.0926 4456 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
11:23:29.0929 4456 wercplsupport - ok
11:23:29.0976 4456 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
11:23:29.0979 4456 WerSvc - ok
11:23:30.0049 4456 WinDefend - ok
11:23:30.0055 4456 WinHttpAutoProxySvc - ok
11:23:30.0147 4456 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
11:23:30.0150 4456 Winmgmt - ok
11:23:30.0280 4456 WinRM (42717db2be3a075d0f0cd5c927c27a43) C:\Windows\system32\WsmSvc.dll
11:23:30.0293 4456 WinRM - ok
11:23:30.0357 4456 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
11:23:30.0365 4456 Wlansvc - ok
11:23:30.0508 4456 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:23:30.0533 4456 wlidsvc - ok
11:23:30.0608 4456 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
11:23:30.0609 4456 WmiAcpi - ok
11:23:30.0681 4456 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
11:23:30.0685 4456 wmiApSrv - ok
11:23:30.0709 4456 WMPNetworkSvc - ok
11:23:30.0739 4456 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
11:23:30.0744 4456 WPCSvc - ok
11:23:30.0779 4456 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
11:23:30.0782 4456 WPDBusEnum - ok
11:23:30.0931 4456 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
11:23:30.0933 4456 WpdUsb - ok
11:23:31.0251 4456 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:23:31.0262 4456 WPFFontCache_v0400 - ok
11:23:31.0283 4456 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
11:23:31.0284 4456 ws2ifsl - ok
11:23:31.0310 4456 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
11:23:31.0313 4456 wscsvc - ok
11:23:31.0317 4456 WSearch - ok
11:23:31.0421 4456 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
11:23:31.0448 4456 wuauserv - ok
11:23:31.0550 4456 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:23:31.0552 4456 WUDFRd - ok
11:23:31.0574 4456 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
11:23:31.0577 4456 wudfsvc - ok
11:23:31.0617 4456 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
11:23:31.0652 4456 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:23:31.0652 4456 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:23:31.0686 4456 Boot (0x1200) (3bb1c2a99edfa89d8a1a9ff73a650222) \Device\Harddisk0\DR0\Partition0
11:23:31.0687 4456 \Device\Harddisk0\DR0\Partition0 - ok
11:23:31.0688 4456 ============================================================
11:23:31.0688 4456 Scan finished
11:23:31.0688 4456 ============================================================
11:23:31.0697 5320 Detected object count: 1
11:23:31.0697 5320 Actual detected object count: 1
11:26:35.0476 5320 \Device\Harddisk0\DR0\# - copied to quarantine
11:26:35.0476 5320 \Device\Harddisk0\DR0 - copied to quarantine
11:26:35.0496 5320 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:26:35.0498 5320 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
11:26:35.0505 5320 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
11:26:35.0510 5320 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
11:26:35.0512 5320 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
11:26:35.0514 5320 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
11:26:35.0517 5320 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
11:26:35.0519 5320 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
11:26:35.0522 5320 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
11:26:35.0525 5320 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:26:35.0526 5320 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
11:26:35.0571 5320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:26:35.0572 5320 \Device\Harddisk0\DR0 - ok
11:26:35.0979 5320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:33:45.0661 5132 Deinitialize success

#14 woodchip442

woodchip442
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 PM

Posted 28 April 2012 - 04:02 PM

Here is combo fix.

ComboFix 12-04-26.01 - Administrator 04/28/2012 16:16:41.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1850 [GMT -4:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\urttemp
c:\windows\SysWow64\urttemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 20:39 . 2012-04-28 20:39 -------- d-----w- c:\users\USER\AppData\Local\temp
2012-04-28 20:39 . 2012-04-28 20:39 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-28 20:39 . 2012-04-28 20:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-28 15:26 . 2012-04-28 15:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-27 15:08 . 2012-04-27 15:08 -------- d-----w- C:\_OTL
2012-04-22 20:13 . 2012-04-22 20:13 -------- d-----w- c:\users\Administrator\AppData\Local\Apps
2012-04-20 17:10 . 2012-04-20 17:10 -------- d-----w- c:\program files (x86)\ESET
2012-04-20 16:52 . 2012-04-20 16:53 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-04-20 15:56 . 2012-04-20 15:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\SpeedMaxPc
2012-04-20 15:56 . 2012-04-20 15:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\DriverCure
2012-04-20 15:55 . 2012-04-20 16:05 -------- d-----w- c:\programdata\SpeedMaxPc
2012-04-20 15:51 . 2012-04-20 16:53 -------- d-----w- C:\sh4ldr
2012-04-20 15:51 . 2012-04-20 15:51 -------- d-----w- c:\program files\Enigma Software Group
2012-04-20 01:18 . 2012-04-20 01:18 -------- d-----w- c:\program files (x86)\Canon
2012-04-20 01:02 . 2007-04-18 21:13 66048 ----a-w- c:\windows\system32\CNAS0MMK.DLL
2012-04-19 23:09 . 2012-04-19 23:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\Malwarebytes
2012-04-19 23:08 . 2012-04-24 11:18 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-04-19 23:08 . 2012-04-19 23:19 -------- d-----w- c:\programdata\Malwarebytes
2012-04-19 23:08 . 2012-04-24 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-19 23:08 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-19 12:13 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 12:13 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-04-19 12:13 . 2012-02-28 07:37 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-04-19 12:13 . 2012-02-28 01:58 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-04-19 12:10 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-19 12:10 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-19 12:10 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-19 12:10 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-19 12:10 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-19 12:10 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-19 12:10 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 19:52 . 2012-04-16 19:52 -------- d-----w- c:\users\Administrator\AppData\Roaming\PeerNetworking
2012-04-16 17:37 . 2012-04-28 15:37 -------- d-----w- c:\users\Administrator\AppData\Local\CDDB
2012-04-14 14:02 . 2012-04-14 14:02 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 19:08 . 2012-04-08 19:08 -------- d-----w- c:\program files\iPod
2012-04-08 19:08 . 2012-04-08 19:09 -------- d-----w- c:\program files\iTunes
2012-04-05 13:24 . 2012-04-14 14:02 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-15 20:58 . 2009-03-22 19:56 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-15 20:58 . 2009-02-17 23:17 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-15 20:57 . 2009-02-17 23:17 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-14 14:02 . 2011-08-01 13:22 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 00:02 . 2012-03-16 14:20 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-01 00:02 . 2012-03-16 14:20 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-01 00:02 . 2012-03-16 14:20 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-03-01 00:02 . 2012-03-16 14:20 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-03-01 00:02 . 2012-03-16 14:20 25543488 ----a-w- c:\windows\system32\nvoglv64.dll
2012-03-01 00:02 . 2012-03-16 14:20 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-03-01 00:02 . 2012-03-16 14:20 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-01 00:02 . 2012-03-16 14:20 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2012-03-16 14:20 8008000 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-01 00:02 . 2012-03-16 14:20 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-03-01 00:02 . 2012-03-16 14:20 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-16 14:20 2672448 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-01 00:02 . 2012-03-16 14:20 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-03-01 00:02 . 2012-03-16 14:20 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-03-01 00:02 . 2012-03-16 14:20 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-03-01 00:02 . 2012-03-16 14:20 25222976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-01 00:02 . 2012-03-16 14:20 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-03-01 00:02 . 2011-10-24 11:27 1737536 ----a-w- c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-10-24 11:27 1466176 ----a-w- c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2008-10-07 21:33 2660160 ----a-w- c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2008-10-07 21:33 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-02-29 21:00 . 2010-07-09 20:27 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-07-09 20:27 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-07-09 20:27 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-07-09 20:27 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2009-07-07 21:24 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-02-29 17:26 . 2012-02-29 17:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-02-21 13:09 . 2012-02-21 13:09 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-21 13:09 . 2012-02-21 13:09 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-21 13:09 . 2012-02-21 13:09 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 13:09 . 2012-02-21 13:09 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 13:09 . 2012-02-21 13:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-21 13:09 . 2012-02-21 13:09 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-21 13:09 . 2012-02-21 13:09 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-21 13:09 . 2012-02-21 13:09 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-21 13:09 . 2012-02-21 13:09 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-21 13:09 . 2012-02-21 13:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-21 13:09 . 2012-02-21 13:09 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-21 13:09 . 2012-02-21 13:09 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-21 13:09 . 2012-02-21 13:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-21 13:09 . 2012-02-21 13:09 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-21 13:09 . 2012-02-21 13:09 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-21 13:09 . 2012-02-21 13:09 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-21 13:09 . 2012-02-21 13:09 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-21 13:09 . 2012-02-21 13:09 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 13:09 . 2012-02-21 13:09 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-21 13:09 . 2012-02-21 13:09 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-21 13:09 . 2012-02-21 13:09 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-21 13:09 . 2012-02-21 13:09 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 13:09 . 2012-02-21 13:09 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-21 13:09 . 2012-02-21 13:09 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-21 13:09 . 2012-02-21 13:09 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-21 13:09 . 2012-02-21 13:09 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-21 13:09 . 2012-02-21 13:09 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-21 13:09 . 2012-02-21 13:09 448512 ----a-w- c:\windows\system32\html.iec
2012-02-21 13:09 . 2012-02-21 13:09 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-21 13:09 . 2012-02-21 13:09 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-21 13:09 . 2012-02-21 13:09 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-21 13:09 . 2012-02-21 13:09 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-21 13:09 . 2012-02-21 13:09 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-21 13:09 . 2012-02-21 13:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-13 12:04 . 2009-11-09 01:39 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-13 12:04 . 2012-03-19 14:46 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-02-28 180224]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-08-09 1394440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-8-25 5353760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart\0lsdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 14:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.17.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - c:\progra~2\CHARTE~1\CHARTE~1.DLL
Wow6432Node-HKCU-Run-CDDB - c:\users\Administrator\AppData\Local\CDDB\prcdenbl.dll
WebBrowser-{4E7BD74F-2B8D-469E-85AB-AF21F3D9AE2F} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Charter Browser Updater - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,81,1e,
e1,6d,97,49,0a,a5,33,d5,a9,2b,9d,14,1b
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c1,f1,
a3,52,99,b7,55,a6,e5,43,e0,cb,41,f4,17
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,ec,b9,
22,59,34,34,0f,bc,66,0d,25,e6,dc,89,d8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2e,9e,
6c,f2,6b,45,09,ad,f1,48,fc,1f,73,e2,66
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:02,09,d0,21,a0,f0,cc,01
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,4b,55,ee,79,c3,be,4e,a3,78,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e5,4b,55,ee,79,c3,be,4e,a3,78,3a,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,15,4c,76,7a,73,56,4c,96,b6,33,\
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.avi"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itb"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M3U"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4a"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4v"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1970889631-2844708747-3082358778-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\windows\system32\crypserv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Common Files\Teleca Shared\Generic.exe
c:\program files (x86)\Common Files\Teleca Shared\logger.exe
c:\program files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-04-28 16:50:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 20:50
.
Pre-Run: 347,938,852,864 bytes free
Post-Run: 348,028,825,600 bytes free
.
- - End Of File - - 6582081906EA6C14B585B6664F7DCE25

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:35 PM

Posted 29 April 2012 - 07:43 AM

Looking good.

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post this log and let me know what problem persists.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users