Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect - click.get-answers fast and others


  • This topic is locked This topic is locked
16 replies to this topic

#1 DrSmithy455

DrSmithy455

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 11 May 2012 - 07:42 PM

Hello,

I am running Windows 7 32-bit. Google searches in Firefox consistently redirect to wrong sites. Currently use Avast anti-virus, and Windows Defender and MalwareBytes Anti-Spyware have not detected anything on full scans.

Please see below DDS and GMER logs. Also have the "Attach" file if needed. Thanks in advance for any help!!



DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.2.0
Run by Kobs at 18:16:52 on 2012-05-11
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.336 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\uArcCapture.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: File Sanitizer for HP ProtectTools: {3134413b-49b4-425c-98a5-893c1f195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: HP ProtectTools Security Manager Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - c:\program files\hewlett-packard\hp protecttools security manager\bin\DpOtsPluginIe8.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [F.lux] "c:\users\kobs\local settings\apps\f.lux\flux.exe" /noshow
mRun: [QLBController] c:\program files\hewlett-packard\hp hotkey support\QLBController.exe /start
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [HPPowerAssistant] c:\program files\hewlett-packard\hp power assistant\HPPA_Main.exe /hidden
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [HPWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\delayedappstarter.exe 120 c:\program files\hewlett-packard\hp wireless assistant\HPWA_Main.exe /hidden
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\kobs\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kobs\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\kobs\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\2656C6B696E6E2463303 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\34F6D666F6274794E6E6030393 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\34F6D666F6274794E6E6031383 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\34F6D666F6274794E6E6032303 : DhcpNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\5535150264F6F6460234F6572747 : DhcpNameServer = 172.17.8.1
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\A4B4D405 : DhcpNameServer = 137.192.2.3 206.9.64.101
TCP: Interfaces\{3DB62FD2-ECB1-4580-9258-4186CCEE625D}\B4D2A4D2E4 : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = DPPassFilter scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kobs\appdata\roaming\mozilla\firefox\profiles\krryvd7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
FF - plugin: c:\users\kobs\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\kobs\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\kobs\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\kobs\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-26 64512]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2009-12-15 51800]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2009-12-15 13256]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-14 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-15 337880]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2011-4-25 65584]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2009-12-15 40088]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2011-7-13 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-15 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-2-15 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-4-4 44768]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2012-1-16 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2012-1-16 49152]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\hewlett-packard\hp power assistant\HPPA_Service.exe [2010-6-18 103992]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\2009 password filter for hp protecttools\PTChangeFilterService.exe [2010-10-19 32768]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\hewlett-packard\hp wireless assistant\HPWA_Service.exe [2010-4-5 103992]
R2 HPDayStarterService;HP DayStarter Service;c:\program files\hewlett-packard\hp quicklook\HPDayStarterService.exe [2010-5-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2009-12-15 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2009-12-11 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\hewlett-packard\hp hotkey support\hpHotkeyMonitor.exe [2010-3-1 264248]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-7-16 26168]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-8 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-15 1153368]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-9-9 518472]
R2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2012-3-15 370504]
R2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2011-1-5 506472]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2011-1-5 2320920]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\drivers\ArcSoftVCapture.sys [2011-1-5 29824]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-4-6 132480]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2011-4-6 246272]
R3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\drivers\rtsuvc.sys [2011-1-5 73344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2012-1-16 247320]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2011-1-5 294952]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2011-1-5 33320]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2009-10-21 32312]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-12-8 181792]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-25 279656]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-16 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-05-11 03:08:33 0 ----a-w- c:\windows\system32\shoA05.tmp
2012-05-11 02:58:56 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a455ba25-de7b-45d5-8665-67c054da7f97}\offreg.dll
2012-05-11 01:13:36 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 01:13:27 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-11 01:13:25 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-11 01:13:23 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-11 01:13:23 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-11 01:13:13 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:13:10 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:13:08 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 01:12:53 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 01:12:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 01:53:11 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a455ba25-de7b-45d5-8665-67c054da7f97}\mpengine.dll
2012-05-10 01:06:52 -------- d-----w- c:\users\kobs\appdata\local\Splashtop
2012-05-08 02:44:48 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 02:44:39 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-08 02:44:39 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-28 06:51:18 -------- d-----w- c:\windows\en
2012-04-28 06:45:48 537432 ----a-w- c:\program files\common files\windows live\.cache\8ade3fcf1cd250a01\DXSETUP.exe
2012-04-28 06:45:48 1801048 ----a-w- c:\program files\common files\windows live\.cache\8ade3fcf1cd250a01\dsetup32.dll
2012-04-28 06:45:47 89944 ----a-w- c:\program files\common files\windows live\.cache\8ade3fcf1cd250a01\DSETUP.dll
2012-04-28 05:42:58 -------- d-----w- c:\users\kobs\appdata\local\{12183AF8-DCC4-4A95-9A84-86DA5C6FF3AA}
2012-04-28 05:38:39 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-28 05:36:55 19352 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-04-28 05:35:29 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-04-28 05:35:29 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-04-28 05:35:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-28 05:35:03 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-04-28 05:33:41 94040 ----a-w- c:\program files\common files\windows live\.cache\760c9ac01cd250007\DSETUP.dll
2012-04-28 05:33:41 525656 ----a-w- c:\program files\common files\windows live\.cache\760c9ac01cd250007\DXSETUP.exe
2012-04-28 05:33:41 1691480 ----a-w- c:\program files\common files\windows live\.cache\760c9ac01cd250007\dsetup32.dll
2012-04-28 05:32:42 -------- d-----w- c:\users\kobs\appdata\local\Windows Live
2012-04-28 05:32:41 -------- d-----w- c:\program files\common files\Windows Live
2012-04-24 01:28:02 -------- d-----w- c:\users\kobs\appdata\roaming\PACE Anti-Piracy
2012-04-24 01:28:02 -------- d-----w- c:\users\kobs\appdata\local\PACE Anti-Piracy
2012-04-24 01:28:02 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-04-24 01:14:42 -------- d-----w- c:\users\kobs\appdata\roaming\Antares
2012-04-24 01:14:42 -------- d-----w- c:\program files\Antares Audio Technologies
2012-04-24 01:14:39 -------- d-----w- c:\program files\common files\Digidesign
2012-04-24 01:00:38 -------- d-----w- c:\program files\InterLok
2012-04-24 00:43:09 -------- d-----w- c:\program files\Audacity
2012-04-15 01:01:35 -------- d-----w- c:\users\kobs\.thumbnails
2012-04-13 12:05:38 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 12:05:38 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 12:05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 12:05:37 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M ====================
.
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 23:37:20 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-28 05:38:52 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2006-05-03 16:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 17:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 19:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 04:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 18:21:15.31 ===============



GMER Log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-11 19:26:43
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AK1
Running: isernerq.exe; Driver: C:\Users\Kobs\AppData\Local\Temp\kwldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE35DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8F837A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8DE3685E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE3B2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE3B330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE3B422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE3B252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DE3B374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE3B29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE3B3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE35E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8F837B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DE35AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE35E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE38D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE36B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE3B30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE3B352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE3B446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE3B278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE3B3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE3B2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE3B400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8F837CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE369CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE35EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE35F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE35B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE35CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE35C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE35D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8F837D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE35F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8F837BE0]

INT 0x51 ? 976C9558
INT 0x61 ? 976C97D8
INT 0xA1 ? 976C9A58
INT 0xA2 ? 976C9CD8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F84DD92]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 8307E3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B7D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 830BED80 4 Bytes [F8, 5D, E3, 8D] {CLC ; POP EBP; JECXZ 0xffffffffffffff91}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 830BEDA8 4 Bytes [5A, 7A, 83, 8F]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 830BEE08 4 Bytes [5E, 68, E3, 8D]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830BEE5C 8 Bytes [E4, B2, E3, 8D, 30, B3, E3, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 830BEE68 4 Bytes [22, B4, E3, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8324BC64 5 Bytes JMP 8F84AC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 83264290 5 Bytes JMP 8F84C764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832793D7 4 Bytes CALL 8DE371B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832931E0 4 Bytes CALL 8DE371CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 8331D11A 7 Bytes JMP 8F84DD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? C:\windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
? C:\Users\Kobs\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text user32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes [E9, 0A, 5C, AF, 8A] {JMP 0xffffffff8aaf5c0f}
.text user32.dll!UnhookWinEvent 7581B750 5 Bytes [E9, A7, 4C, AF, 8A] {JMP 0xffffffff8aaf4cac}
.text user32.dll!SetWindowsHookExW 7581E30C 5 Bytes [E9, F3, 24, AF, 8A] {JMP 0xffffffff8aaf24f8}
.text user32.dll!SetWinEventHook 758224DC 5 Bytes [E9, 17, DD, AE, 8A] {JMP 0xffffffff8aaedd1c}
.text user32.dll!SetWindowsHookExA 75846D0C 5 Bytes [E9, EF, 98, AC, 8A] {JMP 0xffffffff8aac98f4}
.text kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[400] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002403FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00240804
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002401F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[424] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00240600
.text C:\windows\system32\csrss.exe[508] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\aestsrv.exe[524] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\aestsrv.exe[524] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\aestsrv.exe[524] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[560] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\wininit.exe[560] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000301F8
.text C:\windows\system32\wininit.exe[560] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\wininit.exe[560] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\wininit.exe[560] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\windows\system32\wininit.exe[560] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\windows\system32\wininit.exe[560] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\windows\system32\wininit.exe[560] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\windows\system32\wininit.exe[560] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\windows\system32\csrss.exe[568] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[616] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\winlogon.exe[616] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000301F8
.text C:\windows\system32\winlogon.exe[616] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\winlogon.exe[616] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00050A08
.text C:\windows\system32\winlogon.exe[616] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000503FC
.text C:\windows\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00050804
.text C:\windows\system32\winlogon.exe[616] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000501F8
.text C:\windows\system32\winlogon.exe[616] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00050600
.text C:\windows\system32\services.exe[660] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\services.exe[660] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\services.exe[660] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\lsass.exe[676] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsass.exe[676] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsass.exe[676] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\lsass.exe[676] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\lsass.exe[676] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\windows\system32\lsass.exe[676] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\windows\system32\lsm.exe[684] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\lsm.exe[684] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\lsm.exe[684] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[740] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe[868] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe[904] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[952] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[952] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[952] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00300A08
.text C:\windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 003003FC
.text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00300804
.text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 003001F8
.text C:\windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00300600
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001701F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00AE0A08
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 00AE03FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00AE0804
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 00AE01F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[1092] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00AE0600
.text C:\windows\System32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[1100] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00190A08
.text C:\windows\System32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001903FC
.text C:\windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00190804
.text C:\windows\System32\svchost.exe[1100] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001901F8
.text C:\windows\System32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00190600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001501F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00170A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001703FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00170804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001701F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe[1140] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00170600
.text C:\windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00B50A08
.text C:\windows\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 00B503FC
.text C:\windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00B50804
.text C:\windows\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 00B501F8
.text C:\windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00B50600
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Program Files\IDT\WDM\STacSV.exe[1180] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00330A08
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 003303FC
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00330804
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 003301F8
.text C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe[1332] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00330600
.text C:\windows\system32\svchost.exe[1420] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1512] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1512] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 002E0A08
.text C:\windows\system32\svchost.exe[1512] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002E03FC
.text C:\windows\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 002E0804
.text C:\windows\system32\svchost.exe[1512] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002E01F8
.text C:\windows\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 002E0600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001503FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001501F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00180A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001803FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00180804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001801F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe[1540] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00180600
.text C:\windows\system32\Hpservice.exe[1572] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\Hpservice.exe[1572] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\Hpservice.exe[1572] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\Hpservice.exe[1572] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00240A08
.text C:\windows\system32\Hpservice.exe[1572] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002403FC
.text C:\windows\system32\Hpservice.exe[1572] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00240804
.text C:\windows\system32\Hpservice.exe[1572] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002401F8
.text C:\windows\system32\Hpservice.exe[1572] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00240600
.text C:\windows\system32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[1660] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00450A08
.text C:\windows\system32\svchost.exe[1660] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 004503FC
.text C:\windows\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00450804
.text C:\windows\system32\svchost.exe[1660] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 004501F8
.text C:\windows\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00450600
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 754AF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\WLANExt.exe[1744] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\WLANExt.exe[1744] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\WLANExt.exe[1744] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\WLANExt.exe[1744] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00130A08
.text C:\windows\system32\WLANExt.exe[1744] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001303FC
.text C:\windows\system32\WLANExt.exe[1744] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00130804
.text C:\windows\system32\WLANExt.exe[1744] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001301F8
.text C:\windows\system32\WLANExt.exe[1744] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00130600
.text C:\windows\system32\conhost.exe[1752] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000303FC
.text C:\windows\system32\conhost.exe[1752] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000301F8
.text C:\windows\system32\conhost.exe[1752] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\conhost.exe[1752] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\conhost.exe[1752] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\windows\system32\conhost.exe[1752] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\windows\system32\conhost.exe[1752] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\windows\system32\conhost.exe[1752] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\windows\system32\conhost.exe[1752] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00310A08
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 003103FC
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00310804
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 003101F8
.text C:\Users\Kobs\Desktop\isernerq.exe[1776] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00310600
.text C:\windows\System32\spoolsv.exe[1896] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\spoolsv.exe[1896] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\System32\spoolsv.exe[1896] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\windows\System32\spoolsv.exe[1896] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\windows\System32\spoolsv.exe[1896] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\windows\System32\spoolsv.exe[1896] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe[1924] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text C:\windows\system32\svchost.exe[2004] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2004] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2004] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[2004] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00210A08
.text C:\windows\system32\svchost.exe[2004] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002103FC
.text C:\windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00210804
.text C:\windows\system32\svchost.exe[2004] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002101F8
.text C:\windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00210600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00090804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2024] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00090600
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001903FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00190804
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001901F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2068] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00190600
.text C:\windows\system32\svchost.exe[2112] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000A03FC
.text C:\windows\system32\svchost.exe[2112] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000A01F8
.text C:\windows\system32\svchost.exe[2112] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[2112] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00A60A08
.text C:\windows\system32\svchost.exe[2112] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 00A603FC
.text C:\windows\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00A60804
.text C:\windows\system32\svchost.exe[2112] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 00A601F8
.text C:\windows\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00A60600
.text C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe[2164] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe[2192] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe[2332] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe[2352] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[2376] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000F0600
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe[2408] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\windows\system32\svchost.exe[2432] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2432] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2432] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002203FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00220804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002201F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2460] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00220600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000D0A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000D03FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] USER32.dll!SetWindowsHookExW 7581E30C 3 Bytes JMP 000D0804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] USER32.dll!SetWindowsHookExW + 4 7581E310 1 Byte [8A]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000D01F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2472] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000D0600
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[2488] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000A03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000A01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00150A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00150804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2828] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00150600
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00190A08
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001903FC
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00190804
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001901F8
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe[2896] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00190600
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001703FC
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001701F8
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe[2940] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001A0600
.text C:\windows\system32\svchost.exe[2972] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[2972] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[2972] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\uArcCapture.exe[3008] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\windows\system32\uArcCapture.exe[3008] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\windows\system32\uArcCapture.exe[3008] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\uArcCapture.exe[3008] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text C:\windows\system32\uArcCapture.exe[3008] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text C:\windows\system32\uArcCapture.exe[3008] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text C:\windows\system32\uArcCapture.exe[3008] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text C:\windows\system32\uArcCapture.exe[3008] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text C:\windows\System32\svchost.exe[3076] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[3076] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[3076] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[3076] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00110A08
.text C:\windows\System32\svchost.exe[3076] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001103FC
.text C:\windows\System32\svchost.exe[3076] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00110804
.text C:\windows\System32\svchost.exe[3076] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001101F8
.text C:\windows\System32\svchost.exe[3076] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00110600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000A0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000A03FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 000A0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000A01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3168] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000A0600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00130A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001303FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00130804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001301F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3224] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00130600
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[3368] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000903FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[3376] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00090600
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00220A08
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002203FC
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00220804
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002201F8
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3396] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00220600
.text C:\windows\system32\wbem\unsecapp.exe[3468] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\unsecapp.exe[3468] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\unsecapp.exe[3468] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\wbem\unsecapp.exe[3468] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\wbem\unsecapp.exe[3468] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\wbem\unsecapp.exe[3468] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\wbem\unsecapp.exe[3468] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\wbem\unsecapp.exe[3468] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000F0600
.text C:\windows\system32\wbem\wmiprvse.exe[3576] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[3576] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[3576] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3576] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00110A08
.text C:\windows\system32\wbem\wmiprvse.exe[3576] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001103FC
.text C:\windows\system32\wbem\wmiprvse.exe[3576] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00110804
.text C:\windows\system32\wbem\wmiprvse.exe[3576] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001101F8
.text C:\windows\system32\wbem\wmiprvse.exe[3576] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00110600
.text C:\windows\system32\wbem\wmiprvse.exe[3764] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\wbem\wmiprvse.exe[3764] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\wbem\wmiprvse.exe[3764] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\wbem\wmiprvse.exe[3764] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00190A08
.text C:\windows\system32\wbem\wmiprvse.exe[3764] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001903FC
.text C:\windows\system32\wbem\wmiprvse.exe[3764] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00190804
.text C:\windows\system32\wbem\wmiprvse.exe[3764] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001901F8
.text C:\windows\system32\wbem\wmiprvse.exe[3764] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00190600
.text C:\windows\system32\svchost.exe[3872] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[3872] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[3872] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[3872] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00240A08
.text C:\windows\system32\svchost.exe[3872] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002403FC
.text C:\windows\system32\svchost.exe[3872] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00240804
.text C:\windows\system32\svchost.exe[3872] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002401F8
.text C:\windows\system32\svchost.exe[3872] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00240600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00120A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001203FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00120804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001201F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3940] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00120600
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\windows\system32\svchost.exe[4080] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\svchost.exe[4080] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\svchost.exe[4080] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\svchost.exe[4080] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001C0A08
.text C:\windows\system32\svchost.exe[4080] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001C03FC
.text C:\windows\system32\svchost.exe[4080] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001C0804
.text C:\windows\system32\svchost.exe[4080] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001C01F8
.text C:\windows\system32\svchost.exe[4080] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001C0600
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000503FC
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000501F8
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00080A08
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000803FC
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00080804
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000801F8
.text C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[4128] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00080600
.text C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[4400] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe[4408] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4464] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00210A08
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002103FC
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00210804
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002101F8
.text C:\Program Files\Citrix\ICA Client\concentr.exe[4808] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00210600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001F03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4824] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001F0600
.text C:\windows\System32\svchost.exe[5064] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[5064] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[5064] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00110A08
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001103FC
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00110804
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001101F8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[5184] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00110600
.text C:\Windows\System32\igfxpers.exe[5188] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[5188] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[5188] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[5188] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00210A08
.text C:\Windows\System32\igfxpers.exe[5188] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002103FC
.text C:\Windows\System32\igfxpers.exe[5188] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00210804
.text C:\Windows\System32\igfxpers.exe[5188] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002101F8
.text C:\Windows\System32\igfxpers.exe[5188] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00210600
.text C:\windows\system32\taskhost.exe[5228] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000903FC
.text C:\windows\system32\taskhost.exe[5228] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000901F8
.text C:\windows\system32\taskhost.exe[5228] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\taskhost.exe[5228] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000B0A08
.text C:\windows\system32\taskhost.exe[5228] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000B03FC
.text C:\windows\system32\taskhost.exe[5228] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 000B0804
.text C:\windows\system32\taskhost.exe[5228] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000B01F8
.text C:\windows\system32\taskhost.exe[5228] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000B0600
.text C:\windows\system32\Dwm.exe[5320] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\Dwm.exe[5320] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\Dwm.exe[5320] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\Dwm.exe[5320] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000F0A08
.text C:\windows\system32\Dwm.exe[5320] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000F03FC
.text C:\windows\system32\Dwm.exe[5320] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 000F0804
.text C:\windows\system32\Dwm.exe[5320] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000F01F8
.text C:\windows\system32\Dwm.exe[5320] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000F0600
.text C:\windows\Explorer.EXE[5368] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\Explorer.EXE[5368] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\Explorer.EXE[5368] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\Explorer.EXE[5368] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00110A08
.text C:\windows\Explorer.EXE[5368] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001103FC
.text C:\windows\Explorer.EXE[5368] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00110804
.text C:\windows\Explorer.EXE[5368] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001101F8
.text C:\windows\Explorer.EXE[5368] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00110600
.text C:\windows\system32\SearchIndexer.exe[5408] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\SearchIndexer.exe[5408] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\SearchIndexer.exe[5408] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\SearchIndexer.exe[5408] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00140A08
.text C:\windows\system32\SearchIndexer.exe[5408] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001403FC
.text C:\windows\system32\SearchIndexer.exe[5408] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00140804
.text C:\windows\system32\SearchIndexer.exe[5408] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001401F8
.text C:\windows\system32\SearchIndexer.exe[5408] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00140600
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00390A08
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 003903FC
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00390804
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 003901F8
.text C:\Program Files\Citrix\ICA Client\wfcrun32.exe[5440] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00390600
.text C:\windows\System32\svchost.exe[5532] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\System32\svchost.exe[5532] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\System32\svchost.exe[5532] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\System32\svchost.exe[5532] user32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00510A08
.text C:\windows\System32\svchost.exe[5532] user32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 005103FC
.text C:\windows\System32\svchost.exe[5532] user32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00510804
.text C:\windows\System32\svchost.exe[5532] user32.dll!SetWinEventHook 758224DC 5 Bytes JMP 005101F8
.text C:\windows\System32\svchost.exe[5532] user32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00510600
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00230A08
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002303FC
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00230804
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002301F8
.text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[5616] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00230600
.text C:\windows\system32\NOTEPAD.EXE[5636] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\NOTEPAD.EXE[5636] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\NOTEPAD.EXE[5636] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\NOTEPAD.EXE[5636] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\NOTEPAD.EXE[5636] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\windows\system32\NOTEPAD.EXE[5636] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\windows\system32\NOTEPAD.EXE[5636] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\windows\system32\NOTEPAD.EXE[5636] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\windows\system32\NOTEPAD.EXE[5636] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\Windows\System32\igfxtray.exe[5676] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[5676] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[5676] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[5676] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\igfxtray.exe[5676] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\igfxtray.exe[5676] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\igfxtray.exe[5676] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\igfxtray.exe[5676] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\Windows\System32\hkcmd.exe[5728] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[5728] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[5728] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[5728] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00200A08
.text C:\Windows\System32\hkcmd.exe[5728] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002003FC
.text C:\Windows\System32\hkcmd.exe[5728] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00200804
.text C:\Windows\System32\hkcmd.exe[5728] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002001F8
.text C:\Windows\System32\hkcmd.exe[5728] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00200600
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 000F0A08
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000F03FC
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 000F0804
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000F01F8
.text C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe[5848] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 000F0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 005C0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 005C03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 005C0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 005C01F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[6004] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 005C0600
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001503FC
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001501F8
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00170A08
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001703FC
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00170804
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001701F8
.text C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe[6040] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00300A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 003003FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00300804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 003001F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[6044] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00300600
.text C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6096] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe[6228] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 5B7FC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] kernel32.dll!MapViewOfFile 754A93DB 5 Bytes JMP 5BA2E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] kernel32.dll!VirtualAlloc 754AC43A 5 Bytes JMP 5BA2E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000803FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00080804
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000801F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00080600
.text C:\Program Files\Mozilla Firefox\firefox.exe[6244] GDI32.dll!CreateDIBSection 75418850 5 Bytes JMP 5BA2E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\windows\system32\AUDIODG.EXE[6308] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[6400] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\DllHost.exe[6416] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000503FC
.text C:\windows\system32\DllHost.exe[6416] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000501F8
.text C:\windows\system32\DllHost.exe[6416] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\DllHost.exe[6416] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00070A08
.text C:\windows\system32\DllHost.exe[6416] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000703FC
.text C:\windows\system32\DllHost.exe[6416] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00070804
.text C:\windows\system32\DllHost.exe[6416] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000701F8
.text C:\windows\system32\DllHost.exe[6416] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!SetWindowLongA 75818BA3 5 Bytes JMP 5BB85EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00310A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 003103FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00310804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 003101F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!SetWindowLongW 75824449 5 Bytes JMP 5BB85E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!GetWindowInfo 75824B5E 5 Bytes JMP 5B974822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!TrackPopupMenu 75832228 5 Bytes JMP 5B974DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[6456] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00310600
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[6676] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[6888] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00240A08
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 002403FC
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00240804
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 002401F8
.text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[7016] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00240600
.text C:\windows\system32\NOTEPAD.EXE[7344] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\windows\system32\NOTEPAD.EXE[7344] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\windows\system32\NOTEPAD.EXE[7344] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\windows\system32\NOTEPAD.EXE[7344] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00100A08
.text C:\windows\system32\NOTEPAD.EXE[7344] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001003FC
.text C:\windows\system32\NOTEPAD.EXE[7344] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00100804
.text C:\windows\system32\NOTEPAD.EXE[7344] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001001F8
.text C:\windows\system32\NOTEPAD.EXE[7344] USER32.dll!SetWindowsHookExA 75846D0C 3 Bytes JMP 00100600
.text C:\windows\system32\NOTEPAD.EXE[7344] USER32.dll!SetWindowsHookExA + 4 75846D10 1 Byte [8A]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[7504] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 000603FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 000601F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 00080A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 000803FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 00080804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 000801F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe[7740] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 00080600
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] ntdll.dll!LdrUnloadDll 76F5C86E 5 Bytes JMP 001603FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] ntdll.dll!LdrLoadDll 76F6223E 5 Bytes JMP 001601F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] kernel32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] USER32.dll!UnhookWindowsHookEx 7581ADF9 5 Bytes JMP 001A0A08
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] USER32.dll!UnhookWinEvent 7581B750 5 Bytes JMP 001A03FC
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] USER32.dll!SetWindowsHookExW 7581E30C 5 Bytes JMP 001A0804
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] USER32.dll!SetWinEventHook 758224DC 5 Bytes JMP 001A01F8
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[7884] USER32.dll!SetWindowsHookExA 75846D0C 5 Bytes JMP 001A0600
.text C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[8144] KERNEL32.dll!GetBinaryTypeW + 70 754C69F4 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000072 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a828fbd97
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a828fbd97 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 11 May 2012 - 11:59 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: avast! Antivirus


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 12 May 2012 - 10:25 AM

Hi Gringo,

Thanks for the help.

Below are the 2 logs. When running combofix, I received the error: "Windows cannot find NIRCMD" before proceeding. Other than that, it ran fine.

I have still been having redirect problems on Google after running the software.



The Security Check log and ComboFix log are below:

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.4
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Java™ 7 Update 2
Java™ SE Development Kit 7 Update 2
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.1)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
windows defender MpCmdRun.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
``````````End of Log````````````











ComboFix 12-05-12.01 - Kobs 05/12/2012 9:58.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.473 [GMT -5:00]
Running from: c:\users\Kobs\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kobs\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-12 to 2012-05-12 )))))))))))))))))))))))))))))))
.
.
2012-05-12 15:14 . 2012-05-12 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-12 15:14 . 2012-05-12 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 00:28 . 2012-05-12 00:28 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D77D763A-712B-47F7-B374-AAE3D683DE81}\offreg.dll
2012-05-11 23:19 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D77D763A-712B-47F7-B374-AAE3D683DE81}\mpengine.dll
2012-05-11 03:08 . 2012-05-11 03:08 0 ----a-w- c:\windows\system32\shoA05.tmp
2012-05-11 01:13 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 01:13 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 01:13 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 01:13 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 01:13 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 01:13 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:13 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:13 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 01:12 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 01:12 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 01:06 . 2012-05-10 01:06 -------- d-----w- c:\users\Kobs\AppData\Local\Splashtop
2012-05-08 02:44 . 2012-05-08 02:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 02:44 . 2012-05-08 02:44 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 02:44 . 2012-05-08 02:44 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-08 02:37 . 2012-05-08 02:37 -------- d-----w- c:\program files\Common Files\Skype
2012-04-28 06:51 . 2012-04-28 06:51 -------- d-----w- c:\windows\en
2012-04-28 05:38 . 2012-04-28 05:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-28 05:37 . 2012-04-28 06:49 -------- d-----w- c:\program files\Windows Live
2012-04-28 05:36 . 2012-04-28 05:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-28 05:35 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-04-28 05:35 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-04-28 05:35 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-28 05:35 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-04-28 05:32 . 2012-04-28 05:42 -------- d-----w- c:\users\Kobs\AppData\Local\Windows Live
2012-04-28 05:32 . 2012-04-28 05:32 -------- d-----w- c:\program files\Common Files\Windows Live
2012-04-24 01:28 . 2012-04-24 01:28 -------- d-----w- c:\users\Kobs\AppData\Roaming\PACE Anti-Piracy
2012-04-24 01:28 . 2012-04-24 01:28 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-04-24 01:28 . 2012-04-24 01:28 -------- d-----w- c:\users\Kobs\AppData\Local\PACE Anti-Piracy
2012-04-24 01:14 . 2012-04-24 01:14 -------- d-----w- c:\users\Kobs\AppData\Roaming\Antares
2012-04-24 01:14 . 2012-04-24 01:14 -------- d-----w- c:\program files\Antares Audio Technologies
2012-04-24 01:14 . 2012-04-24 01:14 -------- d-----w- c:\program files\Common Files\Digidesign
2012-04-24 01:00 . 2012-04-24 01:00 -------- d-----w- c:\program files\InterLok
2012-04-24 00:43 . 2012-04-24 02:00 -------- d-----w- c:\users\Kobs\AppData\Roaming\Audacity
2012-04-24 00:43 . 2012-04-24 00:43 -------- d-----w- c:\program files\Audacity
2012-04-15 01:01 . 2012-04-15 02:44 -------- d-----w- c:\users\Kobs\AppData\Roaming\gtk-2.0
2012-04-15 01:01 . 2012-04-15 01:01 -------- d-----w- c:\users\Kobs\.thumbnails
2012-04-13 12:05 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 12:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 12:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 12:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 01:38 . 2011-04-06 21:45 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-04-19 01:38 . 2011-04-06 21:45 581120 ----a-w- c:\windows\system32\igdumdx32.dll
2012-04-19 01:38 . 2011-04-06 21:45 6323712 ----a-w- c:\windows\system32\igdumd32.dll
2012-04-19 01:38 . 2010-02-20 04:06 12340224 ----a-w- c:\windows\system32\igd10umd32.dll
2012-04-19 01:38 . 2011-04-06 21:45 96256 ----a-w- c:\windows\system32\hccutils.dll
2012-04-07 02:13 . 2012-04-07 02:13 388096 ----a-r- c:\users\Kobs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 20:56 . 2011-02-15 23:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-02-15 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-02-15 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-14 20:46 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-02-15 23:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-05 01:01 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-02-15 23:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-02-15 23:15 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-02-15 23:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 05:38 . 2012-04-10 23:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-10 23:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18 . 2011-02-15 23:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 23:44 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 23:44 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 23:44 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-08 02:44 . 2011-04-07 22:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Kobs\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-19 1691192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-19 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-19 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-19 176408]
.
c:\users\Kobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 ALSysIO;ALSysIO;c:\users\Kobs\AppData\Local\Temp\ALSysIO.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-10 294952]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 33320]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-05-25 279656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-17 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 65584]
S1 RsvLock;RsvLock; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2011-07-14 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2011-09-09 518472]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-04-06 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-06 246272]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:37 73344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 247320]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188441020-2620000565-2721936095-1001Core.job
- c:\users\Kobs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 01:44]
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188441020-2620000565-2721936095-1001UA.job
- c:\users\Kobs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 01:44]
.
2012-05-11 c:\windows\Tasks\HPCeeScheduleForKobs.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kobs\AppData\Roaming\Mozilla\Firefox\Profiles\krryvd7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.032"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.abr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.amr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.apd"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.arw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bay"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bwf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.caf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cel"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cr2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.crw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cs1"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djv"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djvu"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dng"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.eps"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.erf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fff"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.flc"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fli"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.gsm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.hdr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icn"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iff"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ilbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.int"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.inta"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iw4"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2c"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2k"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jbr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jif"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jp2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpc"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpk"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kar"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kdc"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.lbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m15"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m1a"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m2a"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m75"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mef"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mos"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mpv"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mrw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.nef"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.nrw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.orf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcd"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pef"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pgm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pics"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ppm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psd"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspbrush"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspimage"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.qcp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.qtpf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ras"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgb"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgba"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rsb"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rw2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rwl"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sdv"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sfil"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sgi"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smi"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smil"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sml"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sr2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.swa"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.tga"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.thm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ulw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14o"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14p"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14pf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.vfw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbmp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xif"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xmp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(4952)
c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\taskhost.exe
c:\program files\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-05-12 10:21:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-12 15:21
.
Pre-Run: 195,003,658,240 bytes free
Post-Run: 195,005,419,520 bytes free
.
- - End Of File - - 815E2D41D6893581FB34A3409054BBD9

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 12 May 2012 - 05:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 12 May 2012 - 06:28 PM

Hello Gringo,

Below are the 2 logs. TDSSKiller found 1 threat which was skipped by default.


TDSS:

17:53:14.0146 5820 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:53:14.0639 5820 ============================================================
17:53:14.0639 5820 Current date / time: 2012/05/12 17:53:14.0639
17:53:14.0639 5820 SystemInfo:
17:53:14.0639 5820
17:53:14.0639 5820 OS Version: 6.1.7601 ServicePack: 1.0
17:53:14.0639 5820 Product type: Workstation
17:53:14.0639 5820 ComputerName: KOBS-HP
17:53:14.0639 5820 UserName: Kobs
17:53:14.0639 5820 Windows directory: C:\windows
17:53:14.0639 5820 System windows directory: C:\windows
17:53:14.0640 5820 Processor architecture: Intel x86
17:53:14.0640 5820 Number of processors: 4
17:53:14.0640 5820 Page size: 0x1000
17:53:14.0640 5820 Boot type: Normal boot
17:53:14.0640 5820 ============================================================
17:53:15.0640 5820 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:53:15.0662 5820 ============================================================
17:53:15.0662 5820 \Device\Harddisk0\DR0:
17:53:15.0663 5820 MBR partitions:
17:53:15.0663 5820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
17:53:15.0663 5820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x2319A000
17:53:15.0663 5820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23230800, BlocksNum 0x1E00000
17:53:15.0663 5820 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x25030800, BlocksNum 0x3FDAB0
17:53:15.0663 5820 ============================================================
17:53:15.0697 5820 C: <-> \Device\Harddisk0\DR0\Partition1
17:53:15.0725 5820 F: <-> \Device\Harddisk0\DR0\Partition3
17:53:15.0740 5820 ============================================================
17:53:15.0740 5820 Initialize success
17:53:15.0740 5820 ============================================================
17:53:21.0588 2176 ============================================================
17:53:21.0588 2176 Scan started
17:53:21.0588 2176 Mode: Manual;
17:53:21.0588 2176 ============================================================
17:53:22.0519 2176 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
17:53:22.0524 2176 1394ohci - ok
17:53:22.0557 2176 Accelerometer (465b6baaba53a628f7252846d0e900ee) C:\windows\system32\DRIVERS\Accelerometer.sys
17:53:22.0560 2176 Accelerometer - ok
17:53:22.0700 2176 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
17:53:22.0705 2176 ACDaemon - ok
17:53:22.0750 2176 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
17:53:22.0756 2176 ACPI - ok
17:53:22.0785 2176 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
17:53:22.0787 2176 AcpiPmi - ok
17:53:22.0864 2176 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:53:22.0867 2176 AdobeARMservice - ok
17:53:22.0901 2176 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
17:53:22.0910 2176 adp94xx - ok
17:53:22.0955 2176 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
17:53:22.0962 2176 adpahci - ok
17:53:22.0977 2176 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
17:53:22.0981 2176 adpu320 - ok
17:53:23.0014 2176 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
17:53:23.0017 2176 AeLookupSvc - ok
17:53:23.0093 2176 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
17:53:23.0097 2176 AESTFilters - ok
17:53:23.0126 2176 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\windows\system32\drivers\Afc.sys
17:53:23.0129 2176 Afc - ok
17:53:23.0175 2176 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
17:53:23.0182 2176 AFD - ok
17:53:23.0285 2176 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
17:53:23.0296 2176 AffinegyService - ok
17:53:23.0379 2176 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
17:53:23.0398 2176 AgereSoftModem - ok
17:53:23.0420 2176 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
17:53:23.0423 2176 agp440 - ok
17:53:23.0481 2176 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
17:53:23.0485 2176 aic78xx - ok
17:53:23.0528 2176 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
17:53:23.0531 2176 ALG - ok
17:53:23.0545 2176 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
17:53:23.0548 2176 aliide - ok
17:53:23.0614 2176 ALSysIO - ok
17:53:23.0636 2176 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
17:53:23.0639 2176 amdagp - ok
17:53:23.0660 2176 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
17:53:23.0662 2176 amdide - ok
17:53:23.0695 2176 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
17:53:23.0697 2176 AmdK8 - ok
17:53:23.0704 2176 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
17:53:23.0707 2176 AmdPPM - ok
17:53:23.0737 2176 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
17:53:23.0740 2176 amdsata - ok
17:53:23.0785 2176 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
17:53:23.0789 2176 amdsbs - ok
17:53:23.0813 2176 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
17:53:23.0816 2176 amdxata - ok
17:53:23.0868 2176 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
17:53:23.0870 2176 AppID - ok
17:53:23.0895 2176 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
17:53:23.0897 2176 AppIDSvc - ok
17:53:23.0950 2176 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
17:53:23.0953 2176 Appinfo - ok
17:53:24.0090 2176 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:53:24.0094 2176 Apple Mobile Device - ok
17:53:24.0127 2176 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\windows\System32\appmgmts.dll
17:53:24.0131 2176 AppMgmt - ok
17:53:24.0160 2176 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
17:53:24.0163 2176 arc - ok
17:53:24.0171 2176 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
17:53:24.0174 2176 arcsas - ok
17:53:24.0198 2176 ARCVCAM (74fc764f43e68548b9024773cb94979c) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
17:53:24.0201 2176 ARCVCAM - ok
17:53:24.0215 2176 ASInsHelp - ok
17:53:24.0310 2176 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:53:24.0323 2176 aspnet_state - ok
17:53:24.0354 2176 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\windows\system32\drivers\aswFsBlk.sys
17:53:24.0356 2176 aswFsBlk - ok
17:53:24.0371 2176 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\windows\system32\drivers\aswMonFlt.sys
17:53:24.0374 2176 aswMonFlt - ok
17:53:24.0425 2176 aswRdr (225013c16fe096714d71649ad7a20e8b) C:\windows\System32\Drivers\aswrdr2.sys
17:53:24.0428 2176 aswRdr - ok
17:53:24.0487 2176 aswSnx (dcb199b967375753b5019ec15f008f53) C:\windows\system32\drivers\aswSnx.sys
17:53:24.0498 2176 aswSnx - ok
17:53:24.0524 2176 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\windows\system32\drivers\aswSP.sys
17:53:24.0531 2176 aswSP - ok
17:53:24.0538 2176 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\windows\system32\drivers\aswTdi.sys
17:53:24.0541 2176 aswTdi - ok
17:53:24.0588 2176 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
17:53:24.0590 2176 AsyncMac - ok
17:53:24.0629 2176 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
17:53:24.0631 2176 atapi - ok
17:53:24.0692 2176 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
17:53:24.0701 2176 AudioEndpointBuilder - ok
17:53:24.0711 2176 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
17:53:24.0717 2176 Audiosrv - ok
17:53:24.0804 2176 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
17:53:24.0806 2176 avast! Antivirus - ok
17:53:24.0846 2176 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
17:53:24.0850 2176 AxInstSV - ok
17:53:24.0903 2176 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
17:53:24.0912 2176 b06bdrv - ok
17:53:24.0962 2176 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
17:53:24.0967 2176 b57nd60x - ok
17:53:25.0125 2176 BCM43XX (9c3b534854f0152ed4711d936a2192eb) C:\windows\system32\DRIVERS\bcmwl6.sys
17:53:25.0164 2176 BCM43XX - ok
17:53:25.0263 2176 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
17:53:25.0266 2176 BDESVC - ok
17:53:25.0331 2176 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
17:53:25.0333 2176 Beep - ok
17:53:25.0463 2176 Belkin Local Backup Service (defce42fe9eed1a0dc4a28fddff603c9) C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
17:53:25.0466 2176 Belkin Local Backup Service - ok
17:53:25.0491 2176 Belkin Network USB Helper (e23af2900a4e3ca7ff22f1c80a013305) C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
17:53:25.0492 2176 Belkin Network USB Helper - ok
17:53:25.0550 2176 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
17:53:25.0559 2176 BFE - ok
17:53:25.0626 2176 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
17:53:25.0642 2176 BITS - ok
17:53:25.0688 2176 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
17:53:25.0690 2176 blbdrive - ok
17:53:25.0813 2176 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:53:25.0820 2176 Bonjour Service - ok
17:53:25.0850 2176 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
17:53:25.0853 2176 bowser - ok
17:53:25.0866 2176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:53:25.0867 2176 BrFiltLo - ok
17:53:25.0904 2176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:53:25.0906 2176 BrFiltUp - ok
17:53:25.0945 2176 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
17:53:25.0948 2176 BridgeMP - ok
17:53:25.0984 2176 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
17:53:25.0987 2176 Browser - ok
17:53:26.0013 2176 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
17:53:26.0018 2176 Brserid - ok
17:53:26.0064 2176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
17:53:26.0067 2176 BrSerWdm - ok
17:53:26.0090 2176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
17:53:26.0092 2176 BrUsbMdm - ok
17:53:26.0098 2176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
17:53:26.0101 2176 BrUsbSer - ok
17:53:26.0165 2176 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
17:53:26.0168 2176 BthEnum - ok
17:53:26.0176 2176 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
17:53:26.0180 2176 BTHMODEM - ok
17:53:26.0202 2176 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
17:53:26.0205 2176 BthPan - ok
17:53:26.0250 2176 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
17:53:26.0258 2176 BTHPORT - ok
17:53:26.0296 2176 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
17:53:26.0299 2176 bthserv - ok
17:53:26.0313 2176 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
17:53:26.0316 2176 BTHUSB - ok
17:53:26.0344 2176 btwampfl (e4e5ab603c936bafd1a5de1d6086221e) C:\windows\system32\drivers\btwampfl.sys
17:53:26.0350 2176 btwampfl - ok
17:53:26.0379 2176 btwaudio (772994c15198818fee2314364cd12ee9) C:\windows\system32\drivers\btwaudio.sys
17:53:26.0382 2176 btwaudio - ok
17:53:26.0406 2176 btwavdt (f6a04b6e929c4d57906c76e92025d31c) C:\windows\system32\DRIVERS\btwavdt.sys
17:53:26.0409 2176 btwavdt - ok
17:53:26.0525 2176 btwdins (81ce317a33d86b532daa3b5a04d5103e) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:53:26.0534 2176 btwdins - ok
17:53:26.0542 2176 btwl2cap (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
17:53:26.0545 2176 btwl2cap - ok
17:53:26.0573 2176 btwrchid (bccbc07cd5cf37f53155c31c434b4a0e) C:\windows\system32\DRIVERS\btwrchid.sys
17:53:26.0575 2176 btwrchid - ok
17:53:26.0683 2176 catchme - ok
17:53:26.0718 2176 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
17:53:26.0721 2176 cdfs - ok
17:53:26.0760 2176 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
17:53:26.0763 2176 cdrom - ok
17:53:26.0810 2176 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
17:53:26.0812 2176 CertPropSvc - ok
17:53:26.0850 2176 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
17:53:26.0852 2176 circlass - ok
17:53:26.0881 2176 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
17:53:26.0886 2176 CLFS - ok
17:53:26.0936 2176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:53:26.0939 2176 clr_optimization_v2.0.50727_32 - ok
17:53:27.0003 2176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:53:27.0035 2176 clr_optimization_v4.0.30319_32 - ok
17:53:27.0053 2176 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
17:53:27.0055 2176 CmBatt - ok
17:53:27.0074 2176 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
17:53:27.0075 2176 cmdide - ok
17:53:27.0132 2176 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
17:53:27.0138 2176 CNG - ok
17:53:27.0167 2176 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
17:53:27.0169 2176 Compbatt - ok
17:53:27.0206 2176 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
17:53:27.0208 2176 CompositeBus - ok
17:53:27.0220 2176 COMSysApp - ok
17:53:27.0234 2176 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
17:53:27.0236 2176 crcdisk - ok
17:53:27.0278 2176 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
17:53:27.0282 2176 CryptSvc - ok
17:53:27.0331 2176 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\windows\system32\drivers\csc.sys
17:53:27.0338 2176 CSC - ok
17:53:27.0389 2176 CscService (15f93b37f6801943360d9eb42485d5d3) C:\windows\System32\cscsvc.dll
17:53:27.0397 2176 CscService - ok
17:53:27.0456 2176 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
17:53:27.0459 2176 ctxusbm - ok
17:53:27.0626 2176 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:53:27.0637 2176 cvhsvc - ok
17:53:27.0665 2176 DAMDrv (a05433f6218dcb8f0dec232de65f8b26) C:\windows\system32\DRIVERS\DAMDrv.sys
17:53:27.0667 2176 DAMDrv - ok
17:53:27.0698 2176 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
17:53:27.0708 2176 DcomLaunch - ok
17:53:27.0732 2176 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
17:53:27.0738 2176 defragsvc - ok
17:53:27.0778 2176 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
17:53:27.0780 2176 DfsC - ok
17:53:27.0837 2176 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
17:53:27.0843 2176 Dhcp - ok
17:53:27.0867 2176 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
17:53:27.0868 2176 discache - ok
17:53:27.0896 2176 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
17:53:27.0899 2176 Disk - ok
17:53:27.0926 2176 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
17:53:27.0930 2176 Dnscache - ok
17:53:27.0972 2176 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
17:53:27.0978 2176 dot3svc - ok
17:53:28.0026 2176 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys
17:53:28.0029 2176 Dot4 - ok
17:53:28.0048 2176 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\DRIVERS\Dot4Prt.sys
17:53:28.0050 2176 Dot4Print - ok
17:53:28.0071 2176 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys
17:53:28.0073 2176 dot4usb - ok
17:53:28.0191 2176 DpHost (cace0fdd5d1ea41a36ac8ce590330834) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
17:53:28.0195 2176 DpHost - ok
17:53:28.0234 2176 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
17:53:28.0238 2176 DPS - ok
17:53:28.0273 2176 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
17:53:28.0275 2176 drmkaud - ok
17:53:28.0325 2176 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
17:53:28.0335 2176 DXGKrnl - ok
17:53:28.0374 2176 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
17:53:28.0378 2176 EapHost - ok
17:53:28.0532 2176 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
17:53:28.0572 2176 ebdrv - ok
17:53:28.0656 2176 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
17:53:28.0661 2176 EFS - ok
17:53:28.0726 2176 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
17:53:28.0734 2176 ehRecvr - ok
17:53:28.0761 2176 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
17:53:28.0764 2176 ehSched - ok
17:53:28.0815 2176 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
17:53:28.0822 2176 elxstor - ok
17:53:28.0843 2176 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
17:53:28.0845 2176 ErrDev - ok
17:53:28.0890 2176 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
17:53:28.0895 2176 EventSystem - ok
17:53:28.0921 2176 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
17:53:28.0925 2176 exfat - ok
17:53:28.0944 2176 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
17:53:28.0948 2176 fastfat - ok
17:53:28.0996 2176 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
17:53:29.0006 2176 Fax - ok
17:53:29.0030 2176 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
17:53:29.0032 2176 fdc - ok
17:53:29.0046 2176 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
17:53:29.0049 2176 fdPHost - ok
17:53:29.0060 2176 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
17:53:29.0063 2176 FDResPub - ok
17:53:29.0076 2176 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
17:53:29.0078 2176 FileInfo - ok
17:53:29.0087 2176 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
17:53:29.0088 2176 Filetrace - ok
17:53:29.0131 2176 FLCDLOCK (7e728680aa428506a82351d859c32c95) c:\Windows\system32\flcdlock.exe
17:53:29.0139 2176 FLCDLOCK - ok
17:53:29.0155 2176 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
17:53:29.0157 2176 flpydisk - ok
17:53:29.0183 2176 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
17:53:29.0187 2176 FltMgr - ok
17:53:29.0232 2176 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
17:53:29.0243 2176 FontCache - ok
17:53:29.0310 2176 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:53:29.0312 2176 FontCache3.0.0.0 - ok
17:53:29.0330 2176 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
17:53:29.0332 2176 FsDepends - ok
17:53:29.0370 2176 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
17:53:29.0372 2176 Fs_Rec - ok
17:53:29.0412 2176 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
17:53:29.0415 2176 fvevol - ok
17:53:29.0431 2176 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
17:53:29.0433 2176 gagp30kx - ok
17:53:29.0454 2176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
17:53:29.0456 2176 GEARAspiWDM - ok
17:53:29.0506 2176 giveio (77ebf3e9386daa51551af429052d88d0) C:\windows\system32\giveio.sys
17:53:29.0509 2176 giveio - ok
17:53:29.0568 2176 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
17:53:29.0578 2176 gpsvc - ok
17:53:29.0591 2176 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
17:53:29.0593 2176 hcw85cir - ok
17:53:29.0627 2176 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
17:53:29.0632 2176 HdAudAddService - ok
17:53:29.0660 2176 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
17:53:29.0663 2176 HDAudBus - ok
17:53:29.0686 2176 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
17:53:29.0688 2176 HECI - ok
17:53:29.0715 2176 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
17:53:29.0717 2176 HidBatt - ok
17:53:29.0736 2176 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
17:53:29.0739 2176 HidBth - ok
17:53:29.0757 2176 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
17:53:29.0758 2176 HidIr - ok
17:53:29.0779 2176 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
17:53:29.0783 2176 hidserv - ok
17:53:29.0824 2176 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
17:53:29.0826 2176 HidUsb - ok
17:53:29.0852 2176 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
17:53:29.0857 2176 hkmsvc - ok
17:53:29.0898 2176 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
17:53:29.0904 2176 HomeGroupListener - ok
17:53:29.0947 2176 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
17:53:29.0955 2176 HomeGroupProvider - ok
17:53:30.0078 2176 HP Power Assistant Service (a094a4096ad7a90e2d790b590d3cbfd4) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
17:53:30.0082 2176 HP Power Assistant Service - ok
17:53:30.0135 2176 HP ProtectTools Service (657e81df0625198c97f91c09ae9611fc) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
17:53:30.0140 2176 HP ProtectTools Service - ok
17:53:30.0188 2176 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:53:30.0190 2176 HP Support Assistant Service - ok
17:53:30.0242 2176 HP Wireless Assistant Service (58cc11d14d88ef70ef7abbc75b5eebd8) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
17:53:30.0245 2176 HP Wireless Assistant Service - ok
17:53:30.0290 2176 HPDayStarterService (94c74d758e0f7b1d962da452b4d28c91) c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
17:53:30.0293 2176 HPDayStarterService - ok
17:53:30.0320 2176 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:53:30.0322 2176 HPDrvMntSvc.exe - ok
17:53:30.0372 2176 hpdskflt (d5c35e6416a379c445cda826b9fe452f) C:\windows\system32\DRIVERS\hpdskflt.sys
17:53:30.0374 2176 hpdskflt - ok
17:53:30.0428 2176 HpFkCryptService (393383fe7f577b4a111b44445716fcb3) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
17:53:30.0432 2176 HpFkCryptService - ok
17:53:30.0466 2176 HPFSService (c9d858e20ae696e7a0d9a05b595f850a) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
17:53:30.0470 2176 HPFSService - ok
17:53:30.0533 2176 hpHotkeyMonitor (4d94f4d7782657e79eb1352570b563db) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
17:53:30.0536 2176 hpHotkeyMonitor - ok
17:53:30.0621 2176 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
17:53:30.0626 2176 hpqcxs08 - ok
17:53:30.0653 2176 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
17:53:30.0656 2176 hpqddsvc - ok
17:53:30.0767 2176 HpqKbFiltr (ee9f88368739554dcca142ae0214bcb1) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
17:53:30.0769 2176 HpqKbFiltr - ok
17:53:30.0850 2176 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
17:53:30.0860 2176 hpqwmiex - ok
17:53:30.0880 2176 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
17:53:30.0882 2176 HpSAMD - ok
17:53:30.0926 2176 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
17:53:30.0946 2176 HPSLPSVC - ok
17:53:30.0974 2176 hpsrv (00dc55481fad2841284ed09e7d69cd11) C:\windows\system32\Hpservice.exe
17:53:30.0977 2176 hpsrv - ok
17:53:31.0033 2176 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
17:53:31.0040 2176 HTTP - ok
17:53:31.0070 2176 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
17:53:31.0071 2176 hwpolicy - ok
17:53:31.0115 2176 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
17:53:31.0117 2176 i8042prt - ok
17:53:31.0176 2176 iaStor (26541a068572f650a2fa490726fe81be) C:\windows\system32\DRIVERS\iaStor.sys
17:53:31.0180 2176 iaStor - ok
17:53:31.0293 2176 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
17:53:31.0294 2176 IAStorDataMgrSvc - ok
17:53:31.0335 2176 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
17:53:31.0340 2176 iaStorV - ok
17:53:31.0444 2176 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:53:31.0456 2176 idsvc - ok
17:53:31.0891 2176 igfx (3de3493935396b81cc57fdac32398001) C:\windows\system32\DRIVERS\igdkmd32.sys
17:53:32.0008 2176 igfx - ok
17:53:32.0113 2176 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
17:53:32.0115 2176 iirsp - ok
17:53:32.0161 2176 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
17:53:32.0172 2176 IKEEXT - ok
17:53:32.0210 2176 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\windows\system32\DRIVERS\Impcd.sys
17:53:32.0214 2176 Impcd - ok
17:53:32.0250 2176 IntcDAud (af6d1e38bce11daba4c01d6a6de94410) C:\windows\system32\DRIVERS\IntcDAud.sys
17:53:32.0254 2176 IntcDAud - ok
17:53:32.0281 2176 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
17:53:32.0283 2176 intelide - ok
17:53:32.0314 2176 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
17:53:32.0316 2176 intelppm - ok
17:53:32.0343 2176 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
17:53:32.0347 2176 IPBusEnum - ok
17:53:32.0374 2176 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:53:32.0377 2176 IpFilterDriver - ok
17:53:32.0434 2176 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
17:53:32.0442 2176 iphlpsvc - ok
17:53:32.0472 2176 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
17:53:32.0474 2176 IPMIDRV - ok
17:53:32.0486 2176 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
17:53:32.0489 2176 IPNAT - ok
17:53:32.0604 2176 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
17:53:32.0614 2176 iPod Service - ok
17:53:32.0632 2176 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
17:53:32.0634 2176 IRENUM - ok
17:53:32.0668 2176 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
17:53:32.0670 2176 isapnp - ok
17:53:32.0683 2176 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
17:53:32.0687 2176 iScsiPrt - ok
17:53:32.0710 2176 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
17:53:32.0711 2176 kbdclass - ok
17:53:32.0740 2176 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
17:53:32.0742 2176 kbdhid - ok
17:53:32.0782 2176 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
17:53:32.0785 2176 KeyIso - ok
17:53:32.0796 2176 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
17:53:32.0798 2176 KSecDD - ok
17:53:32.0813 2176 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
17:53:32.0816 2176 KSecPkg - ok
17:53:32.0844 2176 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
17:53:32.0851 2176 KtmRm - ok
17:53:32.0898 2176 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
17:53:32.0905 2176 LanmanServer - ok
17:53:32.0932 2176 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
17:53:32.0939 2176 LanmanWorkstation - ok
17:53:33.0055 2176 LightScribeService (83d8be94e1cbcbe2ea8372db1a95a159) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:53:33.0057 2176 LightScribeService - ok
17:53:33.0089 2176 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
17:53:33.0091 2176 lltdio - ok
17:53:33.0131 2176 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
17:53:33.0137 2176 lltdsvc - ok
17:53:33.0157 2176 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
17:53:33.0160 2176 lmhosts - ok
17:53:33.0215 2176 LMS (bb4e55778d8de3885e1cdac795de7bce) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:53:33.0219 2176 LMS - ok
17:53:33.0244 2176 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
17:53:33.0247 2176 LSI_FC - ok
17:53:33.0255 2176 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
17:53:33.0258 2176 LSI_SAS - ok
17:53:33.0269 2176 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:53:33.0271 2176 LSI_SAS2 - ok
17:53:33.0286 2176 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:53:33.0288 2176 LSI_SCSI - ok
17:53:33.0309 2176 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
17:53:33.0311 2176 luafv - ok
17:53:33.0366 2176 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
17:53:33.0371 2176 Mcx2Svc - ok
17:53:33.0400 2176 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
17:53:33.0402 2176 megasas - ok
17:53:33.0414 2176 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
17:53:33.0417 2176 MegaSR - ok
17:53:33.0445 2176 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
17:53:33.0449 2176 MMCSS - ok
17:53:33.0468 2176 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
17:53:33.0470 2176 Modem - ok
17:53:33.0486 2176 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
17:53:33.0487 2176 monitor - ok
17:53:33.0520 2176 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
17:53:33.0522 2176 mouclass - ok
17:53:33.0533 2176 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
17:53:33.0535 2176 mouhid - ok
17:53:33.0567 2176 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
17:53:33.0569 2176 mountmgr - ok
17:53:33.0678 2176 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:53:33.0681 2176 MozillaMaintenance - ok
17:53:33.0716 2176 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
17:53:33.0719 2176 mpio - ok
17:53:33.0738 2176 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
17:53:33.0740 2176 mpsdrv - ok
17:53:33.0783 2176 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
17:53:33.0792 2176 MpsSvc - ok
17:53:33.0821 2176 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
17:53:33.0824 2176 MRxDAV - ok
17:53:33.0854 2176 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
17:53:33.0857 2176 mrxsmb - ok
17:53:33.0886 2176 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:53:33.0890 2176 mrxsmb10 - ok
17:53:33.0899 2176 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:53:33.0902 2176 mrxsmb20 - ok
17:53:33.0922 2176 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
17:53:33.0924 2176 msahci - ok
17:53:33.0942 2176 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
17:53:33.0944 2176 msdsm - ok
17:53:33.0970 2176 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
17:53:33.0975 2176 MSDTC - ok
17:53:34.0019 2176 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
17:53:34.0021 2176 Msfs - ok
17:53:34.0031 2176 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
17:53:34.0033 2176 mshidkmdf - ok
17:53:34.0057 2176 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
17:53:34.0059 2176 msisadrv - ok
17:53:34.0092 2176 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
17:53:34.0097 2176 MSiSCSI - ok
17:53:34.0100 2176 msiserver - ok
17:53:34.0126 2176 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
17:53:34.0127 2176 MSKSSRV - ok
17:53:34.0142 2176 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
17:53:34.0144 2176 MSPCLOCK - ok
17:53:34.0153 2176 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
17:53:34.0155 2176 MSPQM - ok
17:53:34.0171 2176 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
17:53:34.0175 2176 MsRPC - ok
17:53:34.0193 2176 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
17:53:34.0195 2176 mssmbios - ok
17:53:34.0203 2176 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
17:53:34.0204 2176 MSTEE - ok
17:53:34.0219 2176 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
17:53:34.0221 2176 MTConfig - ok
17:53:34.0238 2176 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
17:53:34.0240 2176 Mup - ok
17:53:34.0280 2176 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
17:53:34.0288 2176 napagent - ok
17:53:34.0325 2176 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
17:53:34.0330 2176 NativeWifiP - ok
17:53:34.0363 2176 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
17:53:34.0372 2176 NDIS - ok
17:53:34.0389 2176 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
17:53:34.0391 2176 NdisCap - ok
17:53:34.0407 2176 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
17:53:34.0409 2176 NdisTapi - ok
17:53:34.0449 2176 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
17:53:34.0451 2176 Ndisuio - ok
17:53:34.0490 2176 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
17:53:34.0492 2176 NdisWan - ok
17:53:34.0523 2176 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
17:53:34.0525 2176 NDProxy - ok
17:53:34.0564 2176 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\windows\system32\HPZinw12.dll
17:53:34.0569 2176 Net Driver HPZ12 - ok
17:53:34.0578 2176 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
17:53:34.0580 2176 NetBIOS - ok
17:53:34.0616 2176 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
17:53:34.0619 2176 NetBT - ok
17:53:34.0648 2176 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
17:53:34.0652 2176 Netlogon - ok
17:53:34.0691 2176 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
17:53:34.0698 2176 Netman - ok
17:53:34.0770 2176 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:53:34.0773 2176 NetMsmqActivator - ok
17:53:34.0782 2176 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:53:34.0784 2176 NetPipeActivator - ok
17:53:34.0826 2176 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
17:53:34.0833 2176 netprofm - ok
17:53:34.0844 2176 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:53:34.0845 2176 NetTcpActivator - ok
17:53:34.0850 2176 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:53:34.0852 2176 NetTcpPortSharing - ok
17:53:34.0878 2176 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
17:53:34.0881 2176 nfrd960 - ok
17:53:34.0918 2176 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
17:53:34.0925 2176 NlaSvc - ok
17:53:34.0948 2176 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
17:53:34.0950 2176 Npfs - ok
17:53:34.0956 2176 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
17:53:34.0960 2176 nsi - ok
17:53:34.0971 2176 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
17:53:34.0972 2176 nsiproxy - ok
17:53:35.0023 2176 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
17:53:35.0037 2176 Ntfs - ok
17:53:35.0122 2176 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
17:53:35.0123 2176 Null - ok
17:53:35.0154 2176 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
17:53:35.0157 2176 nvraid - ok
17:53:35.0184 2176 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
17:53:35.0187 2176 nvstor - ok
17:53:35.0220 2176 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
17:53:35.0223 2176 nv_agp - ok
17:53:35.0242 2176 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
17:53:35.0244 2176 ohci1394 - ok
17:53:35.0364 2176 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:53:35.0367 2176 ose - ok
17:53:35.0504 2176 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:53:35.0552 2176 osppsvc - ok
17:53:35.0625 2176 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
17:53:35.0632 2176 p2pimsvc - ok
17:53:35.0668 2176 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
17:53:35.0676 2176 p2psvc - ok
17:53:35.0726 2176 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
17:53:35.0729 2176 Parport - ok
17:53:35.0765 2176 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
17:53:35.0767 2176 partmgr - ok
17:53:35.0788 2176 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
17:53:35.0790 2176 Parvdm - ok
17:53:35.0809 2176 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
17:53:35.0815 2176 PcaSvc - ok
17:53:35.0839 2176 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
17:53:35.0842 2176 pci - ok
17:53:35.0852 2176 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
17:53:35.0854 2176 pciide - ok
17:53:35.0883 2176 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
17:53:35.0886 2176 pcmcia - ok
17:53:35.0913 2176 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
17:53:35.0915 2176 pcw - ok
17:53:35.0957 2176 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
17:53:35.0965 2176 PEAUTH - ok
17:53:36.0021 2176 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\windows\system32\peerdistsvc.dll
17:53:36.0035 2176 PeerDistSvc - ok
17:53:36.0112 2176 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
17:53:36.0132 2176 pla - ok
17:53:36.0224 2176 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
17:53:36.0232 2176 PlugPlay - ok
17:53:36.0266 2176 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\windows\system32\HPZipm12.dll
17:53:36.0270 2176 Pml Driver HPZ12 - ok
17:53:36.0296 2176 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
17:53:36.0302 2176 PNRPAutoReg - ok
17:53:36.0323 2176 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
17:53:36.0329 2176 PNRPsvc - ok
17:53:36.0370 2176 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
17:53:36.0377 2176 PolicyAgent - ok
17:53:36.0416 2176 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
17:53:36.0423 2176 Power - ok
17:53:36.0468 2176 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
17:53:36.0470 2176 PptpMiniport - ok
17:53:36.0494 2176 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
17:53:36.0495 2176 Processor - ok
17:53:36.0525 2176 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
17:53:36.0531 2176 ProfSvc - ok
17:53:36.0572 2176 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
17:53:36.0575 2176 ProtectedStorage - ok
17:53:36.0600 2176 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
17:53:36.0602 2176 Psched - ok
17:53:36.0655 2176 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
17:53:36.0670 2176 ql2300 - ok
17:53:36.0741 2176 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
17:53:36.0743 2176 ql40xx - ok
17:53:36.0765 2176 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
17:53:36.0773 2176 QWAVE - ok
17:53:36.0803 2176 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
17:53:36.0805 2176 QWAVEdrv - ok
17:53:36.0816 2176 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
17:53:36.0818 2176 RasAcd - ok
17:53:36.0845 2176 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
17:53:36.0847 2176 RasAgileVpn - ok
17:53:36.0859 2176 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
17:53:36.0865 2176 RasAuto - ok
17:53:36.0876 2176 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
17:53:36.0879 2176 Rasl2tp - ok
17:53:36.0930 2176 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
17:53:36.0940 2176 RasMan - ok
17:53:36.0955 2176 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
17:53:36.0957 2176 RasPppoe - ok
17:53:36.0964 2176 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
17:53:36.0967 2176 RasSstp - ok
17:53:37.0013 2176 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
17:53:37.0017 2176 rdbss - ok
17:53:37.0038 2176 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
17:53:37.0039 2176 rdpbus - ok
17:53:37.0076 2176 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
17:53:37.0077 2176 RDPCDD - ok
17:53:37.0114 2176 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\windows\system32\drivers\rdpdr.sys
17:53:37.0116 2176 RDPDR - ok
17:53:37.0147 2176 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
17:53:37.0148 2176 RDPENCDD - ok
17:53:37.0161 2176 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
17:53:37.0162 2176 RDPREFMP - ok
17:53:37.0358 2176 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
17:53:37.0364 2176 RDPWD - ok
17:53:37.0414 2176 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
17:53:37.0420 2176 rdyboost - ok
17:53:37.0446 2176 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
17:53:37.0455 2176 RemoteAccess - ok
17:53:37.0486 2176 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
17:53:37.0498 2176 RemoteRegistry - ok
17:53:37.0533 2176 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
17:53:37.0539 2176 RFCOMM - ok
17:53:37.0596 2176 RimUsb (4f4a4c09cc5be58a76cac1c337e004e6) C:\windows\system32\Drivers\RimUsb.sys
17:53:37.0600 2176 RimUsb - ok
17:53:37.0627 2176 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\windows\system32\DRIVERS\RimSerial.sys
17:53:37.0630 2176 RimVSerPort - ok
17:53:37.0665 2176 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
17:53:37.0668 2176 ROOTMODEM - ok
17:53:37.0698 2176 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
17:53:37.0709 2176 RpcEptMapper - ok
17:53:37.0731 2176 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
17:53:37.0739 2176 RpcLocator - ok
17:53:37.0793 2176 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
17:53:37.0808 2176 RpcSs - ok
17:53:37.0831 2176 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
17:53:37.0835 2176 rspndr - ok
17:53:37.0885 2176 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\windows\system32\Drivers\RtsUStor.sys
17:53:37.0889 2176 RSUSBSTOR - ok
17:53:37.0920 2176 RsvLock (92787f633f2724772aa03cffc2ccffe0) C:\windows\system32\drivers\RsvLock.sys
17:53:37.0924 2176 RsvLock - ok
17:53:37.0969 2176 RTL8167 (3f7dacfbc83fe01debe33d28f93d8d86) C:\windows\system32\DRIVERS\Rt86win7.sys
17:53:37.0974 2176 RTL8167 - ok
17:53:37.0996 2176 rtsuvc (25c25a9c61cd53aa7482624a1715d2c9) C:\windows\system32\DRIVERS\rtsuvc.sys
17:53:38.0001 2176 rtsuvc - ok
17:53:38.0027 2176 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\windows\system32\drivers\vms3cap.sys
17:53:38.0030 2176 s3cap - ok
17:53:38.0058 2176 SafeBoot (fbf042e3750acbf512e599b37b75bb53) C:\windows\system32\drivers\SafeBoot.sys
17:53:38.0059 2176 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: fbf042e3750acbf512e599b37b75bb53
17:53:38.0060 2176 SafeBoot ( LockedFile.Multi.Generic ) - warning
17:53:38.0060 2176 SafeBoot - detected LockedFile.Multi.Generic (1)
17:53:38.0094 2176 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
17:53:38.0101 2176 SamSs - ok
17:53:38.0203 2176 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:53:38.0205 2176 SASDIFSV - ok
17:53:38.0220 2176 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:53:38.0223 2176 SASKUTIL - ok
17:53:38.0235 2176 SbAlg (7adbb5d76fc0452a413dc01f453112a0) C:\windows\system32\drivers\SbAlg.sys
17:53:38.0241 2176 SbAlg - ok
17:53:38.0264 2176 SbFsLock (0b722e0e599e9dc6c3763daad1b2bbe3) C:\windows\system32\drivers\SbFsLock.sys
17:53:38.0267 2176 SbFsLock - ok
17:53:38.0288 2176 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
17:53:38.0292 2176 sbp2port - ok
17:53:38.0379 2176 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
17:53:38.0399 2176 SBSDWSCService - ok
17:53:38.0495 2176 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
17:53:38.0507 2176 SCardSvr - ok
17:53:38.0594 2176 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
17:53:38.0597 2176 scfilter - ok
17:53:38.0674 2176 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
17:53:38.0696 2176 Schedule - ok
17:53:38.0733 2176 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
17:53:38.0736 2176 SCPolicySvc - ok
17:53:38.0795 2176 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
17:53:38.0807 2176 SDRSVC - ok
17:53:38.0841 2176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
17:53:38.0845 2176 secdrv - ok
17:53:38.0854 2176 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
17:53:38.0864 2176 seclogon - ok
17:53:38.0889 2176 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
17:53:38.0899 2176 SENS - ok
17:53:38.0920 2176 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
17:53:38.0931 2176 SensrSvc - ok
17:53:38.0963 2176 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
17:53:38.0966 2176 Serenum - ok
17:53:38.0988 2176 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
17:53:38.0992 2176 Serial - ok
17:53:39.0018 2176 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
17:53:39.0022 2176 sermouse - ok
17:53:39.0068 2176 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
17:53:39.0079 2176 SessionEnv - ok
17:53:39.0106 2176 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
17:53:39.0109 2176 sffdisk - ok
17:53:39.0120 2176 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
17:53:39.0124 2176 sffp_mmc - ok
17:53:39.0136 2176 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
17:53:39.0139 2176 sffp_sd - ok
17:53:39.0155 2176 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
17:53:39.0158 2176 sfloppy - ok
17:53:39.0215 2176 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
17:53:39.0226 2176 Sftfs - ok
17:53:39.0363 2176 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
17:53:39.0372 2176 sftlist - ok
17:53:39.0394 2176 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
17:53:39.0399 2176 Sftplay - ok
17:53:39.0414 2176 Sftredir (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
17:53:39.0417 2176 Sftredir - ok
17:53:39.0430 2176 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
17:53:39.0433 2176 Sftvol - ok
17:53:39.0451 2176 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
17:53:39.0456 2176 sftvsa - ok
17:53:39.0500 2176 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
17:53:39.0510 2176 SharedAccess - ok
17:53:39.0549 2176 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
17:53:39.0564 2176 ShellHWDetection - ok
17:53:39.0598 2176 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
17:53:39.0602 2176 sisagp - ok
17:53:39.0633 2176 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:53:39.0649 2176 SiSRaid2 - ok
17:53:39.0687 2176 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
17:53:39.0692 2176 SiSRaid4 - ok
17:53:39.0744 2176 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
17:53:39.0750 2176 SkypeUpdate - ok
17:53:39.0792 2176 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
17:53:39.0796 2176 Smb - ok
17:53:39.0842 2176 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
17:53:39.0869 2176 SNMPTRAP - ok
17:53:39.0931 2176 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\windows\system32\speedfan.sys
17:53:39.0944 2176 speedfan - ok
17:53:40.0010 2176 SplashtopRemoteService (f69c44b3150f0008fbc699c11baa45a7) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
17:53:40.0021 2176 SplashtopRemoteService - ok
17:53:40.0037 2176 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
17:53:40.0040 2176 spldr - ok
17:53:40.0108 2176 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
17:53:40.0124 2176 Spooler - ok
17:53:40.0297 2176 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
17:53:40.0364 2176 sppsvc - ok
17:53:40.0471 2176 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
17:53:40.0489 2176 sppuinotify - ok
17:53:40.0544 2176 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
17:53:40.0553 2176 srv - ok
17:53:40.0593 2176 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
17:53:40.0602 2176 srv2 - ok
17:53:40.0627 2176 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
17:53:40.0633 2176 srvnet - ok
17:53:40.0668 2176 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
17:53:40.0679 2176 SSDPSRV - ok
17:53:40.0688 2176 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
17:53:40.0701 2176 SstpSvc - ok
17:53:40.0810 2176 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
17:53:40.0816 2176 SSUService - ok
17:53:40.0890 2176 STacSV (03f6cf42a1db74290448cde668578c87) C:\Program Files\IDT\WDM\STacSV.exe
17:53:40.0894 2176 STacSV - ok
17:53:40.0928 2176 Steam Client Service - ok
17:53:40.0955 2176 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
17:53:40.0957 2176 stexstor - ok
17:53:41.0011 2176 STHDA (8a8246f40792956e957f3e8d0c188963) C:\windows\system32\DRIVERS\stwrt.sys
17:53:41.0020 2176 STHDA - ok
17:53:41.0078 2176 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
17:53:41.0093 2176 StiSvc - ok
17:53:41.0118 2176 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\windows\system32\drivers\vmstorfl.sys
17:53:41.0121 2176 storflt - ok
17:53:41.0154 2176 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\windows\system32\storsvc.dll
17:53:41.0163 2176 StorSvc - ok
17:53:41.0185 2176 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\windows\system32\drivers\storvsc.sys
17:53:41.0188 2176 storvsc - ok
17:53:41.0209 2176 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
17:53:41.0212 2176 swenum - ok
17:53:41.0256 2176 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
17:53:41.0268 2176 swprv - ok
17:53:41.0308 2176 sxuptp (86083b04dc2b90397f4b47add6eaa407) C:\windows\system32\DRIVERS\sxuptp.sys
17:53:41.0314 2176 sxuptp - ok
17:53:41.0396 2176 SynTP (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys
17:53:41.0413 2176 SynTP - ok
17:53:41.0547 2176 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
17:53:41.0569 2176 SysMain - ok
17:53:41.0608 2176 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
17:53:41.0617 2176 TabletInputService - ok
17:53:41.0654 2176 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
17:53:41.0666 2176 TapiSrv - ok
17:53:41.0698 2176 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
17:53:41.0706 2176 TBS - ok
17:53:41.0808 2176 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
17:53:41.0825 2176 Tcpip - ok
17:53:41.0938 2176 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
17:53:41.0948 2176 TCPIP6 - ok
17:53:42.0014 2176 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
17:53:42.0016 2176 tcpipreg - ok
17:53:42.0051 2176 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
17:53:42.0053 2176 TDPIPE - ok
17:53:42.0087 2176 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
17:53:42.0089 2176 TDTCP - ok
17:53:42.0122 2176 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
17:53:42.0125 2176 tdx - ok
17:53:42.0158 2176 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
17:53:42.0161 2176 TermDD - ok
17:53:42.0219 2176 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
17:53:42.0232 2176 TermService - ok
17:53:42.0261 2176 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
17:53:42.0269 2176 Themes - ok
17:53:42.0293 2176 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
17:53:42.0299 2176 THREADORDER - ok
17:53:42.0364 2176 TPkd (409a577fd5781c717e55a28717514c58) C:\windows\system32\drivers\TPkd.sys
17:53:42.0367 2176 TPkd - ok
17:53:42.0409 2176 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\windows\system32\drivers\tpm.sys
17:53:42.0412 2176 TPM - ok
17:53:42.0431 2176 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
17:53:42.0439 2176 TrkWks - ok
17:53:42.0499 2176 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
17:53:42.0502 2176 TrustedInstaller - ok
17:53:42.0514 2176 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
17:53:42.0517 2176 tssecsrv - ok
17:53:42.0562 2176 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
17:53:42.0565 2176 TsUsbFlt - ok
17:53:42.0606 2176 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
17:53:42.0609 2176 tunnel - ok
17:53:42.0638 2176 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
17:53:42.0640 2176 uagp35 - ok
17:53:42.0680 2176 uArcCapture (c92e13e0db1548455cffc4aaf80fdfe7) C:\windows\system32\uArcCapture.exe
17:53:42.0692 2176 uArcCapture - ok
17:53:42.0736 2176 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
17:53:42.0740 2176 udfs - ok
17:53:42.0777 2176 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
17:53:42.0785 2176 UI0Detect - ok
17:53:42.0822 2176 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
17:53:42.0825 2176 uliagpkx - ok
17:53:42.0859 2176 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
17:53:42.0861 2176 umbus - ok
17:53:42.0889 2176 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
17:53:42.0891 2176 UmPass - ok
17:53:42.0938 2176 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\windows\System32\umrdp.dll
17:53:42.0946 2176 UmRdpService - ok
17:53:43.0125 2176 UNS (44aa8d5d3b3b5610fef46ca8a9c52d8c) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:53:43.0153 2176 UNS - ok
17:53:43.0244 2176 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
17:53:43.0253 2176 upnphost - ok
17:53:43.0290 2176 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
17:53:43.0292 2176 USBAAPL - ok
17:53:43.0305 2176 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
17:53:43.0307 2176 usbccgp - ok
17:53:43.0336 2176 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
17:53:43.0340 2176 usbcir - ok
17:53:43.0352 2176 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
17:53:43.0355 2176 usbehci - ok
17:53:43.0389 2176 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
17:53:43.0393 2176 usbhub - ok
17:53:43.0408 2176 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
17:53:43.0410 2176 usbohci - ok
17:53:43.0441 2176 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
17:53:43.0444 2176 usbprint - ok
17:53:43.0477 2176 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
17:53:43.0492 2176 usbscan - ok
17:53:43.0540 2176 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:53:43.0543 2176 USBSTOR - ok
17:53:43.0561 2176 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
17:53:43.0563 2176 usbuhci - ok
17:53:43.0593 2176 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
17:53:43.0597 2176 usbvideo - ok
17:53:43.0618 2176 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
17:53:43.0625 2176 UxSms - ok
17:53:43.0652 2176 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
17:53:43.0657 2176 VaultSvc - ok
17:53:43.0771 2176 vcsFPService (fc6f12c84f7194b77ec9af9f46f68adc) C:\windows\system32\vcsFPService.exe
17:53:43.0812 2176 vcsFPService - ok
17:53:43.0930 2176 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
17:53:43.0934 2176 vdrvroot - ok
17:53:43.0990 2176 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
17:53:44.0010 2176 vds - ok
17:53:44.0043 2176 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
17:53:44.0047 2176 vga - ok
17:53:44.0063 2176 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
17:53:44.0067 2176 VgaSave - ok
17:53:44.0094 2176 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
17:53:44.0099 2176 vhdmp - ok
17:53:44.0135 2176 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
17:53:44.0139 2176 viaagp - ok
17:53:44.0166 2176 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
17:53:44.0170 2176 ViaC7 - ok
17:53:44.0190 2176 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
17:53:44.0193 2176 viaide - ok
17:53:44.0218 2176 vmbus (c2f2911156fdc7817c52829c86da494e) C:\windows\system32\drivers\vmbus.sys
17:53:44.0224 2176 vmbus - ok
17:53:44.0244 2176 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\windows\system32\drivers\VMBusHID.sys
17:53:44.0247 2176 VMBusHID - ok
17:53:44.0266 2176 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
17:53:44.0270 2176 volmgr - ok
17:53:44.0307 2176 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
17:53:44.0314 2176 volmgrx - ok
17:53:44.0357 2176 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
17:53:44.0364 2176 volsnap - ok
17:53:44.0395 2176 vpcbus (b26536add1d748cda104d856c979ae79) C:\windows\system32\DRIVERS\vpchbus.sys
17:53:44.0401 2176 vpcbus - ok
17:53:44.0445 2176 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\windows\system32\DRIVERS\vpcnfltr.sys
17:53:44.0449 2176 vpcnfltr - ok
17:53:44.0470 2176 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\windows\system32\DRIVERS\vpcusb.sys
17:53:44.0475 2176 vpcusb - ok
17:53:44.0536 2176 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\windows\system32\drivers\vpcvmm.sys
17:53:44.0544 2176 vpcvmm - ok
17:53:44.0584 2176 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
17:53:44.0589 2176 vsmraid - ok
17:53:44.0677 2176 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
17:53:44.0707 2176 VSS - ok
17:53:44.0756 2176 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
17:53:44.0759 2176 vwifibus - ok
17:53:44.0793 2176 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
17:53:44.0796 2176 vwififlt - ok
17:53:44.0840 2176 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
17:53:44.0857 2176 W32Time - ok
17:53:44.0892 2176 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
17:53:44.0896 2176 WacomPen - ok
17:53:44.0940 2176 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
17:53:44.0944 2176 WANARP - ok
17:53:44.0949 2176 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
17:53:44.0952 2176 Wanarpv6 - ok
17:53:45.0070 2176 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
17:53:45.0096 2176 WatAdminSvc - ok
17:53:45.0268 2176 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
17:53:45.0302 2176 wbengine - ok
17:53:45.0333 2176 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
17:53:45.0349 2176 WbioSrvc - ok
17:53:45.0400 2176 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
17:53:45.0417 2176 wcncsvc - ok
17:53:45.0438 2176 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
17:53:45.0451 2176 WcsPlugInService - ok
17:53:45.0494 2176 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
17:53:45.0497 2176 Wd - ok
17:53:45.0526 2176 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\windows\system32\DRIVERS\wdcsam.sys
17:53:45.0529 2176 WDC_SAM - ok
17:53:45.0565 2176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
17:53:45.0575 2176 Wdf01000 - ok
17:53:45.0598 2176 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
17:53:45.0611 2176 WdiServiceHost - ok
17:53:45.0617 2176 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
17:53:45.0663 2176 WdiSystemHost - ok
17:53:45.0709 2176 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
17:53:45.0725 2176 WebClient - ok
17:53:45.0764 2176 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
17:53:45.0780 2176 Wecsvc - ok
17:53:45.0791 2176 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
17:53:45.0804 2176 wercplsupport - ok
17:53:45.0828 2176 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
17:53:45.0842 2176 WerSvc - ok
17:53:45.0868 2176 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
17:53:45.0871 2176 WfpLwf - ok
17:53:45.0893 2176 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
17:53:45.0896 2176 WIMMount - ok
17:53:46.0017 2176 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:53:46.0029 2176 WinDefend - ok
17:53:46.0055 2176 WinHttpAutoProxySvc - ok
17:53:46.0117 2176 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
17:53:46.0122 2176 Winmgmt - ok
17:53:46.0218 2176 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
17:53:46.0251 2176 WinRM - ok
17:53:46.0315 2176 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
17:53:46.0319 2176 WinUsb - ok
17:53:46.0391 2176 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
17:53:46.0419 2176 Wlansvc - ok
17:53:46.0624 2176 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:53:46.0657 2176 wlidsvc - ok
17:53:46.0790 2176 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
17:53:46.0793 2176 WmiAcpi - ok
17:53:46.0846 2176 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
17:53:46.0851 2176 wmiApSrv - ok
17:53:47.0024 2176 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:53:47.0045 2176 WMPNetworkSvc - ok
17:53:47.0107 2176 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
17:53:47.0120 2176 WPCSvc - ok
17:53:47.0162 2176 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
17:53:47.0176 2176 WPDBusEnum - ok
17:53:47.0203 2176 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
17:53:47.0205 2176 ws2ifsl - ok
17:53:47.0238 2176 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
17:53:47.0253 2176 wscsvc - ok
17:53:47.0261 2176 WSearch - ok
17:53:47.0406 2176 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
17:53:47.0453 2176 wuauserv - ok
17:53:47.0533 2176 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
17:53:47.0538 2176 WudfPf - ok
17:53:47.0586 2176 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
17:53:47.0592 2176 WUDFRd - ok
17:53:47.0633 2176 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
17:53:47.0647 2176 wudfsvc - ok
17:53:47.0685 2176 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
17:53:47.0702 2176 WwanSvc - ok
17:53:47.0733 2176 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:53:47.0782 2176 \Device\Harddisk0\DR0 - ok
17:53:47.0787 2176 Boot (0x1200) (a5bd89fed25b83b12fd22fbff3015d61) \Device\Harddisk0\DR0\Partition0
17:53:47.0789 2176 \Device\Harddisk0\DR0\Partition0 - ok
17:53:47.0804 2176 Boot (0x1200) (bdc77387df039530436c5dbbb3c83cb4) \Device\Harddisk0\DR0\Partition1
17:53:47.0805 2176 \Device\Harddisk0\DR0\Partition1 - ok
17:53:47.0833 2176 Boot (0x1200) (13db9d69e4e96765c4ed966db16b58f5) \Device\Harddisk0\DR0\Partition2
17:53:47.0835 2176 \Device\Harddisk0\DR0\Partition2 - ok
17:53:47.0850 2176 Boot (0x1200) (7daf73ba9f16092a3837fa9e81a20e52) \Device\Harddisk0\DR0\Partition3
17:53:47.0851 2176 \Device\Harddisk0\DR0\Partition3 - ok
17:53:47.0852 2176 ============================================================
17:53:47.0852 2176 Scan finished
17:53:47.0852 2176 ============================================================
17:53:47.0870 1724 Detected object count: 1
17:53:47.0870 1724 Actual detected object count: 1
17:54:15.0011 1724 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
17:54:15.0011 1724 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip


















ASWMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-12 17:55:04
-----------------------------
17:55:04.871 OS Version: Windows 6.1.7601 Service Pack 1
17:55:04.872 Number of processors: 4 586 0x2505
17:55:04.874 ComputerName: KOBS-HP UserName: Kobs
17:55:06.112 Initialize success
17:55:09.679 AVAST engine defs: 12051200
17:55:29.510 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:55:29.515 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 305245MB BusType: 3
17:55:29.541 Disk 0 MBR read successfully
17:55:29.546 Disk 0 MBR scan
17:55:29.554 Disk 0 Windows 7 default MBR code
17:55:29.571 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
17:55:29.585 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287540 MB offset 616448
17:55:29.614 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 589498368
17:55:29.632 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 620955648
17:55:29.645 Disk 0 scanning sectors +625140400
17:55:29.695 Disk 0 scanning C:\windows\system32\drivers
17:55:44.626 Service scanning
17:55:59.744 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
17:56:07.510 Modules scanning
17:56:18.730 Disk 0 trace - called modules:
17:56:18.759 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
17:56:18.771 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87c66710]
17:56:18.783 3 CLASSPNP.SYS[893c059e] -> nt!IofCallDriver -> [0x87c64c48]
17:56:18.795 5 hpdskflt.sys[894020be] -> nt!IofCallDriver -> [0x86133928]
17:56:18.806 7 ACPI.sys[88cb13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x860c8028]
17:56:19.514 AVAST engine scan C:\windows
17:56:22.731 AVAST engine scan C:\windows\system32
17:58:40.337 AVAST engine scan C:\windows\system32\drivers
17:58:55.957 AVAST engine scan C:\Users\Kobs
18:05:23.800 AVAST engine scan C:\ProgramData
18:06:20.490 Scan finished successfully
18:26:26.492 Disk 0 MBR has been saved successfully to "C:\Users\Kobs\Desktop\MBR.dat"
18:26:26.502 The log file has been saved successfully to "C:\Users\Kobs\Desktop\aswMBR3.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 12 May 2012 - 08:28 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 12 May 2012 - 09:59 PM

Hi Gringo,

Things working OK it seems. I tried about 10 Google searches and did not have any redirects.

Below is log from the latest ComboFix scan:






ComboFix 12-05-12.01 - Kobs 05/12/2012 21:10:00.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1903.959 [GMT -5:00]
Running from: c:\users\Kobs\Desktop\ComboFix.exe
Command switches used :: c:\users\Kobs\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 )))))))))))))))))))))))))))))))
.
.
2012-05-13 02:54 . 2012-05-13 02:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-13 02:54 . 2012-05-13 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-12 00:28 . 2012-05-12 15:27 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D77D763A-712B-47F7-B374-AAE3D683DE81}\offreg.dll
2012-05-11 23:19 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D77D763A-712B-47F7-B374-AAE3D683DE81}\mpengine.dll
2012-05-11 03:08 . 2012-05-11 03:08 0 ----a-w- c:\windows\system32\shoA05.tmp
2012-05-11 01:13 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 01:13 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 01:13 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 01:13 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 01:13 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 01:13 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-11 01:13 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 01:13 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 01:12 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 01:12 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 01:06 . 2012-05-10 01:06 -------- d-----w- c:\users\Kobs\AppData\Local\Splashtop
2012-05-08 02:44 . 2012-05-08 02:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-08 02:44 . 2012-05-08 02:44 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-08 02:44 . 2012-05-08 02:44 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-08 02:37 . 2012-05-08 02:37 -------- d-----w- c:\program files\Common Files\Skype
2012-04-28 06:51 . 2012-04-28 06:51 -------- d-----w- c:\windows\en
2012-04-28 05:38 . 2012-04-28 05:38 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-28 05:37 . 2012-04-28 06:49 -------- d-----w- c:\program files\Windows Live
2012-04-28 05:36 . 2012-04-28 05:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-28 05:35 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2012-04-28 05:35 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-04-28 05:35 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-04-28 05:35 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-04-28 05:32 . 2012-04-28 05:42 -------- d-----w- c:\users\Kobs\AppData\Local\Windows Live
2012-04-28 05:32 . 2012-04-28 05:32 -------- d-----w- c:\program files\Common Files\Windows Live
2012-04-24 01:28 . 2012-04-24 01:28 -------- d-----w- c:\users\Kobs\AppData\Roaming\PACE Anti-Piracy
2012-04-24 01:28 . 2012-04-24 01:28 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-04-24 01:28 . 2012-04-24 01:28 -------- d-----w- c:\users\Kobs\AppData\Local\PACE Anti-Piracy
2012-04-24 01:14 . 2012-04-24 01:14 -------- d-----w- c:\users\Kobs\AppData\Roaming\Antares
2012-04-24 01:14 . 2012-04-24 01:14 -------- d-----w- c:\program files\Antares Audio Technologies
2012-04-24 01:14 . 2012-04-24 01:14 -------- d-----w- c:\program files\Common Files\Digidesign
2012-04-24 01:00 . 2012-04-24 01:00 -------- d-----w- c:\program files\InterLok
2012-04-24 00:43 . 2012-04-24 02:00 -------- d-----w- c:\users\Kobs\AppData\Roaming\Audacity
2012-04-24 00:43 . 2012-04-24 00:43 -------- d-----w- c:\program files\Audacity
2012-04-15 01:01 . 2012-04-15 02:44 -------- d-----w- c:\users\Kobs\AppData\Roaming\gtk-2.0
2012-04-15 01:01 . 2012-04-15 01:01 -------- d-----w- c:\users\Kobs\.thumbnails
2012-04-13 12:05 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 12:05 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 12:05 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 12:05 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 01:38 . 2011-04-06 21:45 57856 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-04-19 01:38 . 2011-04-06 21:45 581120 ----a-w- c:\windows\system32\igdumdx32.dll
2012-04-19 01:38 . 2011-04-06 21:45 6323712 ----a-w- c:\windows\system32\igdumd32.dll
2012-04-19 01:38 . 2010-02-20 04:06 12340224 ----a-w- c:\windows\system32\igd10umd32.dll
2012-04-19 01:38 . 2011-04-06 21:45 96256 ----a-w- c:\windows\system32\hccutils.dll
2012-04-07 02:13 . 2012-04-07 02:13 388096 ----a-r- c:\users\Kobs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 20:56 . 2011-02-15 23:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-08 23:37 . 2012-03-08 23:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-06 23:15 . 2011-02-15 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-06 23:15 . 2011-02-15 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-06 23:03 . 2011-04-14 20:46 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-06 23:03 . 2011-02-15 23:15 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-06 23:02 . 2012-04-05 01:01 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-06 23:01 . 2011-02-15 23:15 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-06 23:01 . 2011-02-15 23:15 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-06 23:01 . 2011-02-15 23:15 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-28 05:38 . 2012-04-10 23:35 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 03:52 . 2012-04-10 23:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 15:18 . 2011-02-15 23:13 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 23:44 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 23:44 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 23:44 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2011-04-25 06:58 . 2011-04-25 06:58 124864 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2011-04-25 07:48 . 2011-04-25 07:48 13760 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2011-04-25 07:00 . 2011-04-25 07:00 71104 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2011-04-25 06:59 . 2011-04-25 06:59 92096 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2011-04-25 06:58 . 2011-04-25 06:58 22976 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2011-04-25 06:57 . 2011-04-25 06:57 255936 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2011-04-25 06:58 . 2011-04-25 06:58 32192 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2011-04-25 06:58 . 2011-04-25 06:58 40896 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2011-04-25 06:51 . 2011-04-25 06:51 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2011-04-25 07:00 . 2011-04-25 07:00 24512 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2012-05-08 02:44 . 2011-04-07 22:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 16:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 17:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 19:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-07 04:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Kobs\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-06-19 1691192]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-06 4241512]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-19 142616]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-19 177432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-19 176408]
.
c:\users\Kobs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2012-3-22 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 828704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 22:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-12-14 1639728]
R3 ALSysIO;ALSysIO;c:\users\Kobs\AppData\Local\Temp\ALSysIO.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-10 294952]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 33320]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [2009-10-21 32312]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2009-11-17 362040]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-08 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-11-11 181792]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-05-25 279656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-17 1343400]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-04-25 65584]
S1 RsvLock;RsvLock; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2011-07-14 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 57688]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-06-19 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-10-19 32768]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2009-12-16 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2011-09-09 518472]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [2009-12-04 506472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 29824]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-04-06 132480]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-06 246272]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2009-12-22 21:37 73344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 247320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 43966841
*Deregistered* - 43966841
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188441020-2620000565-2721936095-1001Core.job
- c:\users\Kobs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 01:44]
.
2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2188441020-2620000565-2721936095-1001UA.job
- c:\users\Kobs\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-25 01:44]
.
2012-05-11 c:\windows\Tasks\HPCeeScheduleForKobs.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kobs\AppData\Roaming\Mozilla\Firefox\Profiles\krryvd7e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: general.useragent.extra.brc -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.032"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.abr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.amr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.apd"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.arw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bay"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.bwf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.caf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cel"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cr2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.crw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.cs1"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dcx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djv"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.djvu"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.dng"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.eps"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.erf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fff"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.flc"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fli"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.fpx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gsm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.gsm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.hdr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.icn"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iff"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ilbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.int"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.inta"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.iw4"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2c"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.j2k"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jbr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jif"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jp2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpc"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpk"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.jpx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kar"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.kdc"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.lbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m15"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m1a"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m2a"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.m75"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mef"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mos"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mpv"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.mrw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.nef"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.nrw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.orf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pbr"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcd"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pcx"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pef"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pgm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pics"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pix"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ppm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psd"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.psp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspbrush"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.pspimage"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.qcp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.qtpf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ras"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.raw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgb"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rgba"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rsb"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rw2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.rwl"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sdv"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sfil"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sgi"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smi"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.smil"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sml"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.sr2"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.srw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.swa"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.tga"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.thm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.ulw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14o"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14p"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v14pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.v14pf"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.vfw"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.wbmp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xbm"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xif"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xmp"
.
[HKEY_USERS\S-1-5-21-2188441020-2620000565-2721936095-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 14.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\DPFPApi.DLL
.
- - - - - - - > 'Explorer.exe'(4944)
c:\users\Kobs\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll
.
Completion time: 2012-05-12 21:56:23
ComboFix-quarantined-files.txt 2012-05-13 02:56
ComboFix2.txt 2012-05-12 15:21
.
Pre-Run: 195,819,094,016 bytes free
Post-Run: 195,770,892,288 bytes free
.
- - End Of File - - 52BC5636EBD546BE9C0DB2706F457405

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 12 May 2012 - 10:11 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 12 May 2012 - 11:37 PM

Below is the report:


32 Bit HP CIO Components Installer
7-Zip 9.20
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Amnesia: The Dark Descent Demo
And Yet It Moves
Android SDK Tools
Antares Auto-Tune Evo RTAS
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia
ArcSoft Webcam Sharing Manager
Audacity 2.0
avast! Free Antivirus
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
BlackBerry Desktop Software 6.1
Bonjour
Broadcom 2070 Bluetooth 3.0
Broadcom 802.11 Wireless LAN Adapter
BufferChm
C4100
c4100_Help
CCleaner
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Cogs
Company of Heroes
Copy
Core Temp 1.0 RC2
Crayon Physics Deluxe
D3DX10
Destinations
Device Access Manager for HP ProtectTools
DeviceDiscovery
DocProc
Drive Encryption for HP ProtectTools
Dropbox
Energy Star Digital Logo
ESET Online Scanner v3
Evernote v. 4.5.4
F.lux
Face Recognition for HP ProtectTools
Fax
File Sanitizer For HP ProtectTools
Foxit Reader
GIMP 2.6.10
Google Chrome
Google Talk Plugin
GPBaseService2
Hammerfight
Hewlett-Packard ACLM.NET v1.1.2.0
HiJackThis
HP 3D DriveGuard
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Documentation
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Imaging Device Functions 13.0
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Power Assistant
HP Power Data
HP ProtectTools Security Manager
HP QuickLook
HP QuickWeb
HP Setup
HP Smart Web Printing 4.51
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Solution Center 13.0
HP Update
HP Webcam Driver
HP Wireless Assistant
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Interlok driver setup x32
iTunes
Java Auto Updater
Java™ 7 Update 2
Java™ SE Development Kit 7 Update 2
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
Pre-Boot Security for HP ProtectTools
Privacy Manager for HP ProtectTools
Quake Live Mozilla Plugin
QuickTime
Realtek Ethernet Controller All-In-One Windows Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.93
RocketDock 1.3.5
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shop for HP Supplies
SimCity 4 Deluxe
Skype Click to Call
Skype™ 5.8
SmartWebPrinting
SolutionCenter
Speccy
SpeedFan (remove only)
Splashtop Streamer
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.6
Status
Steam
SUPER © v2012.build.50 (February 21st, 2012) version v2012.buil
SUPERAntiSpyware
Synaptics Pointing Device Driver
System Requirements Lab CYRI
Team Fortress 2
Theft Recovery
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Validity Fingerprint Driver
Video Mover
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VVVVVV
WebReg
Windows 7 Default Setting
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinZip 14.5
Wisdom-soft Set up ScreenHunter 5.1 Free
Yahoo! Detect

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 12 May 2012 - 11:47 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 7 Update 2
Java™ SE Development Kit 7 Update 2
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 13 May 2012 - 08:15 PM

Hi Gringo,

No problems following the steps. Below are the 2 logs requested:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:19 PM, on 5/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [F.lux] "C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - Startup: Dropbox.lnk = Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\system32\flcdlock.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\uArcCapture.exe
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe

--
End of file - 15199 bytes









Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.13.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Kobs :: KOBS-HP [administrator]

5/13/2012 8:01:06 PM
mbam-log-2012-05-13 (20-01-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205170
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 13 May 2012 - 08:26 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [F.lux] "C:\Users\Kobs\Local Settings\Apps\F.lux\flux.exe" /noshow
      O4 - Startup: Dropbox.lnk = Kobs\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 14 May 2012 - 05:39 AM

Hi Gringo,

Here is the result of the ESET scan:

C:\Users\Kobs\Downloads\coretemp_1236.exe a variant of Win32/InstallIQ application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:36 PM

Posted 14 May 2012 - 07:23 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Kobs\Downloads\coretemp_1236.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 DrSmithy455

DrSmithy455
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:36 PM

Posted 14 May 2012 - 08:43 PM

Thank you so much for the assistance!

Everything seems to be OK and uninstalling things went fine.

Much appreciated




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users