Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect issue: Win7 32-bit SP1 McAfee Total Protection in place


  • This topic is locked This topic is locked
18 replies to this topic

#1 MCBeekeeper

MCBeekeeper

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 25 June 2012 - 09:50 AM

Wife's computer is infected with what is probably the Happili virus. Performing a search will often take you to a different page when the search results link is clicked.

Hitman Pro complains of proxies for MSIE(version 8.0.7601.17514) and FireFox (current 13.0.1). Repairing these proxies solves the redirections for a while but they come back. No proxies are shown from WITHIN the browsers' admin panels.

I used the steps outlined in the _Preparation_Guide_, but DDS seems to run for a while and then hang (showing a hash mark under the "t" in "it" of "it was requested" on the last line of text). Giving it 30 min to complete does not help.

Step 5: System uses McAfee Total Protection (includes a firewall) but this does not seem to offer complete protection.
Step 6: Ran Defogger, even though I don't think she is using any CD emulation software
Step 7: DDS hangs w/out generating output. Also won't quit cleanly and seems to prevent a clean shutdown if it has been run to the point where it hangs.
Step 8: GMER output is attached. Note the GMER timestamp on line 2 is when the file was saved - I actually ran the scan on Sunday 2012-06-24 (yesterday) but did not save until this morning.

Any help on repairing the issue and any advice on a better long-term preventative solution would be appreciated.

- MCB

GMER LOG:
-------------------------------------------------------
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-25 08:59:22
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\00000065 WDC_WD50 rev.05.0
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\fwroapob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8B48A278]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8B48A2A2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8B48A28E]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8B48A264]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 832415F5 5 Bytes JMP 8B48A268 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832533C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8328CD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!NtMapViewOfSection 8345C512 7 Bytes JMP 8B48A27C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 83470BCD 5 Bytes JMP 8B48A2A6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 8347A85A 5 Bytes JMP 8B48A292 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[564] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00110000
.text C:\Windows\system32\services.exe[564] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00110FD1
.text C:\Windows\system32\services.exe[564] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00110011
.text C:\Windows\system32\services.exe[564] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 001800D5
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00180F6C
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00180101
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 0018002C
.text C:\Windows\system32\services.exe[564] kernel32.dll!VirtualProtect 758C2BCD 3 Bytes JMP 0018008E
.text C:\Windows\system32\services.exe[564] kernel32.dll!VirtualProtect + 4 758C2BD1 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryExA 758C4466 3 Bytes JMP 0018007D
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryExA + 4 758C446A 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryExW 758C5079 3 Bytes JMP 00180FB6
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryExW + 4 758C507D 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!GetProcAddress 758CCC94 3 Bytes JMP 0018011C
.text C:\Windows\system32\services.exe[564] kernel32.dll!GetProcAddress + 4 758CCC98 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryA 758CDC65 3 Bytes JMP 00180047
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryA + 4 758CDC69 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!GetStartupInfoW 758CE2DD 3 Bytes JMP 00180F87
.text C:\Windows\system32\services.exe[564] kernel32.dll!GetStartupInfoW + 4 758CE2E1 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateFileW 758CE8A5 3 Bytes JMP 0018001B
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateFileW + 4 758CE8A9 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateFileA 758CEA61 3 Bytes JMP 00180000
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateFileA + 4 758CEA65 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryW 758CEF42 3 Bytes JMP 00180062
.text C:\Windows\system32\services.exe[564] kernel32.dll!LoadLibraryW + 4 758CEF46 1 Byte [8A]
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 001800BA
.text C:\Windows\system32\services.exe[564] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00180FDB
.text C:\Windows\system32\services.exe[564] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 001800E6
.text C:\Windows\system32\services.exe[564] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 001800A9
.text C:\Windows\system32\services.exe[564] msvcrt.dll!_open 757F7E48 5 Bytes JMP 0017000C
.text C:\Windows\system32\services.exe[564] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00170FC3
.text C:\Windows\system32\services.exe[564] msvcrt.dll!system 7582B177 5 Bytes JMP 00170FD4
.text C:\Windows\system32\services.exe[564] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 0017003A
.text C:\Windows\system32\services.exe[564] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00170FEF
.text C:\Windows\system32\services.exe[564] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00170029
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 0019000A
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00190FCA
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00190F9E
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00190FAF
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00190FEF
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00190051
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 0019002C
.text C:\Windows\system32\services.exe[564] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 0019001B
.text C:\Windows\system32\services.exe[564] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00120FEF
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00090000
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00090FD1
.text C:\Windows\system32\lsass.exe[580] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00090011
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 000C0087
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 000C00C7
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 000C00B6
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 000C0F9E
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 000C0F5E
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 000C0025
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 000C0040
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 000C00D8
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 000C000A
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 000C0F43
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 000C0FCA
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 000C0F83
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 000C0076
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 000C0FB9
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 000C0F32
.text C:\Windows\system32\lsass.exe[580] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 000C005B
.text C:\Windows\system32\lsass.exe[580] msvcrt.dll!_open 757F7E48 5 Bytes JMP 000B0FE3
.text C:\Windows\system32\lsass.exe[580] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 000B0F90
.text C:\Windows\system32\lsass.exe[580] msvcrt.dll!system 7582B177 5 Bytes JMP 000B001B
.text C:\Windows\system32\lsass.exe[580] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 000B0FB5
.text C:\Windows\system32\lsass.exe[580] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 000B0000
.text C:\Windows\system32\lsass.exe[580] msvcrt.dll!_wopen 75830578 5 Bytes JMP 000B0FD2
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00530FEF
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00530025
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00530F83
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00530F94
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00530FD4
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00530F5E
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00530FC3
.text C:\Windows\system32\lsass.exe[580] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 0053000A
.text C:\Windows\system32\lsass.exe[580] WS2_32.dll!socket 75693EB8 5 Bytes JMP 000A0FE5
.text C:\Windows\system32\svchost.exe[640] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 0035000A
.text C:\Windows\system32\svchost.exe[640] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00350FD4
.text C:\Windows\system32\svchost.exe[640] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00350FE5
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00330F72
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 003300EC
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 003300DB
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00330036
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00330087
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00330FC0
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00330FAF
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00330F3C
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00330047
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 003300C0
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00330FEF
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 0033000A
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 0033006C
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 00330F83
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00330F61
.text C:\Windows\system32\svchost.exe[640] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00330F94
.text C:\Windows\system32\svchost.exe[640] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00320FE3
.text C:\Windows\system32\svchost.exe[640] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00320F9C
.text C:\Windows\system32\svchost.exe[640] msvcrt.dll!system 7582B177 5 Bytes JMP 00320FB7
.text C:\Windows\system32\svchost.exe[640] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 0032001D
.text C:\Windows\system32\svchost.exe[640] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00320FC8
.text C:\Windows\system32\svchost.exe[640] msvcrt.dll!_wopen 75830578 5 Bytes JMP 0032000C
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00340FB2
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 0034004A
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00340039
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 0034000A
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 0034005B
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00340FC3
.text C:\Windows\system32\svchost.exe[640] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00340FDE
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00170000
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 0017002C
.text C:\Windows\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00170011
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 003A0F32
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 003A0EE4
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 003A0EF5
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 003A0FB9
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 003A0F5E
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 003A0025
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 003A0036
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 003A0EC9
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 003A0F9E
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 003A0F17
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 003A000A
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 003A0F83
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 003A005B
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 003A0FD4
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 003A0F06
.text C:\Windows\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 003A0F4D
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00290000
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00290FA1
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!system 7582B177 5 Bytes JMP 00290FBC
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00290FCD
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00290022
.text C:\Windows\system32\svchost.exe[708] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00290011
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 003F0FEF
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 003F004A
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 003F006C
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 003F005B
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 003F0FDE
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 003F0FAF
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 003F002F
.text C:\Windows\system32\svchost.exe[708] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 003F001E
.text C:\Windows\system32\svchost.exe[708] WS2_32.dll!socket 75693EB8 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 001F000A
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[856] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00220080
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 002200B6
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 0022009B
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00220FB9
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00220F61
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00220F83
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00220F72
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 002200C7
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00220025
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 00220F3C
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 0022000A
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 00220F94
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 0022006F
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00220FCA
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00220F2B
.text C:\Windows\system32\svchost.exe[856] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00220054
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_open 757F7E48 5 Bytes JMP 0021000C
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00210F8B
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!system 7582B177 5 Bytes JMP 00210F9C
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00210FD2
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00210FAD
.text C:\Windows\system32\svchost.exe[856] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00330FCA
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00330F9E
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00330FAF
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00330FE5
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00330F8D
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00330036
.text C:\Windows\system32\svchost.exe[856] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[856] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00200FE5
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00720000
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 0072002C
.text C:\Windows\System32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 0072001B
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 007900AC
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 007900FD
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 007900E2
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 0079000A
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00790076
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00790F9E
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00790051
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00790F4D
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 0079001B
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 007900D1
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00790FD4
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00790FEF
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 00790036
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 0079009B
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00790FC3
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00790F72
.text C:\Windows\System32\svchost.exe[924] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00790F83
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00780FE3
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00780F93
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!system 7582B177 5 Bytes JMP 00780FA4
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00780FC6
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00780FB5
.text C:\Windows\System32\svchost.exe[924] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00780000
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00AB0FEF
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00AB0F94
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00AB0025
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00AB0F83
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00AB0FD4
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00AB0040
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00AB0FAF
.text C:\Windows\System32\svchost.exe[924] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00AB000A
.text C:\Windows\System32\svchost.exe[924] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00730000
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00540FE5
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 0054001B
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 0054000A
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 005B0F50
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 005B00CA
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 005B00AF
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 005B0FC3
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 005B0F97
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 005B0FB2
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 005B006F
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 005B0F1A
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 005B0039
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 005B0094
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 005B0FDE
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 005B0FEF
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 005B0054
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 005B0F6B
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 005B000A
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 005B0F35
.text C:\Windows\System32\svchost.exe[956] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 005B0F7C
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00560000
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 0056004E
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!system 7582B177 5 Bytes JMP 0056003D
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00560FD7
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 0056002C
.text C:\Windows\System32\svchost.exe[956] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00560011
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00600FEF
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00600F94
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00600F72
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00600F83
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00600000
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00600F57
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00600FAF
.text C:\Windows\System32\svchost.exe[956] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00600FC0
.text C:\Windows\System32\svchost.exe[956] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00550000
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00C80FEF
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00C8002F
.text C:\Windows\system32\svchost.exe[1000] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00C8000A
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00D5009F
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00D500DC
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00D500CB
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00D50036
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00D50F9B
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00D50058
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00D50069
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00D50F36
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00D50FCA
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 00D50F5B
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00D50FE5
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00D50000
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 00D50047
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 00D50F76
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00D50025
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00D500BA
.text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00D50084
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00D40000
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00D4005F
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 7582B177 5 Bytes JMP 00D40044
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00D40022
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00D40033
.text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00D40011
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00D60000
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00D60FA5
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00D60F80
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00D60022
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00D60FDB
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00D60033
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00D60011
.text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00D60FCA
.text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00D30FEF
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00320FE5
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00320FC3
.text C:\Windows\system32\svchost.exe[1176] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00320FD4
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00300F4D
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 003000E2
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 003000C7
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 0030002F
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00300F79
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00300FAF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00300F9E
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 003000F3
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 0030004A
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 00300091
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00300FEF
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00300000
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 0030005B
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 0030006C
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00300FDE
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 003000AC
.text C:\Windows\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00300F68
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00330000
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00330F90
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!system 7582B177 5 Bytes JMP 00330FAB
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00330FC6
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 0033001B
.text C:\Windows\system32\svchost.exe[1176] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00330FD7
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00340FEF
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 0034002F
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 0034005E
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00340FB2
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00340014
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 0034006F
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00340FC3
.text C:\Windows\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00340FD4
.text C:\Windows\system32\svchost.exe[1176] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00360FEF
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 005F000A
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 005F0025
.text C:\Windows\system32\svchost.exe[1392] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 005F0FEF
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00560084
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00560F1E
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00560F39
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 0056000A
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00560047
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00560036
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00560F6F
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00560F0D
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00560F9E
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 0056009F
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00560FD4
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00560FE5
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 0056001B
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 00560069
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00560FC3
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00560F4A
.text C:\Windows\system32\svchost.exe[1392] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00560058
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00610077
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!system 7582B177 5 Bytes JMP 00610066
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00610044
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00610055
.text C:\Windows\system32\svchost.exe[1392] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00610029
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00630000
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00630FB9
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00630040
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00630FA8
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00630FE5
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 0063005B
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00630FCA
.text C:\Windows\system32\svchost.exe[1392] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00630025
.text C:\Windows\system32\svchost.exe[1392] WS2_32.dll!socket 75693EB8 5 Bytes JMP 0060000A
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00BC0FE5
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00BC001B
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00BC000A
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00BA0F4D
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00BA0F17
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00BA00AC
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00BA0040
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00BA006C
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00BA0051
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00BA0F94
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00BA00C7
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00BA0FCA
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 00BA0F32
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00BA0025
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00BA0000
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 00BA0FAF
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 00BA0F5E
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00BA0FEF
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00BA009B
.text C:\Windows\system32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00BA0F6F
.text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00B90000
.text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00B9003D
.text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!system 7582B177 5 Bytes JMP 00B9002C
.text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00B90FCD
.text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00B90FBC
.text C:\Windows\system32\svchost.exe[1564] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00B90011
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00BB0FEF
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00BB0025
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00BB0F83
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00BB0F9E
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00BB0FDE
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00BB004A
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00BB000A
.text C:\Windows\system32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00BB0FC3
.text C:\Windows\system32\svchost.exe[1564] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00730000
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1908] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 6EE399A1 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[1908] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 6EE39A63 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Windows\system32\svchost.exe[2980] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00040000
.text C:\Windows\system32\svchost.exe[2980] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 0004001B
.text C:\Windows\system32\svchost.exe[2980] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00040FE5
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 000100DF
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00010F68
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00010F79
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00010FDB
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00010098
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 000100B3
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00010118
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 00010F9B
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 0001001B
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 0001007D
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 000100CE
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00010036
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00010F8A
.text C:\Windows\system32\svchost.exe[2980] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_open 757F7E48 5 Bytes JMP 000E0000
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wsystem 7582B057 3 Bytes JMP 000E0066
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wsystem + 4 7582B05B 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!system 7582B177 3 Bytes JMP 000E0055
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!system + 4 7582B17B 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_creat 7582ED31 3 Bytes JMP 000E0044
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_creat + 4 7582ED35 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wcreat 75830396 3 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wcreat + 4 7583039A 1 Byte [8A]
.text C:\Windows\system32\svchost.exe[2980] msvcrt.dll!_wopen 75830578 5 Bytes JMP 000E001D
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 000F000A
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 000F0040
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 000F006C
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 000F0051
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 000F0FAF
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 000F0FD4
.text C:\Windows\system32\svchost.exe[2980] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 000F0025
.text C:\Windows\system32\svchost.exe[2980] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00130000
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] kernel32.dll!FindResourceW 758C54CF 5 Bytes JMP 00440980 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] kernel32.dll!FindResourceA 758CA475 5 Bytes JMP 00440930 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] USER32.dll!LoadStringA 75E166A7 5 Bytes JMP 00441110 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] USER32.dll!LoadStringW 75E1DFBA 5 Bytes JMP 00440FD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] USER32.dll!LoadMenuW 75E1F214 5 Bytes JMP 00440B40 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] USER32.dll!LoadMenuA 75E2F92C 5 Bytes JMP 00440AD0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] USER32.dll!CreateDialogParamA 75E31F42 5 Bytes JMP 004409D0 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe[3372] USER32.dll!CreateDialogParamW 75E45630 5 Bytes JMP 00440A50 C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Download Manager for Audible content/Audible, Inc.)
.text C:\Windows\explorer.exe[4276] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00040FE5
.text C:\Windows\explorer.exe[4276] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00040FB9
.text C:\Windows\explorer.exe[4276] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00040FD4
.text C:\Windows\explorer.exe[4276] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00010F8A
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00010107
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00010F68
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00010036
.text C:\Windows\explorer.exe[4276] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00010FC0
.text C:\Windows\explorer.exe[4276] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 00010087
.text C:\Windows\explorer.exe[4276] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 000100A2
.text C:\Windows\explorer.exe[4276] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 00010F57
.text C:\Windows\explorer.exe[4276] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00010051
.text C:\Windows\explorer.exe[4276] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 000100D8
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 0001001B
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 0001000A
.text C:\Windows\explorer.exe[4276] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 0001006C
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 00010FA5
.text C:\Windows\explorer.exe[4276] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00010FE5
.text C:\Windows\explorer.exe[4276] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00010F79
.text C:\Windows\explorer.exe[4276] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 000100B3
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 00070000
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 00070025
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 00070036
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 00070F94
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 00070FE5
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 00070051
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 00070FAF
.text C:\Windows\explorer.exe[4276] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 00070FCA
.text C:\Windows\explorer.exe[4276] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00080000
.text C:\Windows\explorer.exe[4276] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 0008004E
.text C:\Windows\explorer.exe[4276] msvcrt.dll!system 7582B177 5 Bytes JMP 00080FC3
.text C:\Windows\explorer.exe[4276] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 00080029
.text C:\Windows\explorer.exe[4276] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00080FDE
.text C:\Windows\explorer.exe[4276] msvcrt.dll!_wopen 75830578 5 Bytes JMP 00080FEF
.text C:\Windows\explorer.exe[4276] WS2_32.dll!socket 75693EB8 5 Bytes JMP 00450000
.text C:\Windows\explorer.exe[4276] WININET.dll!InternetOpenW 756F9197 5 Bytes JMP 05C20FD4
.text C:\Windows\explorer.exe[4276] WININET.dll!InternetOpenA 756FF18E 5 Bytes JMP 05C20FEF
.text C:\Windows\explorer.exe[4276] WININET.dll!InternetOpenUrlA 757130E9 5 Bytes JMP 05C2000A
.text C:\Windows\explorer.exe[4276] WININET.dll!InternetOpenUrlW 7574BF94 5 Bytes JMP 05C20FC3
.text C:\Windows\system32\svchost.exe[4776] ntdll.dll!NtCreateFile 770055C8 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[4776] ntdll.dll!NtCreateProcess 77005698 5 Bytes JMP 00040FB9
.text C:\Windows\system32\svchost.exe[4776] ntdll.dll!NtProtectVirtualMemory 77005F18 5 Bytes JMP 00040FCA
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!GetStartupInfoA 75881E10 5 Bytes JMP 00010F32
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreateProcessW 7588204D 5 Bytes JMP 00010091
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreateProcessA 75882082 5 Bytes JMP 00010080
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreateNamedPipeW 758B2D47 5 Bytes JMP 00010FA8
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!VirtualProtect 758C2BCD 5 Bytes JMP 00010F61
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!LoadLibraryExA 758C4466 5 Bytes JMP 0001002F
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!LoadLibraryExW 758C5079 5 Bytes JMP 00010F72
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!GetProcAddress 758CCC94 5 Bytes JMP 000100B6
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!LoadLibraryA 758CDC65 5 Bytes JMP 00010F8D
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!GetStartupInfoW 758CE2DD 5 Bytes JMP 00010F17
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreateFileW 758CE8A5 5 Bytes JMP 00010FDE
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreateFileA 758CEA61 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!LoadLibraryW 758CEF42 5 Bytes JMP 00010014
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreatePipe 758E12A6 5 Bytes JMP 0001005B
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!CreateNamedPipeA 7590DBA8 5 Bytes JMP 00010FC3
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!WinExec 7590EDB2 5 Bytes JMP 00010F06
.text C:\Windows\system32\svchost.exe[4776] kernel32.dll!VirtualProtectEx 7590FD51 5 Bytes JMP 0001004A
.text C:\Windows\system32\svchost.exe[4776] msvcrt.dll!_open 757F7E48 5 Bytes JMP 00120FEF
.text C:\Windows\system32\svchost.exe[4776] msvcrt.dll!_wsystem 7582B057 5 Bytes JMP 00120FBE
.text C:\Windows\system32\svchost.exe[4776] msvcrt.dll!system 7582B177 5 Bytes JMP 00120049
.text C:\Windows\system32\svchost.exe[4776] msvcrt.dll!_creat 7582ED31 5 Bytes JMP 0012001D
.text C:\Windows\system32\svchost.exe[4776] msvcrt.dll!_wcreat 75830396 5 Bytes JMP 00120038
.text C:\Windows\system32\svchost.exe[4776] msvcrt.dll!_wopen 75830578 5 Bytes JMP 0012000C
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegOpenKeyA 76E8CC15 5 Bytes JMP 003B0FEF
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegCreateKeyA 76E8CD01 5 Bytes JMP 003B0FB2
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegCreateKeyExA 76E91469 5 Bytes JMP 003B0054
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegCreateKeyW 76E91514 5 Bytes JMP 003B0039
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegOpenKeyW 76E92459 5 Bytes JMP 003B0FD4
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegCreateKeyExW 76E940FE 5 Bytes JMP 003B006F
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegOpenKeyExW 76E9468D 5 Bytes JMP 003B0FC3
.text C:\Windows\system32\svchost.exe[4776] ADVAPI32.dll!RegOpenKeyExA 76E94907 5 Bytes JMP 003B0014
.text C:\Windows\system32\svchost.exe[4776] WS2_32.dll!socket 75693EB8 5 Bytes JMP 003C0000
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] ntdll.dll!LdrLoadDll 7702223E 5 Bytes JMP 6467FA35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] kernel32.dll!MapViewOfFile 758C93DB 5 Bytes JMP 6492079E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] kernel32.dll!VirtualAlloc 758CC43A 5 Bytes JMP 649207C5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4904] GDI32.dll!CreateDIBSection 76B88850 5 Bytes JMP 64920728 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:3708] A075DF2E

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportArchive\NonCritical_HostProblem_47e0409c69b6979346d749d4105dc0a8378397e0_040d2201

---- EOF - GMER 1.0.15 ----

-------------------------------------------------------

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 30 June 2012 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 02 July 2012 - 08:08 PM

I ran TDSSKiller - 450 objects, no threats found. No reboots were needed.

Here are the run results:
==============================================================
16:49:59.0189 8124 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
16:50:01.0200 8124 ============================================================
16:50:01.0200 8124 Current date / time: 2012/07/02 16:50:01.0200
16:50:01.0200 8124 SystemInfo:
16:50:01.0200 8124
16:50:01.0201 8124 OS Version: 6.1.7601 ServicePack: 1.0
16:50:01.0201 8124 Product type: Workstation
16:50:01.0201 8124 ComputerName: EMACHINE
16:50:01.0201 8124 UserName: user
16:50:01.0201 8124 Windows directory: C:\Windows
16:50:01.0201 8124 System windows directory: C:\Windows
16:50:01.0201 8124 Processor architecture: Intel x86
16:50:01.0201 8124 Number of processors: 2
16:50:01.0201 8124 Page size: 0x1000
16:50:01.0201 8124 Boot type: Normal boot
16:50:01.0201 8124 ============================================================
16:50:04.0072 8124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
16:50:04.0088 8124 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:50:04.0090 8124 Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:50:04.0177 8124 ============================================================
16:50:04.0177 8124 \Device\Harddisk0\DR0:
16:50:04.0177 8124 MBR partitions:
16:50:04.0177 8124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:50:04.0177 8124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC800000
16:50:04.0177 8124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC832800, BlocksNum 0x2DB52800
16:50:04.0177 8124 \Device\Harddisk1\DR1:
16:50:04.0220 8124 MBR partitions:
16:50:04.0220 8124 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C0681
16:50:04.0220 8124 \Device\Harddisk2\DR2:
16:50:04.0224 8124 MBR partitions:
16:50:04.0224 8124 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3A384C02
16:50:04.0224 8124 ============================================================
16:50:04.0294 8124 C: <-> \Device\Harddisk0\DR0\Partition1
16:50:04.0330 8124 D: <-> \Device\Harddisk0\DR0\Partition2
16:50:04.0345 8124 E: <-> \Device\Harddisk1\DR1\Partition0
16:50:04.0346 8124 G: <-> \Device\Harddisk2\DR2\Partition0
16:50:04.0367 8124 ============================================================
16:50:04.0367 8124 Initialize success
16:50:04.0367 8124 ============================================================
16:50:07.0747 5648 ============================================================
16:50:07.0747 5648 Scan started
16:50:07.0747 5648 Mode: Manual;
16:50:07.0747 5648 ============================================================
16:50:08.0643 5648 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
16:50:08.0733 5648 1394ohci - ok
16:50:08.0781 5648 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
16:50:08.0876 5648 ACPI - ok
16:50:08.0907 5648 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
16:50:08.0999 5648 AcpiPmi - ok
16:50:09.0118 5648 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:50:09.0230 5648 AdobeARMservice - ok
16:50:09.0325 5648 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:50:09.0333 5648 AdobeFlashPlayerUpdateSvc - ok
16:50:09.0402 5648 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
16:50:09.0430 5648 adp94xx - ok
16:50:09.0458 5648 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
16:50:09.0471 5648 adpahci - ok
16:50:09.0493 5648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
16:50:09.0503 5648 adpu320 - ok
16:50:09.0536 5648 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
16:50:09.0537 5648 AeLookupSvc - ok
16:50:09.0599 5648 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
16:50:09.0633 5648 AFD - ok
16:50:09.0664 5648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
16:50:09.0666 5648 agp440 - ok
16:50:09.0685 5648 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
16:50:09.0688 5648 aic78xx - ok
16:50:09.0790 5648 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
16:50:09.0806 5648 ALG - ok
16:50:09.0846 5648 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
16:50:09.0855 5648 aliide - ok
16:50:09.0919 5648 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
16:50:09.0928 5648 amdagp - ok
16:50:09.0943 5648 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
16:50:09.0945 5648 amdide - ok
16:50:10.0061 5648 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
16:50:10.0066 5648 AmdK8 - ok
16:50:10.0083 5648 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
16:50:10.0085 5648 AmdPPM - ok
16:50:10.0189 5648 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
16:50:10.0193 5648 amdsata - ok
16:50:10.0221 5648 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
16:50:10.0228 5648 amdsbs - ok
16:50:10.0293 5648 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
16:50:10.0528 5648 amdxata - ok
16:50:10.0566 5648 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
16:50:10.0712 5648 AppID - ok
16:50:10.0761 5648 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
16:50:10.0764 5648 AppIDSvc - ok
16:50:10.0801 5648 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
16:50:10.0805 5648 Appinfo - ok
16:50:10.0896 5648 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:50:10.0989 5648 Apple Mobile Device - ok
16:50:11.0030 5648 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
16:50:11.0036 5648 AppMgmt - ok
16:50:11.0067 5648 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
16:50:11.0071 5648 arc - ok
16:50:11.0091 5648 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
16:50:11.0099 5648 arcsas - ok
16:50:11.0117 5648 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
16:50:11.0122 5648 AsyncMac - ok
16:50:11.0153 5648 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
16:50:11.0155 5648 atapi - ok
16:50:11.0223 5648 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:50:11.0234 5648 AudioEndpointBuilder - ok
16:50:11.0241 5648 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
16:50:11.0246 5648 Audiosrv - ok
16:50:11.0317 5648 AWRScheduler (38ed354dc6751c79ff90da67a76c49ce) C:\Program Files\Caphyon\Advanced Web Ranking\Scheduler.exe
16:50:11.0390 5648 AWRScheduler - ok
16:50:11.0424 5648 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
16:50:11.0489 5648 AxInstSV - ok
16:50:11.0557 5648 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
16:50:11.0577 5648 b06bdrv - ok
16:50:11.0635 5648 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
16:50:11.0642 5648 b57nd60x - ok
16:50:11.0696 5648 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
16:50:11.0702 5648 BDESVC - ok
16:50:11.0715 5648 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
16:50:11.0718 5648 Beep - ok
16:50:11.0785 5648 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
16:50:11.0858 5648 BFE - ok
16:50:11.0918 5648 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
16:50:11.0933 5648 BITS - ok
16:50:11.0962 5648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
16:50:11.0968 5648 blbdrive - ok
16:50:12.0070 5648 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:50:12.0165 5648 Bonjour Service - ok
16:50:12.0189 5648 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
16:50:12.0251 5648 bowser - ok
16:50:12.0275 5648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:50:12.0281 5648 BrFiltLo - ok
16:50:12.0295 5648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:50:12.0301 5648 BrFiltUp - ok
16:50:12.0329 5648 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
16:50:12.0334 5648 BridgeMP - ok
16:50:12.0408 5648 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
16:50:12.0463 5648 Browser - ok
16:50:12.0509 5648 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
16:50:12.0534 5648 Brserid - ok
16:50:12.0556 5648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
16:50:12.0568 5648 BrSerWdm - ok
16:50:12.0579 5648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:50:12.0584 5648 BrUsbMdm - ok
16:50:12.0642 5648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
16:50:12.0654 5648 BrUsbSer - ok
16:50:12.0671 5648 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
16:50:12.0677 5648 BTHMODEM - ok
16:50:12.0800 5648 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
16:50:12.0807 5648 bthserv - ok
16:50:12.0905 5648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
16:50:12.0917 5648 cdfs - ok
16:50:12.0955 5648 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
16:50:12.0958 5648 cdrom - ok
16:50:13.0035 5648 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:50:13.0106 5648 CertPropSvc - ok
16:50:13.0154 5648 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
16:50:13.0157 5648 cfwids - ok
16:50:13.0172 5648 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
16:50:13.0178 5648 circlass - ok
16:50:13.0205 5648 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
16:50:13.0222 5648 CLFS - ok
16:50:13.0338 5648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:50:13.0354 5648 clr_optimization_v2.0.50727_32 - ok
16:50:13.0424 5648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:50:13.0443 5648 clr_optimization_v4.0.30319_32 - ok
16:50:13.0464 5648 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
16:50:13.0467 5648 CmBatt - ok
16:50:13.0552 5648 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
16:50:13.0561 5648 cmdide - ok
16:50:13.0628 5648 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
16:50:13.0662 5648 CNG - ok
16:50:13.0690 5648 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
16:50:13.0694 5648 Compbatt - ok
16:50:13.0731 5648 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
16:50:13.0793 5648 CompositeBus - ok
16:50:13.0826 5648 COMSysApp - ok
16:50:13.0843 5648 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
16:50:13.0848 5648 crcdisk - ok
16:50:14.0054 5648 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
16:50:14.0106 5648 CryptSvc - ok
16:50:14.0158 5648 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
16:50:14.0241 5648 CSC - ok
16:50:14.0295 5648 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
16:50:14.0304 5648 CscService - ok
16:50:14.0336 5648 dc3d (4d926450ab184bf42aec1401d264acdc) C:\Windows\system32\DRIVERS\dc3d.sys
16:50:14.0403 5648 dc3d - ok
16:50:14.0463 5648 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:50:14.0472 5648 DcomLaunch - ok
16:50:14.0506 5648 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
16:50:14.0515 5648 defragsvc - ok
16:50:14.0644 5648 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
16:50:14.0718 5648 DfsC - ok
16:50:14.0787 5648 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
16:50:14.0852 5648 Dhcp - ok
16:50:14.0880 5648 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
16:50:14.0885 5648 discache - ok
16:50:14.0912 5648 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
16:50:14.0914 5648 Disk - ok
16:50:14.0954 5648 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
16:50:15.0011 5648 Dnscache - ok
16:50:15.0088 5648 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
16:50:15.0092 5648 dot3svc - ok
16:50:15.0128 5648 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
16:50:15.0131 5648 DPS - ok
16:50:15.0269 5648 DragonSvc (d5761dd586c54bf710174e992fa83eaa) C:\Program Files\Common Files\Nuance\dgnsvc.exe
16:50:15.0377 5648 DragonSvc - ok
16:50:15.0414 5648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
16:50:15.0415 5648 drmkaud - ok
16:50:15.0485 5648 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
16:50:15.0577 5648 DXGKrnl - ok
16:50:15.0625 5648 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
16:50:15.0631 5648 EapHost - ok
16:50:15.0820 5648 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
16:50:15.0884 5648 ebdrv - ok
16:50:15.0978 5648 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
16:50:15.0981 5648 EFS - ok
16:50:16.0079 5648 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
16:50:16.0094 5648 ehRecvr - ok
16:50:16.0128 5648 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
16:50:16.0134 5648 ehSched - ok
16:50:16.0290 5648 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
16:50:16.0318 5648 elxstor - ok
16:50:16.0431 5648 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
16:50:16.0439 5648 ErrDev - ok
16:50:16.0796 5648 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
16:50:16.0821 5648 EventSystem - ok
16:50:16.0861 5648 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
16:50:16.0871 5648 exfat - ok
16:50:17.0101 5648 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
16:50:17.0108 5648 fastfat - ok
16:50:17.0169 5648 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
16:50:17.0183 5648 Fax - ok
16:50:17.0390 5648 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
16:50:17.0394 5648 fdc - ok
16:50:17.0404 5648 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
16:50:17.0410 5648 fdPHost - ok
16:50:17.0614 5648 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
16:50:17.0623 5648 FDResPub - ok
16:50:17.0646 5648 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
16:50:17.0656 5648 FileInfo - ok
16:50:17.0953 5648 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
16:50:17.0964 5648 Filetrace - ok
16:50:18.0080 5648 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:50:18.0185 5648 FLEXnet Licensing Service - ok
16:50:18.0206 5648 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
16:50:18.0211 5648 flpydisk - ok
16:50:18.0241 5648 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
16:50:18.0248 5648 FltMgr - ok
16:50:18.0331 5648 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
16:50:18.0343 5648 FontCache - ok
16:50:18.0387 5648 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:50:18.0391 5648 FontCache3.0.0.0 - ok
16:50:18.0414 5648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
16:50:18.0418 5648 FsDepends - ok
16:50:18.0451 5648 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
16:50:18.0452 5648 Fs_Rec - ok
16:50:18.0608 5648 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
16:50:18.0620 5648 fvevol - ok
16:50:18.0655 5648 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:50:18.0667 5648 gagp30kx - ok
16:50:18.0717 5648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:50:18.0810 5648 GEARAspiWDM - ok
16:50:18.0951 5648 GoToMyPC (fcec59f16559bb038ffa87c2d86a8a8f) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
16:50:19.0077 5648 GoToMyPC - ok
16:50:19.0132 5648 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
16:50:19.0147 5648 gpsvc - ok
16:50:19.0266 5648 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
16:50:19.0270 5648 gupdate - ok
16:50:19.0283 5648 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
16:50:19.0286 5648 gupdatem - ok
16:50:19.0319 5648 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
16:50:19.0327 5648 hcw85cir - ok
16:50:19.0394 5648 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
16:50:19.0418 5648 HdAudAddService - ok
16:50:19.0477 5648 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
16:50:19.0578 5648 HDAudBus - ok
16:50:19.0596 5648 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
16:50:19.0601 5648 HidBatt - ok
16:50:19.0618 5648 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
16:50:19.0623 5648 HidBth - ok
16:50:19.0640 5648 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
16:50:19.0645 5648 HidIr - ok
16:50:19.0658 5648 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
16:50:19.0663 5648 hidserv - ok
16:50:19.0732 5648 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
16:50:19.0734 5648 HidUsb - ok
16:50:19.0789 5648 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Program Files\HitmanPro\hmpsched.exe
16:50:19.0877 5648 HitmanProScheduler - ok
16:50:19.0914 5648 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
16:50:19.0916 5648 hkmsvc - ok
16:50:19.0983 5648 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
16:50:19.0986 5648 HomeGroupListener - ok
16:50:20.0020 5648 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
16:50:20.0062 5648 HomeGroupProvider - ok
16:50:20.0112 5648 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
16:50:20.0119 5648 HpSAMD - ok
16:50:20.0185 5648 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
16:50:20.0282 5648 HTTP - ok
16:50:20.0298 5648 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
16:50:20.0299 5648 hwpolicy - ok
16:50:20.0340 5648 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
16:50:20.0344 5648 i8042prt - ok
16:50:20.0387 5648 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
16:50:20.0523 5648 iaStorV - ok
16:50:20.0736 5648 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:50:20.0765 5648 idsvc - ok
16:50:20.0797 5648 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
16:50:20.0803 5648 iirsp - ok
16:50:20.0860 5648 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
16:50:20.0942 5648 IKEEXT - ok
16:50:20.0974 5648 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
16:50:20.0978 5648 intelide - ok
16:50:21.0003 5648 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
16:50:21.0009 5648 intelppm - ok
16:50:21.0037 5648 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
16:50:21.0043 5648 IPBusEnum - ok
16:50:21.0057 5648 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:50:21.0063 5648 IpFilterDriver - ok
16:50:21.0230 5648 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
16:50:21.0240 5648 iphlpsvc - ok
16:50:21.0288 5648 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
16:50:21.0292 5648 IPMIDRV - ok
16:50:21.0370 5648 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
16:50:21.0380 5648 IPNAT - ok
16:50:21.0518 5648 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
16:50:21.0615 5648 iPod Service - ok
16:50:21.0643 5648 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
16:50:21.0649 5648 irda - ok
16:50:21.0674 5648 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
16:50:21.0678 5648 IRENUM - ok
16:50:21.0876 5648 Irmon (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
16:50:21.0885 5648 Irmon - ok
16:50:21.0920 5648 irsir (5896b5ff6332ab2be1582523e9656a67) C:\Windows\system32\DRIVERS\irsir.sys
16:50:21.0927 5648 irsir - ok
16:50:22.0116 5648 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
16:50:22.0119 5648 isapnp - ok
16:50:22.0342 5648 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
16:50:22.0437 5648 iScsiPrt - ok
16:50:22.0464 5648 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
16:50:22.0468 5648 kbdclass - ok
16:50:22.0519 5648 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
16:50:22.0521 5648 kbdhid - ok
16:50:22.0552 5648 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:50:22.0554 5648 KeyIso - ok
16:50:22.0657 5648 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
16:50:22.0785 5648 KSecDD - ok
16:50:22.0818 5648 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
16:50:22.0820 5648 KSecPkg - ok
16:50:22.0861 5648 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
16:50:22.0877 5648 KtmRm - ok
16:50:22.0929 5648 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
16:50:22.0996 5648 LanmanServer - ok
16:50:23.0035 5648 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
16:50:23.0100 5648 LanmanWorkstation - ok
16:50:23.0145 5648 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
16:50:23.0149 5648 lltdio - ok
16:50:23.0243 5648 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
16:50:23.0265 5648 lltdsvc - ok
16:50:23.0280 5648 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
16:50:23.0283 5648 lmhosts - ok
16:50:23.0362 5648 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:50:23.0370 5648 LSI_FC - ok
16:50:23.0387 5648 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:50:23.0395 5648 LSI_SAS - ok
16:50:23.0481 5648 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:50:23.0498 5648 LSI_SAS2 - ok
16:50:23.0519 5648 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:50:23.0525 5648 LSI_SCSI - ok
16:50:23.0629 5648 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
16:50:23.0642 5648 luafv - ok
16:50:23.0726 5648 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:23.0736 5648 McAfee SiteAdvisor Service - ok
16:50:23.0782 5648 McComponentHostService (22a7776c5d8eb5930edf9c8dd0884259) C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
16:50:23.0794 5648 McComponentHostService - ok
16:50:23.0877 5648 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:23.0886 5648 McMPFSvc - ok
16:50:23.0899 5648 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:23.0904 5648 mcmscsvc - ok
16:50:24.0009 5648 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:24.0018 5648 McNaiAnn - ok
16:50:24.0037 5648 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:24.0039 5648 McNASvc - ok
16:50:24.0181 5648 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
16:50:24.0197 5648 McODS - ok
16:50:24.0208 5648 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:24.0212 5648 McProxy - ok
16:50:24.0279 5648 McPvDrv (000751813ecef491689176e72b3a8bee) C:\Windows\system32\drivers\McPvDrv.sys
16:50:24.0434 5648 McPvDrv - ok
16:50:24.0474 5648 McShield (593fa4c378818ece76ba64a11ad56cf2) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
16:50:24.0476 5648 McShield - ok
16:50:24.0516 5648 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
16:50:24.0579 5648 Mcx2Svc - ok
16:50:24.0607 5648 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
16:50:24.0614 5648 megasas - ok
16:50:24.0652 5648 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
16:50:24.0658 5648 MegaSR - ok
16:50:24.0691 5648 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
16:50:24.0758 5648 mfeapfk - ok
16:50:24.0789 5648 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
16:50:24.0860 5648 mfeavfk - ok
16:50:24.0892 5648 mfeavfk01 - ok
16:50:24.0912 5648 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
16:50:24.0967 5648 mfebopk - ok
16:50:25.0003 5648 mfefire (7e1f8b1bdc8240f08bd358b3a466c005) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
16:50:25.0006 5648 mfefire - ok
16:50:25.0041 5648 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
16:50:25.0119 5648 mfefirek - ok
16:50:25.0172 5648 mfehidk (37800fbb68d88e3c3e49bb9c97233e87) C:\Windows\system32\drivers\mfehidk.sys
16:50:25.0178 5648 mfehidk - ok
16:50:25.0197 5648 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
16:50:25.0199 5648 mfenlfk - ok
16:50:25.0215 5648 mferkdet (47c91e229b129047f0138011ddf9f92f) C:\Windows\system32\drivers\mferkdet.sys
16:50:25.0216 5648 mferkdet - ok
16:50:25.0259 5648 mfevtp (9f09caa8dc12fc1626f82a5c212f6f9c) C:\Windows\system32\mfevtps.exe
16:50:25.0325 5648 mfevtp - ok
16:50:25.0391 5648 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
16:50:25.0466 5648 mfewfpk - ok
16:50:25.0503 5648 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:50:25.0504 5648 MMCSS - ok
16:50:25.0560 5648 MOBKbackup (35176fa09a0fc58db630991a81a0ba39) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
16:50:25.0619 5648 MOBKbackup - ok
16:50:25.0636 5648 MOBKFilter (e896775837a8bce436348df460522394) C:\Windows\system32\DRIVERS\MOBK.sys
16:50:25.0766 5648 MOBKFilter - ok
16:50:25.0791 5648 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
16:50:25.0797 5648 Modem - ok
16:50:25.0817 5648 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
16:50:25.0818 5648 monitor - ok
16:50:25.0866 5648 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
16:50:25.0869 5648 mouclass - ok
16:50:25.0902 5648 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
16:50:25.0905 5648 mouhid - ok
16:50:25.0942 5648 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
16:50:25.0943 5648 mountmgr - ok
16:50:26.0107 5648 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:50:26.0210 5648 MozillaMaintenance - ok
16:50:26.0245 5648 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
16:50:26.0384 5648 mpio - ok
16:50:26.0397 5648 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
16:50:26.0399 5648 mpsdrv - ok
16:50:26.0460 5648 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
16:50:26.0474 5648 MpsSvc - ok
16:50:26.0511 5648 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
16:50:26.0638 5648 MRxDAV - ok
16:50:26.0671 5648 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:50:26.0798 5648 mrxsmb - ok
16:50:26.0837 5648 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:50:26.0965 5648 mrxsmb10 - ok
16:50:26.0989 5648 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:50:26.0991 5648 mrxsmb20 - ok
16:50:27.0020 5648 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
16:50:27.0150 5648 msahci - ok
16:50:27.0253 5648 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
16:50:27.0258 5648 MSCamSvc - ok
16:50:27.0293 5648 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
16:50:27.0435 5648 msdsm - ok
16:50:27.0491 5648 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
16:50:27.0503 5648 MSDTC - ok
16:50:27.0536 5648 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
16:50:27.0543 5648 Msfs - ok
16:50:27.0556 5648 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
16:50:27.0560 5648 mshidkmdf - ok
16:50:27.0597 5648 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
16:50:27.0603 5648 msisadrv - ok
16:50:27.0688 5648 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
16:50:27.0710 5648 MSiSCSI - ok
16:50:27.0717 5648 msiserver - ok
16:50:27.0839 5648 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
16:50:27.0843 5648 MSK80Service - ok
16:50:27.0864 5648 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
16:50:27.0870 5648 MSKSSRV - ok
16:50:27.0947 5648 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
16:50:27.0956 5648 MSPCLOCK - ok
16:50:27.0983 5648 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
16:50:27.0990 5648 MSPQM - ok
16:50:28.0073 5648 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
16:50:28.0088 5648 MsRPC - ok
16:50:28.0189 5648 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
16:50:28.0196 5648 mssmbios - ok
16:50:28.0216 5648 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
16:50:28.0221 5648 MSTEE - ok
16:50:28.0489 5648 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
16:50:28.0497 5648 MTConfig - ok
16:50:28.0518 5648 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
16:50:28.0525 5648 Mup - ok
16:50:28.0765 5648 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
16:50:28.0778 5648 napagent - ok
16:50:28.0831 5648 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
16:50:28.0851 5648 NativeWifiP - ok
16:50:29.0032 5648 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
16:50:29.0046 5648 NDIS - ok
16:50:29.0227 5648 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
16:50:29.0250 5648 NdisCap - ok
16:50:29.0280 5648 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
16:50:29.0281 5648 NdisTapi - ok
16:50:29.0449 5648 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
16:50:29.0514 5648 Ndisuio - ok
16:50:29.0815 5648 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
16:50:29.0953 5648 NdisWan - ok
16:50:29.0983 5648 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
16:50:30.0049 5648 NDProxy - ok
16:50:30.0067 5648 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
16:50:30.0074 5648 NetBIOS - ok
16:50:30.0109 5648 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
16:50:30.0237 5648 NetBT - ok
16:50:30.0351 5648 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:50:30.0353 5648 Netlogon - ok
16:50:30.0569 5648 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
16:50:30.0585 5648 Netman - ok
16:50:30.0636 5648 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
16:50:30.0656 5648 netprofm - ok
16:50:30.0717 5648 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:50:30.0776 5648 NetTcpPortSharing - ok
16:50:30.0809 5648 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
16:50:30.0815 5648 nfrd960 - ok
16:50:30.0981 5648 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
16:50:31.0041 5648 NlaSvc - ok
16:50:31.0064 5648 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
16:50:31.0069 5648 Npfs - ok
16:50:31.0367 5648 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
16:50:31.0378 5648 nsi - ok
16:50:31.0396 5648 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
16:50:31.0403 5648 nsiproxy - ok
16:50:31.0733 5648 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
16:50:31.0875 5648 Ntfs - ok
16:50:31.0965 5648 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:50:32.0028 5648 NuidFltr - ok
16:50:32.0054 5648 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
16:50:32.0059 5648 Null - ok
16:50:32.0217 5648 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
16:50:32.0234 5648 NVENETFD - ok
16:50:32.0831 5648 nvlddmkm (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:50:33.0157 5648 nvlddmkm - ok
16:50:33.0280 5648 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
16:50:33.0355 5648 nvraid - ok
16:50:33.0391 5648 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
16:50:33.0494 5648 nvstor - ok
16:50:33.0539 5648 nvsvc (4ed813efd77a9b7e57e341cdc1c5cbc4) C:\Windows\system32\nvvsvc.exe
16:50:33.0606 5648 nvsvc - ok
16:50:33.0641 5648 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
16:50:33.0645 5648 nv_agp - ok
16:50:33.0762 5648 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:50:33.0770 5648 odserv - ok
16:50:33.0806 5648 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
16:50:33.0809 5648 ohci1394 - ok
16:50:33.0850 5648 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:50:33.0853 5648 ose - ok
16:50:33.0901 5648 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:50:33.0916 5648 p2pimsvc - ok
16:50:33.0959 5648 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
16:50:33.0973 5648 p2psvc - ok
16:50:34.0017 5648 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
16:50:34.0024 5648 Parport - ok
16:50:34.0083 5648 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
16:50:34.0280 5648 partmgr - ok
16:50:34.0297 5648 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
16:50:34.0298 5648 Parvdm - ok
16:50:34.0315 5648 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
16:50:34.0323 5648 PcaSvc - ok
16:50:34.0356 5648 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
16:50:34.0430 5648 pci - ok
16:50:34.0506 5648 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
16:50:34.0511 5648 pciide - ok
16:50:34.0538 5648 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
16:50:34.0550 5648 pcmcia - ok
16:50:34.0665 5648 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
16:50:34.0670 5648 pcw - ok
16:50:34.0727 5648 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
16:50:34.0754 5648 PEAUTH - ok
16:50:34.0888 5648 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
16:50:34.0915 5648 PeerDistSvc - ok
16:50:35.0073 5648 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
16:50:35.0135 5648 pla - ok
16:50:35.0260 5648 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
16:50:35.0338 5648 PlugPlay - ok
16:50:35.0366 5648 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
16:50:35.0370 5648 PNRPAutoReg - ok
16:50:35.0400 5648 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
16:50:35.0403 5648 PNRPsvc - ok
16:50:35.0439 5648 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
16:50:35.0507 5648 PolicyAgent - ok
16:50:35.0556 5648 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
16:50:35.0615 5648 Power - ok
16:50:35.0667 5648 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
16:50:35.0671 5648 PptpMiniport - ok
16:50:35.0717 5648 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
16:50:35.0722 5648 Processor - ok
16:50:35.0785 5648 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
16:50:35.0799 5648 ProfSvc - ok
16:50:35.0878 5648 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:50:35.0880 5648 ProtectedStorage - ok
16:50:35.0903 5648 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
16:50:35.0915 5648 Psched - ok
16:50:36.0023 5648 PxHelp20 (d970470f8f39470bdae94d313a1ccdce) C:\Windows\system32\Drivers\PxHelp20.sys
16:50:36.0024 5648 PxHelp20 - ok
16:50:36.0119 5648 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
16:50:36.0149 5648 ql2300 - ok
16:50:36.0230 5648 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
16:50:36.0235 5648 ql40xx - ok
16:50:36.0298 5648 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
16:50:36.0323 5648 QWAVE - ok
16:50:36.0340 5648 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
16:50:36.0347 5648 QWAVEdrv - ok
16:50:36.0432 5648 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
16:50:36.0450 5648 RasAcd - ok
16:50:36.0472 5648 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:50:36.0487 5648 RasAgileVpn - ok
16:50:36.0537 5648 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
16:50:36.0548 5648 RasAuto - ok
16:50:36.0566 5648 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:50:36.0575 5648 Rasl2tp - ok
16:50:36.0712 5648 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
16:50:36.0799 5648 RasMan - ok
16:50:36.0825 5648 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
16:50:36.0834 5648 RasPppoe - ok
16:50:36.0863 5648 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
16:50:36.0869 5648 RasSstp - ok
16:50:36.0893 5648 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
16:50:37.0021 5648 rdbss - ok
16:50:37.0041 5648 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
16:50:37.0045 5648 rdpbus - ok
16:50:37.0071 5648 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:50:37.0072 5648 RDPCDD - ok
16:50:37.0102 5648 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
16:50:37.0104 5648 RDPDR - ok
16:50:37.0215 5648 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
16:50:37.0218 5648 RDPENCDD - ok
16:50:37.0245 5648 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
16:50:37.0247 5648 RDPREFMP - ok
16:50:37.0388 5648 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
16:50:37.0534 5648 RDPWD - ok
16:50:37.0587 5648 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
16:50:37.0592 5648 rdyboost - ok
16:50:37.0618 5648 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
16:50:37.0629 5648 RemoteAccess - ok
16:50:37.0706 5648 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
16:50:37.0720 5648 RemoteRegistry - ok
16:50:37.0747 5648 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
16:50:37.0758 5648 RpcEptMapper - ok
16:50:37.0861 5648 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
16:50:37.0869 5648 RpcLocator - ok
16:50:37.0926 5648 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
16:50:37.0932 5648 RpcSs - ok
16:50:37.0961 5648 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
16:50:37.0969 5648 rspndr - ok
16:50:38.0129 5648 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
16:50:38.0192 5648 s3cap - ok
16:50:38.0219 5648 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:50:38.0221 5648 SamSs - ok
16:50:38.0273 5648 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
16:50:38.0439 5648 sbp2port - ok
16:50:38.0462 5648 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
16:50:38.0467 5648 SCardSvr - ok
16:50:38.0496 5648 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
16:50:38.0546 5648 scfilter - ok
16:50:38.0621 5648 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
16:50:38.0745 5648 Schedule - ok
16:50:38.0777 5648 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
16:50:38.0778 5648 SCPolicySvc - ok
16:50:38.0807 5648 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
16:50:38.0847 5648 SDRSVC - ok
16:50:38.0864 5648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
16:50:38.0867 5648 secdrv - ok
16:50:38.0880 5648 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
16:50:38.0886 5648 seclogon - ok
16:50:38.0898 5648 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
16:50:38.0903 5648 SENS - ok
16:50:38.0933 5648 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
16:50:38.0940 5648 SensrSvc - ok
16:50:38.0953 5648 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
16:50:38.0956 5648 Serenum - ok
16:50:39.0077 5648 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
16:50:39.0079 5648 Serial - ok
16:50:39.0127 5648 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
16:50:39.0132 5648 sermouse - ok
16:50:39.0313 5648 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
16:50:39.0401 5648 SessionEnv - ok
16:50:39.0430 5648 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
16:50:39.0435 5648 sffdisk - ok
16:50:39.0465 5648 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
16:50:39.0475 5648 sffp_mmc - ok
16:50:39.0507 5648 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
16:50:39.0581 5648 sffp_sd - ok
16:50:39.0598 5648 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
16:50:39.0603 5648 sfloppy - ok
16:50:39.0769 5648 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
16:50:39.0784 5648 SharedAccess - ok
16:50:39.0833 5648 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
16:50:39.0906 5648 ShellHWDetection - ok
16:50:39.0949 5648 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
16:50:39.0955 5648 sisagp - ok
16:50:39.0978 5648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:50:39.0982 5648 SiSRaid2 - ok
16:50:40.0078 5648 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
16:50:40.0091 5648 SiSRaid4 - ok
16:50:40.0190 5648 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
16:50:46.0371 5648 SkypeUpdate - ok
16:50:46.0395 5648 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
16:50:46.0399 5648 Smb - ok
16:50:46.0436 5648 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
16:50:46.0440 5648 SNMPTRAP - ok
16:50:46.0456 5648 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
16:50:46.0459 5648 spldr - ok
16:50:46.0554 5648 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
16:50:46.0573 5648 Spooler - ok
16:50:46.0860 5648 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
16:50:46.0967 5648 sppsvc - ok
16:50:47.0066 5648 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
16:50:47.0069 5648 sppuinotify - ok
16:50:47.0132 5648 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
16:50:47.0141 5648 srv - ok
16:50:47.0170 5648 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
16:50:47.0303 5648 srv2 - ok
16:50:47.0334 5648 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
16:50:47.0482 5648 srvnet - ok
16:50:47.0515 5648 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
16:50:47.0522 5648 SSDPSRV - ok
16:50:47.0542 5648 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
16:50:47.0545 5648 SstpSvc - ok
16:50:47.0573 5648 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
16:50:47.0582 5648 stexstor - ok
16:50:47.0637 5648 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
16:50:47.0697 5648 StiSvc - ok
16:50:47.0724 5648 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
16:50:47.0817 5648 storflt - ok
16:50:47.0843 5648 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
16:50:47.0921 5648 StorSvc - ok
16:50:47.0972 5648 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
16:50:48.0024 5648 storvsc - ok
16:50:48.0092 5648 StumbleUponUpdateService (33e26f67b49480ae8238a1c89f6cde92) C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
16:50:48.0167 5648 StumbleUponUpdateService - ok
16:50:48.0200 5648 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
16:50:48.0205 5648 swenum - ok
16:50:48.0247 5648 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
16:50:48.0261 5648 swprv - ok
16:50:48.0363 5648 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
16:50:48.0494 5648 SysMain - ok
16:50:48.0521 5648 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
16:50:48.0581 5648 TabletInputService - ok
16:50:48.0622 5648 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
16:50:48.0718 5648 TapiSrv - ok
16:50:48.0740 5648 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
16:50:48.0750 5648 TBS - ok
16:50:48.0899 5648 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
16:50:48.0987 5648 Tcpip - ok
16:50:49.0010 5648 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
16:50:49.0018 5648 TCPIP6 - ok
16:50:49.0051 5648 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
16:50:49.0159 5648 tcpipreg - ok
16:50:49.0193 5648 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
16:50:49.0313 5648 TDPIPE - ok
16:50:49.0346 5648 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
16:50:49.0479 5648 TDTCP - ok
16:50:49.0512 5648 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
16:50:49.0514 5648 tdx - ok
16:50:49.0542 5648 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
16:50:49.0643 5648 TermDD - ok
16:50:49.0702 5648 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
16:50:49.0770 5648 TermService - ok
16:50:49.0797 5648 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
16:50:49.0804 5648 Themes - ok
16:50:49.0821 5648 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
16:50:49.0822 5648 THREADORDER - ok
16:50:49.0841 5648 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
16:50:49.0848 5648 TrkWks - ok
16:50:49.0930 5648 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
16:50:49.0933 5648 TrustedInstaller - ok
16:50:49.0977 5648 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:50:50.0098 5648 tssecsrv - ok
16:50:50.0196 5648 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
16:50:50.0282 5648 TsUsbFlt - ok
16:50:50.0344 5648 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
16:50:50.0420 5648 tunnel - ok
16:50:50.0450 5648 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
16:50:50.0454 5648 uagp35 - ok
16:50:50.0501 5648 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
16:50:50.0580 5648 udfs - ok
16:50:50.0610 5648 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
16:50:50.0617 5648 UI0Detect - ok
16:50:50.0649 5648 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
16:50:50.0651 5648 uliagpkx - ok
16:50:50.0753 5648 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
16:50:50.0827 5648 umbus - ok
16:50:50.0843 5648 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
16:50:50.0847 5648 UmPass - ok
16:50:50.0956 5648 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
16:50:51.0040 5648 UmRdpService - ok
16:50:51.0074 5648 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
16:50:51.0089 5648 upnphost - ok
16:50:51.0126 5648 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
16:50:51.0248 5648 USBAAPL - ok
16:50:51.0281 5648 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
16:50:51.0357 5648 usbaudio - ok
16:50:51.0382 5648 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
16:50:51.0384 5648 usbccgp - ok
16:50:51.0424 5648 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
16:50:51.0426 5648 usbcir - ok
16:50:51.0440 5648 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
16:50:51.0558 5648 usbehci - ok
16:50:51.0604 5648 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
16:50:51.0737 5648 usbhub - ok
16:50:51.0760 5648 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
16:50:51.0761 5648 usbohci - ok
16:50:51.0782 5648 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
16:50:51.0787 5648 usbprint - ok
16:50:51.0870 5648 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:50:51.0875 5648 USBSTOR - ok
16:50:51.0895 5648 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
16:50:52.0028 5648 usbuhci - ok
16:50:52.0052 5648 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
16:50:52.0165 5648 usbvideo - ok
16:50:52.0191 5648 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
16:50:52.0199 5648 UxSms - ok
16:50:52.0228 5648 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
16:50:52.0229 5648 VaultSvc - ok
16:50:52.0249 5648 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
16:50:52.0254 5648 vdrvroot - ok
16:50:52.0364 5648 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
16:50:52.0481 5648 vds - ok
16:50:52.0506 5648 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
16:50:52.0511 5648 vga - ok
16:50:52.0530 5648 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
16:50:52.0536 5648 VgaSave - ok
16:50:52.0603 5648 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
16:50:52.0688 5648 vhdmp - ok
16:50:52.0709 5648 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
16:50:52.0718 5648 viaagp - ok
16:50:52.0743 5648 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
16:50:52.0748 5648 ViaC7 - ok
16:50:52.0780 5648 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
16:50:52.0785 5648 viaide - ok
16:50:52.0920 5648 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
16:50:53.0007 5648 vmbus - ok
16:50:53.0023 5648 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
16:50:53.0111 5648 VMBusHID - ok
16:50:53.0199 5648 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
16:50:53.0200 5648 volmgr - ok
16:50:53.0415 5648 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
16:50:53.0450 5648 volmgrx - ok
16:50:53.0567 5648 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
16:50:53.0573 5648 volsnap - ok
16:50:53.0661 5648 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
16:50:53.0666 5648 vsmraid - ok
16:50:53.0762 5648 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
16:50:53.0780 5648 VSS - ok
16:50:53.0793 5648 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
16:50:53.0796 5648 vwifibus - ok
16:50:53.0836 5648 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
16:50:53.0852 5648 W32Time - ok
16:50:53.0871 5648 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
16:50:53.0876 5648 WacomPen - ok
16:50:53.0920 5648 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:53.0924 5648 WANARP - ok
16:50:53.0934 5648 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
16:50:53.0935 5648 Wanarpv6 - ok
16:50:54.0054 5648 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
16:50:54.0079 5648 WatAdminSvc - ok
16:50:54.0167 5648 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
16:50:54.0266 5648 wbengine - ok
16:50:54.0290 5648 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
16:50:54.0297 5648 WbioSrvc - ok
16:50:54.0341 5648 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
16:50:54.0408 5648 wcncsvc - ok
16:50:54.0435 5648 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
16:50:54.0438 5648 WcsPlugInService - ok
16:50:54.0480 5648 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
16:50:54.0484 5648 Wd - ok
16:50:54.0569 5648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
16:50:54.0588 5648 Wdf01000 - ok
16:50:54.0605 5648 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:50:54.0612 5648 WdiServiceHost - ok
16:50:54.0665 5648 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
16:50:54.0669 5648 WdiSystemHost - ok
16:50:54.0722 5648 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
16:50:54.0802 5648 WebClient - ok
16:50:54.0832 5648 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
16:50:54.0841 5648 Wecsvc - ok
16:50:54.0857 5648 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
16:50:54.0862 5648 wercplsupport - ok
16:50:54.0962 5648 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
16:50:54.0978 5648 WerSvc - ok
16:50:55.0006 5648 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
16:50:55.0009 5648 WfpLwf - ok
16:50:55.0081 5648 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
16:50:55.0084 5648 WIMMount - ok
16:50:55.0193 5648 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:50:55.0212 5648 WinDefend - ok
16:50:55.0223 5648 WinHttpAutoProxySvc - ok
16:50:55.0388 5648 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
16:50:55.0396 5648 Winmgmt - ok
16:50:55.0499 5648 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
16:50:55.0586 5648 WinRM - ok
16:50:55.0673 5648 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
16:50:55.0743 5648 WinUsb - ok
16:50:55.0820 5648 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
16:50:55.0843 5648 Wlansvc - ok
16:50:56.0018 5648 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:50:56.0044 5648 wlidsvc - ok
16:50:56.0127 5648 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
16:50:56.0134 5648 WmiAcpi - ok
16:50:56.0192 5648 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
16:50:56.0194 5648 wmiApSrv - ok
16:50:56.0296 5648 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:50:56.0314 5648 WMPNetworkSvc - ok
16:50:56.0340 5648 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
16:50:56.0347 5648 WPCSvc - ok
16:50:56.0379 5648 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
16:50:56.0432 5648 WPDBusEnum - ok
16:50:56.0461 5648 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
16:50:56.0465 5648 ws2ifsl - ok
16:50:56.0493 5648 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
16:50:56.0499 5648 wscsvc - ok
16:50:56.0583 5648 WSearch - ok
16:50:56.0741 5648 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
16:50:56.0764 5648 wuauserv - ok
16:50:56.0864 5648 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
16:50:57.0027 5648 WudfPf - ok
16:50:57.0063 5648 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:50:57.0066 5648 WUDFRd - ok
16:50:57.0113 5648 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
16:50:57.0168 5648 wudfsvc - ok
16:50:57.0198 5648 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
16:50:57.0207 5648 WwanSvc - ok
16:50:57.0231 5648 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:50:57.0472 5648 \Device\Harddisk0\DR0 - ok
16:50:57.0486 5648 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:50:57.0823 5648 \Device\Harddisk1\DR1 - ok
16:50:57.0831 5648 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
16:51:09.0154 5648 \Device\Harddisk2\DR2 - ok
16:51:09.0157 5648 Boot (0x1200) (f5d1b0642d5506b6fecc62f0d02066ef) \Device\Harddisk0\DR0\Partition0
16:51:09.0159 5648 \Device\Harddisk0\DR0\Partition0 - ok
16:51:09.0170 5648 Boot (0x1200) (ee476dadc43feed9d33a73e5e5893e1d) \Device\Harddisk0\DR0\Partition1
16:51:09.0171 5648 \Device\Harddisk0\DR0\Partition1 - ok
16:51:09.0184 5648 Boot (0x1200) (078686f44f5204b199925c381a3f2d21) \Device\Harddisk0\DR0\Partition2
16:51:09.0186 5648 \Device\Harddisk0\DR0\Partition2 - ok
16:51:09.0198 5648 Boot (0x1200) (e907923299fa7e3de3b97a41ae1f86d3) \Device\Harddisk1\DR1\Partition0
16:51:09.0200 5648 \Device\Harddisk1\DR1\Partition0 - ok
16:51:09.0203 5648 Boot (0x1200) (3063a7cfa6a309e01dff562eebf0f9cd) \Device\Harddisk2\DR2\Partition0
16:51:09.0204 5648 \Device\Harddisk2\DR2\Partition0 - ok
16:51:09.0270 5648 ============================================================
16:51:09.0271 5648 Scan finished
16:51:09.0271 5648 ============================================================
16:51:09.0391 6600 Detected object count: 0
16:51:09.0391 6600 Actual detected object count: 0
==============================================================



I ran Avast. Downloaded current virus definitions. AVAST engine defs: 12070201
Here are the run results:
==============================================================
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 16:59:56
-----------------------------
16:59:56.790 OS Version: Windows 6.1.7601 Service Pack 1
16:59:56.790 Number of processors: 2 586 0x602
16:59:56.792 ComputerName: EMACHINE UserName: user
16:59:57.456 Initialize success
17:00:07.113 AVAST engine defs: 12070201
17:00:26.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
17:00:26.724 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
17:00:26.727 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000067
17:00:26.729 Disk 1 Vendor: ST325041 3.AA Size: 238475MB BusType: 3
17:00:26.776 Disk 0 MBR read successfully
17:00:26.778 Disk 0 MBR scan
17:00:26.786 Disk 0 Windows 7 default MBR code
17:00:26.802 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:00:26.831 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102400 MB offset 206848
17:00:26.853 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 374437 MB offset 209922048
17:00:26.872 Disk 0 scanning sectors +976769024
17:00:27.029 Disk 0 scanning C:\Windows\system32\drivers
17:00:59.774 Service scanning
17:01:20.989 Modules scanning
17:01:58.141 Disk 0 trace - called modules:
17:01:58.160 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys
17:01:58.166 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x868f4030]
17:01:58.182 3 CLASSPNP.SYS[8ba0e59e] -> nt!IofCallDriver -> [0x858d4700]
17:01:58.188 5 ACPI.sys[8b23f3d4] -> nt!IofCallDriver -> \Device\00000065[0x861fd710]
17:01:59.034 AVAST engine scan C:\Windows
17:02:11.212 AVAST engine scan C:\Windows\system32
17:11:50.115 AVAST engine scan C:\Windows\system32\drivers
17:12:55.949 AVAST engine scan C:\Users\user
18:20:29.781 AVAST engine scan C:\ProgramData
18:30:07.190 Scan finished successfully
19:41:06.780 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
19:41:06.828 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR log 2jul12.txt"
==============================================================

The forum posting system would not let me attach the MBR.dat file directly, so I put it into a Zipped folder and uploaded the containing folder instead.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 03 July 2012 - 07:48 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Now please run the DDS tool and post a log if you can.

#5 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 05 July 2012 - 12:28 PM

ComboFix won't run to completion.

I turned off Real Time Virus scanning and the Firewall for McAfee Total Protection and launched ComboFix.

It runs through its setup makes a recovery point (or appears to at least) and then announces it is starting scanning and that it might take 10 minutes (or perhaps twice that) to complete.

I let it run for 8+ hours and it never completed running, never posted an additional message to its window. I finally rebooted the machine - and had to do a hard (hold power 7 secs) shut down to get the shutdown to complete. Machine rebooted, but still infected.

What else can I try?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 06 July 2012 - 07:54 AM

Run ComboFix again. If it fails to finish and generate a log after one hour stop the process.
Restart the Computer.

If no log.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#7 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 06 July 2012 - 05:44 PM

Contents of OTL.txt
-----------------------------
OTL logfile created on: 7/6/2012 5:12:11 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\user\Desktop\Mike's AntiVirus Tools
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 60.19% Memory free
5.75 Gb Paging File | 4.26 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 13.58 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive D: | 365.66 Gb Total Space | 327.75 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 179.21 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 355.12 Gb Free Space | 76.26% Space Free | Partition Type: FAT32

Computer Name: XXXXXXXX| User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\Mike's AntiVirus Tools\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\880\g2mlauncher.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMeeting\880\g2mcomm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Caphyon\Advanced Web Ranking\Scheduler.exe (Caphyon)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
PRC - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\Core\mchost.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (AWRScheduler) -- C:\Program Files\Caphyon\Advanced Web Ranking\Scheduler.exe (Caphyon)
SRV - (GoToMyPC) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (DragonSvc) -- C:\Program Files\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (StumbleUponUpdateService) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfeavfk01) -- File not found
DRV - (catchme) -- C:\Users\user\AppData\Local\Temp\catchme.sys File not found
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (McPvDrv) -- C:\Windows\System32\drivers\McPvDrv.sys (McAfee, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (irsir) -- C:\Windows\System32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 95 01 DF AA F9 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {AD8AC2CA-EEFD-4C96-8672-8D9930CC51FB}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1223D8AA-A628-4AC7-BB0B-881F8A11F77B}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{AD8AC2CA-EEFD-4C96-8672-8D9930CC51FB}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/03/07 14:09:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/07/06 01:19:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/19 12:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/25 22:12:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{030E740A-8D43-11E1-826D-B8AC6F996F26}: C:\Users\user\AppData\Local\{030E740A-8D43-11E1-826D-B8AC6F996F26}\ [2012/04/23 07:51:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/19 12:38:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/25 22:12:20 | 000,000,000 | ---D | M]

[2010/11/08 12:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2010/11/08 12:58:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2012/06/20 11:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcjvuct5.default\extensions
[2010/06/25 17:06:04 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcjvuct5.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2011/08/22 15:09:36 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\xcjvuct5.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2012/02/17 19:18:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/19 12:38:32 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\user\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120626215845.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\user\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe (j2 Global Communications, Inc.)
O4 - HKCU..\Run: [googletalk] C:\Users\user\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\880\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://XXXXXXXXXXXX.webex.com/client/T27LB/webex/ieatgpc1.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1B8635-9F33-4BDD-96C4-8CDB975A103F}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/19 08:29:30 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 07:41:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8ED1839E-1800-4D05-A4B8-D2CC7211849C}
[2012/07/06 07:40:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7EC48D22-B410-43D8-887F-443149D4E644}
[2012/07/06 01:10:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/07/05 19:40:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C7F4297B-323D-4541-89DB-4722B991B598}
[2012/07/05 19:40:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5237F38B-1210-40ED-B11B-48CB53826F16}
[2012/07/05 12:25:11 | 004,572,925 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/07/05 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine
[2012/07/05 07:39:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{959A03A0-3365-4A5A-B7E6-FB2F1A1C6B90}
[2012/07/05 07:39:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FE469269-8B46-4662-8BAB-7B12869995DE}
[2012/07/04 15:52:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2000A612-5687-4B0B-8058-F8B62C9D800B}
[2012/07/04 15:52:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B774BC7B-C90F-4E1A-8C02-5A23A36D8848}
[2012/07/03 12:45:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5B5A47C4-6EE2-4ACB-97DD-87611510B189}
[2012/07/03 12:45:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{0B06EED1-D3F1-4C89-B067-621225B66043}
[2012/07/03 09:09:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/03 09:09:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/03 09:09:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/03 00:44:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F20B2A3C-DC05-43AC-B525-E891B85E93B1}
[2012/07/02 12:44:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{ECE89E61-AEAF-47B9-8CED-45DE2A69CC65}
[2012/07/02 00:43:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{822A0832-DB2E-4F0C-997A-B0E40A1228E2}
[2012/07/01 12:43:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{26B8D6B7-2A22-4C7C-B7A6-3323CC86906D}
[2012/07/01 00:42:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C974AB26-4E2B-40C8-B45F-C4929B335805}
[2012/06/30 12:42:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3AC0E1B0-8A41-4C47-8CC4-30CEF265D920}
[2012/06/30 00:41:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3E8DBD53-CFB7-4815-B10F-46007A9628E3}
[2012/06/29 12:41:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A2F58C3B-543C-4CAE-B8C9-091B6C0A05E1}
[2012/06/29 00:41:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C6E434E5-B6EA-4DCA-91DD-0A6B7D931745}
[2012/06/29 00:40:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6AC9A2FE-7BF9-4B90-91DE-62E375892A65}
[2012/06/28 15:09:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
[2012/06/28 12:40:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1E18D3FB-064E-4CE4-A6F8-BB87DF9AF52E}
[2012/06/28 00:39:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{999E30A6-B106-456C-94DE-3F3CCF9DB77F}
[2012/06/27 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{950BC7F6-8B6B-4C46-9A5B-F9D6AE38364C}
[2012/06/27 00:39:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{16403EF7-A5DC-4EA8-A600-56D2BDFFAA60}
[2012/06/27 00:38:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2F330999-6167-44D1-9FFC-6A1F0776686D}
[2012/06/26 12:38:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CC875053-CD2A-4746-9B87-543147E03618}
[2012/06/26 00:37:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D69E799D-87DC-43D2-9865-F75C0C95C44C}
[2012/06/25 22:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/25 22:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/25 22:12:20 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/25 22:12:20 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/25 22:11:59 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/25 22:11:59 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/25 22:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/06/25 21:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/06/25 21:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/06/25 12:37:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FC47F529-C110-44E3-8268-4E8C8E1DA34D}
[2012/06/25 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6247F5F0-DD75-47CA-9E86-DAC44AC1CBE6}
[2012/06/25 00:36:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CB0A8697-7237-4E7F-A058-429DCE0B4B0A}
[2012/06/24 12:36:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{05410A03-BBBA-488F-92D0-76CA55D614FD}
[2012/06/24 00:35:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4099A875-9C06-4A74-AF04-5EB43D99BF86}
[2012/06/23 22:36:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Macromedia
[2012/06/23 12:35:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D873351B-7651-4C21-9301-725E9FC36EAD}
[2012/06/23 12:35:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1C32CE8D-84D9-4833-99BA-BE22F8F00921}
[2012/06/23 00:34:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7E0E0311-F05A-4CDC-8293-A7863CC9EAEA}
[2012/06/23 00:34:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5252DC3F-112E-420E-B407-A14DB809EA10}
[2012/06/22 12:34:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{BB951C24-8761-4987-BE38-D0E18B30E02F}
[2012/06/22 12:34:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C46E0D6C-7242-48F6-9B6F-71C5286860B0}
[2012/06/22 08:30:46 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/22 08:30:46 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/22 08:30:25 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/22 08:30:25 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/22 08:30:25 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/22 08:30:08 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/22 08:30:08 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/22 00:33:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5E9E201B-98DB-4BA4-B3AA-3F630458E96A}
[2012/06/22 00:33:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{CE59D551-1982-426A-A607-8C8C2BDE6FE3}
[2012/06/21 12:33:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4BBB0802-C2C6-4BE6-B73B-2D5E8BE585C9}
[2012/06/21 12:33:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E44CCF09-5D8F-4EF4-9C37-EEEA4905CFE7}
[2012/06/21 00:30:20 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/21 00:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C8181E3B-5FC7-41D7-B34F-1DC266A5DE2B}
[2012/06/21 00:20:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{71283377-6B26-44D3-AEDB-4EBEC3FF7E21}
[2012/06/21 00:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/21 00:16:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/20 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D8482EA7-4AF7-4ECE-B3E8-38438D6EF3DE}
[2012/06/20 18:25:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{52E862AF-005E-4EE5-AEF8-F671AEF20D04}
[2012/06/20 18:03:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{05202202-A8DB-49C9-9F45-F7F542987D21}
[2012/06/20 18:02:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A6D9B1C5-615F-479E-8F58-191977FA28A7}
[2012/06/14 07:27:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FC1BCE93-C64F-43B2-955E-4147E151828A}
[2012/06/14 07:27:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1581AE7D-2DC2-424F-BFC3-F51232E1124A}
[2012/06/13 23:55:30 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/06/13 23:55:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/13 23:55:19 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/13 23:55:18 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/13 23:55:17 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/13 23:53:46 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/13 23:53:20 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/13 23:53:20 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/13 23:53:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/13 10:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/13 10:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/13 10:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/13 10:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/06/13 10:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/12 17:19:52 | 000,000,000 | ---D | C] -- D:\My Documents\Terry
[2012/06/12 06:27:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4A8E698C-E7EF-4BF9-AAE5-41BCF6326CFA}
[2012/06/11 18:27:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DE233576-E550-4BDB-B70B-5BCC52A66111}
[2012/06/10 00:58:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/06/10 00:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/06/10 00:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/06/07 01:17:08 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012/03/20 11:02:31 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\user\gotomypc_540.exe
[2010/12/06 19:33:53 | 001,233,920 | R--- | C] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\msxml4.dll
[2010/12/06 19:33:53 | 000,044,544 | R--- | C] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\msxml4a.dll
[2010/07/08 21:45:18 | 001,063,320 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\user\gotomypc_533.exe
[2010/07/08 21:40:24 | 007,046,096 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\user\gosetup.exe
[2005/01/12 08:53:54 | 000,082,432 | R--- | C] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\msxml4r.dll

========== Files - Modified Within 30 Days ==========

[2012/07/06 17:09:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 16:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 10:09:00 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 01:23:13 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 01:23:13 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 01:22:33 | 000,623,940 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/06 01:22:33 | 000,106,316 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/06 01:20:27 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/07/06 01:15:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 01:15:50 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 01:08:26 | 004,572,925 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe
[2012/06/30 14:12:00 | 000,002,308 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/28 15:19:38 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/06/25 22:11:38 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/06/25 22:11:38 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/06/25 22:11:38 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/06/25 22:11:37 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/06/25 22:11:37 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/06/25 22:06:52 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/06/25 22:06:52 | 000,002,062 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/25 21:36:20 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/23 16:36:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/23 16:36:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/23 09:02:49 | 000,000,000 | ---- | M] () -- C:\Users\user\defogger_reenable
[2012/06/14 03:29:10 | 002,239,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 10:21:04 | 000,001,775 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/13 10:06:01 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/06/13 10:05:14 | 000,002,207 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/07 01:18:29 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012/06/07 01:18:29 | 000,159,608 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012/06/07 01:18:29 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys

========== Files Created - No Company Name ==========

[2012/07/03 09:09:58 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/03 09:09:58 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/03 09:09:58 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/03 09:09:58 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/03 09:09:58 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/25 21:36:39 | 000,002,062 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/06/25 21:36:39 | 000,002,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/06/25 21:36:20 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/25 21:36:20 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/23 09:02:49 | 000,000,000 | ---- | C] () -- C:\Users\user\defogger_reenable
[2012/06/13 10:21:04 | 000,001,775 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/13 10:06:01 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/06/13 10:05:14 | 000,002,308 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/13 10:05:14 | 000,002,207 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/13 10:04:38 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/13 10:04:36 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/10 00:58:29 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/03/28 12:19:42 | 000,005,632 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/10 20:11:40 | 000,002,475 | ---- | C] () -- C:\Users\user\AppData\Roaming\SAS7_000.DAT
[2011/10/05 16:06:22 | 000,103,784 | ---- | C] () -- C:\Users\user\GoToAssistDownloadHelper.exe
[2011/06/06 18:22:15 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/04 15:44:56 | 000,012,000 | -HS- | C] () -- C:\Users\user\AppData\Local\12jv48jg1883x
[2011/04/04 15:44:56 | 000,012,000 | -HS- | C] () -- C:\ProgramData\12jv48jg1883x
[2010/11/19 14:14:42 | 000,007,605 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2010/05/25 13:01:24 | 000,060,304 | ---- | C] () -- C:\Users\user\g2mdlhlpx.exe

========== LOP Check ==========

[2011/10/21 17:59:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Artisteer
[2010/10/23 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/21 00:13:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\CoreFTP
[2011/11/02 11:37:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\eFax Messenger
[2010/06/20 15:37:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Facebook
[2011/11/02 12:20:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\j2 Global
[2010/10/18 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NoteTab Light
[2012/01/10 19:19:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nuance
[2010/05/24 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice.org
[2010/05/23 12:01:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Qualcomm
[2010/05/23 11:45:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QualcommNew
[2012/04/06 11:33:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\webex
[2011/12/12 11:38:55 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/06/07 01:18:29 | 000,475,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mfehidk.sys
[2012/06/07 01:18:29 | 000,087,656 | ---- | M] (McAfee, Inc.) -- C:\Windows\system32\drivers\mferkdet.sys
[2012/04/27 22:17:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\rdpwd.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2010/05/21 07:22:04 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-4170950728-83955498-1182208438-1000\desktop.ini

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-06-14 08:10:40

< MD5 for: AGP440.SYS >
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/13 20:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010/11/20 07:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010/11/20 07:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\System32\drivers\beep.sys
[2009/07/13 18:45:01 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=505506526A9D467307B3C393DEDAF858 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_c3f6f77668f0ddcc\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX10\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX11\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX12\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX13\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\user\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX10\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX11\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX12\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX13\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005/08/16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\user\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 00:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 07:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 00:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/05/14 01:26:31 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=02D5E2D9D9497F314C97E082A1CB9808 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17617_none_95c851f0b48aeae5\kernel32.dll
[2009/12/08 06:33:31 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=0369BA73CE6D918745579B24339765E8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16481_none_93903c22b7a2b5ea\kernel32.dll
[2011/06/03 01:01:43 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=11826814AA8C1177CBF6BC40105E9A87 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20978_none_942bb277d0b1dfc0\kernel32.dll
[2011/07/15 23:25:25 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=12DD18C6ECADEDB922E40B494D315206 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.21010_none_946467d1d088a0a4\kernel32.dll
[2009/07/13 20:15:35 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=4605F7EE9805F7E1C98D6C959DD2949C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16385_none_93943b64b79f1e1f\kernel32.dll
[2011/05/14 01:35:39 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=4F9C07F0D68E135F1E07C20647FC54F9 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16816_none_93e0f4a0b76565a2\kernel32.dll
[2010/11/20 07:19:26 | 000,857,600 | ---- | M] (Microsoft Corporation) MD5=5553784D774CA845380650E010BBDA2C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_95c54f2cb48da1b9\kernel32.dll
[2011/05/14 02:40:52 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=5717FC9D2A1DAA0596DC7D940F2D613C -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21728_none_96481f19cdafbff7\kernel32.dll
[2011/07/15 23:34:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=7E99A20C758ABB5AE89C7AEEA3A9AEB2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.16850_none_93afb334b78b3d5c\kernel32.dll
[2011/07/15 23:54:28 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=921F8B3FF01501C9934CCB3C270833D7 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_960c0dc1cdddb3a2\kernel32.dll
[2011/07/15 23:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\System32\kernel32.dll
[2011/07/15 23:27:30 | 000,868,352 | ---- | M] (Microsoft Corporation) MD5=E570CBD732848438EAC574EB3442A2A8 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_95971084b4b0c29f\kernel32.dll
[2009/12/08 06:57:44 | 000,857,088 | ---- | M] (Microsoft Corporation) MD5=EB7B2309A2B16EEB73C2C13477FEF8FB -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.20591_none_940f0901d0c871a5\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2009/07/13 20:15:51 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=11A41F17527ED75D6B758FDD7F4FD00D -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\System32\mswsock.dll
[2010/11/20 07:19:56 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NDIS.SYS >
[2009/07/13 20:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010/11/20 07:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010/11/20 07:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NTFS.SYS >
[2011/03/11 00:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010/11/20 07:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009/07/13 20:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2011/03/11 00:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\System32\drivers\ntfs.sys
[2011/03/11 00:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011/03/11 00:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011/03/11 00:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 00:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 00:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 07:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2010/11/20 07:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\System32\proquota.exe
[2010/11/20 07:17:30 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2009/07/13 20:14:29 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=8CDF71E78469BE54C29C1AD2FC8DE611 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7600.16385_none_279d4dfaf3b8bd5a\proquota.exe

< MD5 for: QMGR.DLL >
[2009/07/13 20:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 07:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 07:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/08/19 23:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009/07/13 20:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010/11/20 07:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\System32\spoolsv.exe
[2010/11/20 07:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010/08/21 00:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TERMSRV.DLL >
[2010/11/20 07:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\System32\termsrv.dll
[2010/11/20 07:21:28 | 000,521,216 | ---- | M] (Microsoft Corporation) MD5=382C804C92811BE57829D8E550A900E2 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_90a6abb3b286306d\termsrv.dll
[2009/07/13 20:16:15 | 000,543,232 | ---- | M] (Microsoft Corporation) MD5=A01E50A04D7B1960B33E92B9080E6A94 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_8e7597ebb597acd3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX10\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX11\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX12\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX13\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX3\userinit.exe
[2009/05/26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\user\AppData\Local\Temp\RarSFX4\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

#8 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 06 July 2012 - 05:52 PM

Contents of Extras.Txt
-------------------------------
OTL Extras logfile created on: 7/6/2012 5:12:12 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\user\Desktop\Mike's AntiVirus Tools
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 60.19% Memory free
5.75 Gb Paging File | 4.26 Gb Available in Paging File | 74.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100.00 Gb Total Space | 13.58 Gb Free Space | 13.58% Space Free | Partition Type: NTFS
Drive D: | 365.66 Gb Total Space | 327.75 Gb Free Space | 89.63% Space Free | Partition Type: NTFS
Drive E: | 232.88 Gb Total Space | 179.21 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive G: | 465.65 Gb Total Space | 355.12 Gb Free Space | 76.26% Space Free | Partition Type: FAT32

Computer Name: XXXXXXXX | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04F7B0E8-05F2-4D61-AC06-1D4A6D28B374}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{151FD954-5550-4CD7-86BA-3D1136AF2318}" = rport=139 | protocol=6 | dir=out | app=system |
"{160FA449-0675-408C-8E64-26466815855F}" = rport=445 | protocol=6 | dir=out | app=system |
"{294DCF4D-7B5D-46B8-AB1E-8908149BD8A2}" = lport=137 | protocol=17 | dir=in | app=system |
"{31DCDE6F-F331-466D-9B0C-153F54B24634}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{346B456B-CF56-4B5A-923C-1AA7E9642D85}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{39D101D6-A089-4DEF-BDCA-E9820C1F79C7}" = rport=138 | protocol=17 | dir=out | app=system |
"{3FD5082F-B58F-46D9-9191-3D250557DC8B}" = lport=139 | protocol=6 | dir=in | app=system |
"{4753805F-5EBC-4B55-A79C-F03782772458}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{47F78E89-436D-4FD5-80DD-A5F12188397B}" = lport=445 | protocol=6 | dir=in | app=system |
"{56B3450C-44BC-431F-9692-0473B82DA293}" = lport=49168 | protocol=6 | dir=in | name=akamai netsession interface |
"{5BD60716-C324-40CA-AB97-B7999380B79C}" = lport=49166 | protocol=6 | dir=in | name=akamai netsession interface |
"{7393D6BA-9934-4ECF-AC76-E2847F9D9E9F}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EAC2AC0-ACA0-4C0B-A5E2-496B4C45F761}" = lport=2869 | protocol=6 | dir=in | app=system |
"{912EC73A-97C4-453D-8867-B8724FED5305}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B18C2C14-1034-453D-91F0-CC06FBEA6EDF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B3801700-256A-4954-85C5-82CC391BC975}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C059B0B4-CE12-4445-8A83-02396F0307FA}" = lport=138 | protocol=17 | dir=in | app=system |
"{C254DF4D-B21A-4399-A090-ED79932697B9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E7DA0B59-A8DD-4DCE-BC73-44809ACC38B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED0725F7-D1F5-46D9-9867-4C0A6FEE2354}" = lport=49212 | protocol=6 | dir=in | name=akamai netsession interface |
"{FABCDCD8-D6AE-40F2-A05A-94D7BF6E911B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F1AFB8C-2FC1-43A2-85CF-2A8EF92BE7F8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1600FB90-F22E-4D2F-8237-1BD926313282}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{1FB902CB-1CAC-4CAF-AB22-E4E1334BA346}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2AAC9B16-3A9B-48A2-8064-3940327232EB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3DDF328E-AF7C-493E-82E4-4DAA76271755}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3EE54944-AA75-4D6F-BF65-D958C0669F59}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |
"{5171A941-40C3-4F26-90E8-025303C3D553}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{67F98803-5305-481F-B89C-927C7AFAA19C}" = dir=in | app=c:\program files\caphyon\advanced web ranking\scheduler.exe |
"{75E44C50-9C01-43D5-BA7D-EABDBCD6B9EE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7F4CA189-FD6D-439A-B798-849B59C6431B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{84F244A4-EB59-43D5-A7A5-33B197EEDCEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{87659498-8C72-45B2-95B1-17DB7DA86C84}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{880D2C57-D821-4D27-9F20-7B4439672E5E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D9B771D-416C-4527-89F5-16F37E79B9CA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{99F7E69F-C262-44DA-960A-006A2CFE56A7}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{BC413C46-07F7-49A9-B9EA-DB9A2E4FC4B5}" = dir=in | app=c:\program files\caphyon\advanced web ranking\advancedwebranking.exe |
"{C4044CE9-6489-4C32-80C9-B4921D787CA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C57AFEB6-68BA-4C8F-BC42-C812829DBCE8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe |
"{C58E5983-FEB2-4A66-8074-1B7C79CA9D9D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{C7C1034B-D9E1-4071-AACB-79B5D0AA26F5}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D01BF998-E5B8-48B7-BAE0-56C065A5BEC4}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{E9A21D17-CEEE-4C4C-9630-E9EE294051EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{EAB33CEF-FCE0-4A74-8519-49CED18A94EF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{F41469D4-FD6E-4EE2-BAAA-4C01CFD482E0}" = dir=in | app=c:\program files\caphyon\advanced web ranking\advancedlinkmanager.exe |
"{F6241E2D-073B-484D-9C9A-0402C8F05C30}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B561CF4-0C7D-4745-AF53-161E24E44F87}" = Adobe CS4 Italian Speech Analysis Models
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1FD653A8-9CFA-4392-B89C-CCDB114DE442}" = Adobe CS4 Spanish Speech Analysis Models
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3BEFC09B-D022-457A-BD29-53D1B852B3F6}" = Eudora
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{48E9A4FB-17C6-4B14-BC9D-D83AF2A4059A}" = Adobe CS4 Korean Speech Analysis Models
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4F213D2A-B942-4611-AEE5-49F9D42D0A2F}" = Adobe CS4 International English Speech Analysis Models
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{566BB41D-F006-4956-A5D3-94D8DFFA7F51}" = Adobe Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7C4EAC-6E38-42E3-85AA-408874A803DE}" = Adobe CS4 German Speech Analysis Models
"{9AACCD0F-2734-4E8C-8C24-2702D4506E93}" = Adobe CS4 French Speech Analysis Models
"{9AD0C79C-1DC1-49E7-B844-FA9014D5E878}" = Advanced Web Ranking
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B35FDD04-48FD-4D3D-B0EB-088C5137CD42}" = Adobe CS4 Japanese Speech Analysis Models
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE3BB35E-C0CE-4CA1-9CB4-CD9E69364BD9}" = Adobe Premiere Pro CS4
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F920E37C-6305-4288-B4BD-966070403DB9}" = Google AdWords Editor
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_ffcb3f2dd758cc9933975d08d2cd477" = Adobe Premiere Pro CS4
"Akamai" = Akamai NetSession Interface Service
"Artisteer 2" = Artisteer 2
"Artisteer 3" = Artisteer 3
"AudibleDownloadManager" = Audible Download Manager
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Core FTP LE 2.1" = Core FTP LE 2.1
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"HitmanPro36" = HitmanPro 3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Total Protection
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Paint Shop Pro 4.12 Shareware" = Paint Shop Pro 4.12 Shareware
"Prism" = Prism Video File Converter
"STANDARDR" = Microsoft Office Standard 2007
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"TopStyle Lite (Version 1.5)" = TopStyle Lite (Version 1.5)
"TopStyle Lite (Version 2)" = TopStyle Lite (Version 2)
"WinLiveSuite" = Windows Live Essentials
"Xenu's Link Sleuth" = Xenu's Link Sleuth

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"GoToMeeting" = GoToMeeting 5.1.0.880
"HomeSite 4.5" = HomeSite 4.5

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2012 8:55:30 AM | Computer Name = XXXXXXXX | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: msxml4.dll_unloaded, version: 0.0.0.0,
time stamp: 0x3ea08e4d Exception code: 0xc0000005 Fault offset: 0x69b466b3 Faulting
process id: 0xd5c Faulting application start time: 0x01cd5aad03530960 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: msxml4.dll Report Id: b305cb90-c6a0-11e1-97be-90fba624cf2f

Error - 7/5/2012 8:59:16 AM | Computer Name = XXXXXXXX | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d6727a7 Faulting module name: msxml4.dll_unloaded, version: 0.0.0.0,
time stamp: 0x3ea08e4d Exception code: 0xc0000005 Fault offset: 0x69b466b3 Faulting
process id: 0x60c Faulting application start time: 0x01cd5aad799b4790 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: msxml4.dll Report Id: 3993e6b0-c6a1-11e1-97be-90fba624cf2f

Error - 7/5/2012 9:01:32 AM | Computer Name = XXXXXXXX | Source = Application Error | ID = 1000
Description = Faulting application name: stinger.exe, version: 0.0.0.0, time stamp:
0x4fe169fb Faulting module name: stinger.exe, version: 0.0.0.0, time stamp: 0x4fe169fb
Exception
code: 0xc0000005 Fault offset: 0x00ea8730 Faulting process id: 0x1088 Faulting application
start time: 0x01cd5aae4c19ff90 Faulting application path: C:\Users\user\Desktop\Mike's
AntiVirus Tools\stinger.exe Faulting module path: C:\Users\user\Desktop\Mike's AntiVirus
Tools\stinger.exe Report Id: 8aa31760-c6a1-11e1-97be-90fba624cf2f

Error - 7/5/2012 9:01:51 AM | Computer Name = XXXXXXXX | Source = Application Error | ID = 1000
Description = Faulting application name: stinger.exe, version: 0.0.0.0, time stamp:
0x4fe169fb Faulting module name: stinger.exe, version: 0.0.0.0, time stamp: 0x4fe169fb
Exception
code: 0xc0000005 Fault offset: 0x00ea8730 Faulting process id: 0xf28 Faulting application
start time: 0x01cd5aae583b2970 Faulting application path: C:\Users\user\Desktop\Mike's
AntiVirus Tools\stinger.exe Faulting module path: C:\Users\user\Desktop\Mike's AntiVirus
Tools\stinger.exe Report Id: 95edde70-c6a1-11e1-97be-90fba624cf2f

Error - 7/5/2012 10:04:51 AM | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 7/5/2012 11:21:30 AM | Computer Name = XXXXXXXX | Source = VSS | ID = 8194
Description =

Error - 7/5/2012 1:22:27 PM | Computer Name = XXXXXXXX | Source = VSS | ID = 8194
Description =

Error - 7/6/2012 1:36:22 AM | Computer Name = XXXXXXXX | Source = VSS | ID = 8194
Description =

Error - 7/6/2012 2:18:06 AM | Computer Name = XXXXXXXX | Source = VSS | ID = 8194
Description =

Error - 7/6/2012 3:13:25 AM | Computer Name = XXXXXXXX | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ OSession Events ]
Error - 5/25/2010 11:30:12 AM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3259
seconds with 240 seconds of active time. This session ended with a crash.

Error - 5/31/2010 7:04:38 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 328
seconds with 300 seconds of active time. This session ended with a crash.

Error - 5/31/2010 7:06:22 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 79
seconds with 60 seconds of active time. This session ended with a crash.

Error - 7/2/2010 9:36:33 AM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 226770
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 5/24/2011 3:57:40 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 282903
seconds with 1320 seconds of active time. This session ended with a crash.

Error - 6/18/2011 4:21:22 AM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 114938
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/24/2011 6:17:44 PM | Computer Name = XXXXXXXX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12523
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/4/2012 4:49:21 PM | Computer Name = XXXXXXXX | Source = DCOM | ID = 10010
Description =

Error - 7/4/2012 4:49:49 PM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the McShield service.

Error - 7/4/2012 4:55:01 PM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/4/2012 5:42:31 PM | Computer Name = XXXXXXXX | Source = BROWSER | ID = 8032
Description =

Error - 7/5/2012 9:29:32 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/5/2012 10:43:19 AM | Computer Name = XXXXXXXX | Source = BROWSER | ID = 8032
Description =

Error - 7/5/2012 11:23:51 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/5/2012 12:10:02 PM | Computer Name = XXXXXXXX | Source = BROWSER | ID = 8032
Description =

Error - 7/6/2012 1:05:13 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 7/6/2012 2:12:00 AM | Computer Name = XXXXXXXX | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.


< End of report >

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 07 July 2012 - 10:28 AM

I see nothing suspicious in your logs that would cause ComboFix not to run to completion.

I suggest your disable all security software and run the ComboFix again.

If that fails try this online scan.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


#10 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 08 July 2012 - 10:13 PM

Here is the specific sequence I used to run ComboFix this time.

rebooted windows 7
logged in as admin
killed skype
killed hitmanpro after it completed its scan and removed the FF and MSIE proxies that reports as running on 127.0.0.1. I do this every time I reboot, but they return after each reboot.

turned off McAfee Total Protection
- firewall
- real time virus scanning
both set to "never" for restart - I will restart them manually when scan completes or is aborted

re-downloaded ComboFix to start with latest version

closed browser

launched combofix and let run for 2 hours - no output generated.

Running ESET now. Will post results of that run on Monday morning.

#11 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 July 2012 - 09:10 AM

ESET completed after running 3:57:57
481,817 files scanned
0 infected files
0 cleaned files
Total scan time: 3:57:57
Scan status: Finished

No option to click on "list of found threats" or to "export to text file"

screengrab of ESET final screen attached.

Attached Files



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 09 July 2012 - 09:45 AM

Lets check further.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#13 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 July 2012 - 11:07 AM

FRST.exe ran quickly (perhaps 5 minutes to run).

Here is the output:
--------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-07-2012 01
Ran by SYSTEM at 09-07-2012 10:55:47
Running from I:\
(X86) OS Language: English(US)
Attention: Could not load system hive.Attention: System hive is missing.

========================== Registry (Whitelisted) =============

Attention: Software hive is missing.

HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell] [x ] ()

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============


============ 3 Months Modified Files ========================


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: <===== ATTENTION!
HKLM\...\exefile\DefaultIcon: <===== ATTENTION!
HKLM\...\exefile\open\command: <===== ATTENTION!

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 3966.49 MB
Available physical RAM: 3546.83 MB
Total Pagefile: 3964.77 MB
Available Pagefile: 3541.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.62 MB

======================= Partitions =========================

2 Drive d: (Old Drive Only) (Fixed) (Total:232.88 GB) (Free:179.21 GB) NTFS
3 Drive e: (System Disk - not docs) (Fixed) (Total:100 GB) (Free:13.44 GB) NTFS
4 Drive f: (Data Volume - docs go here) (Fixed) (Total:365.66 GB) (Free:327.75 GB) NTFS
6 Drive h: (PHOTOSTORAG) (Fixed) (Total:465.65 GB) (Free:355.12 GB) FAT32
7 Drive i: () (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

======================= End Of Log ==========================

#14 MCBeekeeper

MCBeekeeper
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 09 July 2012 - 11:28 AM

I don't know if this is significant, but looking at the "Partitions" list and the drive list after I rebooted, I can see that the drive labeling changed between the FRST scan and the Win 7 Professional reboot. In Win 7, the disks are labeled as follows:
C: System Disk - not docs
D: Data Volume - docs go here
E: Old Drive Only
(no F:)
G: PHOTOSTORAGE
H: Removable Disk
(no I:)
(no X:)
Y: mapped directory on drive d:



All of the files listed in the "Bamital & volsnap Check" section of the report DO exist when booted with Win 7.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:13 AM

Posted 09 July 2012 - 01:46 PM

Were you running the Farbar Recovery Scan Tool in safe mode?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users