Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan horse Dropper.Generic c.MMI


  • This topic is locked This topic is locked
70 replies to this topic

#1 kp31

kp31

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 09 July 2012 - 03:38 PM

Hello,

I have been searching for a fix for this since yesterday to no avail. I have run Malware-bytes, AVG scan, and SUPER Anti-Spyware as well. AVG is detecting it as well as multiple tracking cookies. Any help would be greatly appreciated.

Thanks.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_32
Run by Frankris at 12:47:53 on 2012-07-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.1766 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\System32\M-AudioTaskBarIcon.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Users\Frankris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\SysWOW64\CTXFISPI.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k SDRSVC
C:\Users\Frankris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\windows\system32\conhost.exe
C:\windows\explorer.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\taskeng.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [PCShowServer] "C:\Users\Frankris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
mRun: [<NO NAME>]
mRun: [LenovoFSC] "C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe"
mRun: [jmekey] "C:\Program Files (x86)\jmesoft\hotkey.exe"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Nikon Message Center 2] "C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" -s
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [CTxfiHlp] "CTXFIHLP.EXE"
mRun: [UpdReg] "C:\windows\UpdReg.EXE"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube Download - C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Turbo%20Pizza/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Turbo%20Pizza/Images/armhelper.ocx
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
TCP: DhcpNameServer = 192.168.10.1
TCP: Interfaces\{041F5F5B-6D04-47BA-A5A4-AB36083EF42D} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F36BC562-2113-4EE5-B242-44317B670513} : DhcpNameServer = 192.168.10.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
BHO-X64: Swag Bucks - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
mRun-x64: [(Default)]
mRun-x64: [LenovoFSC] "C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe"
mRun-x64: [jmekey] "C:\Program Files (x86)\jmesoft\hotkey.exe"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [Nikon Message Center 2] "C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" -s
mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun-x64: [CTxfiHlp] "CTXFIHLP.EXE"
mRun-x64: [UpdReg] "C:\windows\UpdReg.EXE"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Frankris\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\Frankris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-4-1 517632]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-1-16 11576]
R2 WajamUpdater;WajamUpdater;C:\Program Files\Wajam\Updater\WajamUpdater.exe [2012-3-9 109064]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\windows\system32\drivers\CT20XUT.SYS --> C:\windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\windows\system32\drivers\CTEXFIFX.SYS --> C:\windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\windows\system32\drivers\CTHWIUT.SYS --> C:\windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\windows\system32\drivers\ha20x22k.sys --> C:\windows\system32\drivers\ha20x22k.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SuperIO;Lenovo ASD HWM Driver;C:\windows\system32\DRIVERS\spio.sys --> C:\windows\system32\DRIVERS\spio.sys [?]
R3 USTOR2K;USB Mass Storage Windows Driver;C:\windows\system32\DRIVERS\ustor2k.sys --> C:\windows\system32\DRIVERS\ustor2k.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-11 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-3 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-3 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-7-3 79360]
S3 CT20XUT;CT20XUT;C:\windows\system32\drivers\CT20XUT.SYS --> C:\windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\windows\system32\drivers\CTEXFIFX.SYS --> C:\windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\windows\system32\drivers\CTHWIUT.SYS --> C:\windows\system32\drivers\CTHWIUT.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-11 136176]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MAUSBPRODUCER;Service for M-Audio Producer;C:\windows\system32\DRIVERS\MAudioProducer.sys --> C:\windows\system32\DRIVERS\MAudioProducer.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-8 113120]
S3 netr7364;Netopia RT73 Wireless Driver for Vista;C:\windows\system32\DRIVERS\netr7364.sys --> C:\windows\system32\DRIVERS\netr7364.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\system32\DRIVERS\Rtnic64.sys --> C:\windows\system32\DRIVERS\Rtnic64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-08 15:34:33 -------- d-----w- C:\Users\Frankris\AppData\Roaming\SUPERAntiSpyware.com
2012-07-08 15:34:03 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-08 15:34:03 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-07 20:34:19 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-06-27 03:47:16 -------- d-----w- C:\pra
2012-06-23 23:18:50 -------- d-----w- C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers
2012-06-23 23:17:27 405176 ----a-w- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-23 23:17:23 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft
2012-06-23 23:17:23 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVIDEOSOFT
2012-06-23 23:16:58 -------- d-----w- C:\Users\Frankris\AppData\Roaming\DVDVideoSoft
2012-06-23 23:09:14 -------- d-----w- C:\Users\Frankris\AppData\Roaming\AnvSoft
2012-06-19 12:07:34 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-19 12:07:27 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-19 12:07:20 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-19 12:07:20 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-17 04:28:51 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2012-06-13 21:08:48 -------- d-----w- C:\Users\Frankris\AppData\Roaming\webex
2012-06-13 19:01:57 -------- d-----w- C:\ProgramData\WebEx
2012-06-13 19:01:55 215864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
2012-06-13 13:40:50 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-06-13 13:40:49 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-13 13:40:49 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-06-13 13:40:42 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-06-13 13:40:40 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-06-13 13:40:39 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 13:40:39 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-06-13 13:40:26 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-06-13 13:39:56 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-06-13 13:39:55 3216384 ----a-w- C:\windows\System32\msi.dll
2012-06-13 13:39:55 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-06-13 13:39:42 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-06-13 13:39:42 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-06-13 13:39:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-06-13 13:39:42 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-06-13 13:39:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-06-13 13:39:41 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-05 12:43:51 476960 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2012-05-05 12:43:51 472864 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-01 02:49:58 510 ----a-w- C:\Program Files (x86)\0131201220495838.bat
2011-06-26 00:40:20 481 ----a-w- C:\Program Files (x86)\0625201118402054.bat
.
============= FINISH: 12:48:19.48 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 10 July 2012 - 12:27 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 12 July 2012 - 11:59 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 13 July 2012 - 02:54 AM

Yes I do! I am sorry, I signed up to watch the thread and receive immediate notification but unfortunately your bump was the only notification I received. I am reviewing the previous post and will be back with you shortly. Thank you!

#5 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 13 July 2012 - 03:18 AM

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 13-07-2012 02:12:04
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] "C:\windows\system32\igfxtray.exe" [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] "C:\windows\system32\hkcmd.exe" [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] "C:\windows\system32\igfxpers.exe" [415256 2010-08-25] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\windows\system32\M-AudioTaskBarIcon.exe [798216 2009-09-02] (Avid Technology, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [LenovoFSC] "C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe" [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\Run: [jmekey] "C:\Program Files (x86)\jmesoft\hotkey.exe" [114688 2009-07-16] (JME)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Nikon Message Center 2] "C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" -s [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [CTxfiHlp] "CTXFIHLP.EXE" [x]
HKLM-x32\...\Run: [UpdReg] "C:\windows\UpdReg.EXE" [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [585728 2011-01-07] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [393640 2011-11-30] ()
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKLM-x32\...\Run: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [380416 2012-01-04] ()
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-23] (Avid Technology, Inc..)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Frankris\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKU\Frankris\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-07-11] (Google Inc.)
HKU\Frankris\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Frankris\...\Run: [PCShowServer] "C:\Users\Frankris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [351888 2012-04-02] (NDS Technologies)
HKU\Frankris\...\Run: [Apps] rundll32.exe "C:\Users\Frankris\AppData\Local\ArcSoft\Apps\axzxljy.dll",CreateInstance [665088 2012-07-12] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2011-07-03] (Creative Labs)
2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -s [77824 2010-06-23] (Avid Technology, Inc..)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-04-30] (Alcatel-Lucent)
2 WajamUpdater; "C:\Program Files\Wajam\Updater\WajamUpdater.exe" [109064 2012-03-09] (Wajam)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
3 GEARAspiWDM; C:\Windows\SysWow64\Drivers\GEARAspiWDM.sys [15664 2011-08-10] (GEAR Software Inc.)
3 ha20x22k; C:\Windows\System32\Drivers\ha20x22k.sys [1612888 2010-07-07] (Creative Technology Ltd)
3 MAUSBPRODUCER; C:\Windows\System32\DRIVERS\MAudioProducer.sys [187912 2009-09-02] (Avid Technology, Inc.)
3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-02-06] (Samsung Electronics)
3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
3 USTOR2K; C:\Windows\System32\Drivers\USTOR2K.sys [52224 2010-02-21] (Genesys Logic)
2 DgiVecp; \??\C:\windows\system32\Drivers\DgiVecp.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-12 23:59 - 2012-07-12 23:59 - 00001879 ____A C:\Users\Frankris\Documents\trojan dropper instructions.txt
2012-07-12 23:57 - 2012-07-12 23:57 - 01434551 ____A (Farbar) C:\Users\Frankris\Downloads\FRST64.exe
2012-07-12 07:30 - 2012-07-13 00:03 - 00000112 ____A C:\Windows\setupact.log
2012-07-12 07:30 - 2012-07-12 07:30 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 01:05 - 2012-07-12 01:05 - 00264856 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 01:05 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:31 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-11 03:31 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-11 03:31 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 03:31 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 03:31 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-11 03:31 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-11 03:31 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 03:31 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-11 03:30 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 03:30 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-11 03:30 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 03:30 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 03:30 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 03:30 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 03:30 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 03:30 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-11 03:30 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-11 03:30 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-11 03:30 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-09 13:17 - 2012-07-12 07:34 - 00000000 ____D C:\Users\Frankris\AppData\Local\Apps\Apple Computer
2012-07-09 10:46 - 2012-07-09 10:47 - 00607260 ____R (Swearware) C:\Users\Frankris\Desktop\dds.scr
2012-07-08 21:41 - 2012-07-08 21:41 - 00607260 ____R (Swearware) C:\Users\Frankris\Downloads\dds(1).scr
2012-07-08 21:41 - 2012-07-08 21:41 - 00607260 ____A (Swearware) C:\Users\Frankris\Downloads\dds.scr
2012-07-08 20:45 - 2012-07-08 20:45 - 00007605 ____A C:\Users\Frankris\AppData\Local\Resmon.ResmonCfg
2012-07-08 09:01 - 2012-07-08 09:01 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-08 07:34 - 2012-07-08 07:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-07-08 07:34 - 2012-07-08 07:34 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-08 07:34 - 2012-07-08 07:34 - 00000000 ____D C:\Users\Frankris\AppData\Roaming\SUPERAntiSpyware.com
2012-07-08 07:34 - 2012-07-08 07:34 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-07-08 07:28 - 2012-07-08 07:28 - 00739856 ____A (Google Inc.) C:\Users\Frankris\Downloads\ChromeSetup.exe
2012-07-08 07:24 - 2012-07-08 07:26 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Frankris\Downloads\SUPERAntiSpyware.exe
2012-07-07 12:34 - 2012-07-07 12:34 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-26 19:47 - 2012-06-26 20:45 - 00000000 ____D C:\pra
2012-06-26 07:32 - 2012-06-26 07:32 - 00000000 ____A C:\Users\Frankris\Downloads\home.asp
2012-06-25 14:04 - 2012-06-25 14:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-25 07:47 - 2012-06-25 18:05 - 00005443 ____A C:\Users\Frankris\Documents\text resume kris.txt
2012-06-25 07:46 - 2012-06-25 07:47 - 00005354 ____A C:\Users\Frankris\Documents\resume.txt
2012-06-23 15:18 - 2012-06-23 15:18 - 00001239 ____A C:\Users\Frankris\Desktop\DVDVideoSoft Free Studio.lnk
2012-06-23 15:18 - 2012-06-23 15:18 - 00000000 ____D C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers
2012-06-23 15:17 - 2012-06-23 15:17 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-06-23 15:17 - 2012-05-22 13:47 - 00405176 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-06-23 15:16 - 2012-06-23 15:30 - 00000000 ____D C:\Users\Frankris\AppData\Roaming\DVDVideoSoft
2012-06-23 15:12 - 2012-06-23 15:16 - 70266936 ____A (DVDVideoSoft Ltd. ) C:\Users\Frankris\Downloads\FreeStudio.exe
2012-06-23 15:09 - 2012-06-23 15:09 - 00000000 ____D C:\Users\Frankris\Documents\Any Video Converter
2012-06-23 15:09 - 2012-06-23 15:09 - 00000000 ____D C:\Users\Frankris\AppData\Roaming\AnvSoft
2012-06-23 15:05 - 2012-06-23 15:07 - 29533072 ____A (Any-Video-Converter.com ) C:\Users\Frankris\Downloads\avc-free.exe
2012-06-23 14:47 - 2012-06-23 14:47 - 00001943 ____A C:\Users\Frankris\Desktop\Create Your Own Video Screensaver!.lnk
2012-06-23 14:47 - 2012-06-23 14:47 - 00001938 ____A C:\Users\Frankris\Desktop\Free Dolphin Screensaver.lnk
2012-06-23 14:47 - 2012-06-23 14:47 - 00001928 ____A C:\Users\Frankris\Desktop\Free Games!!.lnk
2012-06-21 06:04 - 2012-06-21 06:05 - 00067163 ____A C:\Users\Frankris\Documents\Reading log.xlsx
2012-06-19 04:07 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-19 04:07 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-19 04:07 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-19 04:07 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-19 04:07 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-19 04:07 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-19 04:07 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-19 04:07 - 2012-06-02 13:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-19 04:07 - 2012-06-02 13:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-16 20:31 - 2012-06-16 22:28 - 00000000 ____D C:\Users\Frankris\Documents\Kris HTC Dox
2012-06-16 20:28 - 2012-06-16 20:28 - 00000000 ____D C:\Program Files (x86)\Spirent Communications
2012-06-13 14:46 - 2012-06-13 14:46 - 00924600 ____A (Mozilla Corporation) C:\Users\Frankris\Downloads\Mozilla Firefox.lnk
2012-06-13 13:08 - 2012-06-13 13:08 - 00000000 ____D C:\Users\Frankris\AppData\Roaming\webex
2012-06-13 11:01 - 2012-06-13 11:02 - 00000000 ____D C:\Users\All Users\WebEx
2012-06-13 05:42 - 2012-04-16 21:31 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 05:42 - 2012-04-16 20:34 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 05:41 - 2012-05-14 20:01 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 05:41 - 2012-05-14 19:59 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 05:41 - 2012-05-14 19:03 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 05:41 - 2012-05-14 19:00 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 05:41 - 2012-04-19 21:42 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 05:41 - 2012-04-19 21:00 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 05:41 - 2012-04-19 21:00 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 05:41 - 2012-04-19 20:57 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 05:41 - 2012-04-19 20:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-13 05:41 - 2012-04-19 20:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 05:41 - 2012-04-19 20:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 05:41 - 2012-04-19 20:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 05:41 - 2012-04-19 20:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 05:41 - 2012-04-19 19:45 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 05:41 - 2012-04-19 19:16 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 05:40 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 05:40 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 05:40 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 05:40 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 05:40 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 05:40 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 05:40 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 05:39 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 05:39 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 05:39 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 05:39 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 05:39 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 05:39 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 05:39 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 05:39 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 05:39 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files ========================

2012-07-13 00:03 - 2012-07-12 07:30 - 00000112 ____A C:\Windows\setupact.log
2012-07-13 00:03 - 2011-07-11 19:13 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-13 00:03 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-13 00:01 - 2011-12-11 15:50 - 01983984 ____A C:\Windows\WindowsUpdate.log
2012-07-13 00:00 - 2009-07-13 21:13 - 00727334 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 23:59 - 2012-07-12 23:59 - 00001879 ____A C:\Users\Frankris\Documents\trojan dropper instructions.txt
2012-07-12 23:59 - 2011-01-16 08:40 - 00000099 ____A C:\Users\Public\LMDebug.log
2012-07-12 23:57 - 2012-07-12 23:57 - 01434551 ____A (Farbar) C:\Users\Frankris\Downloads\FRST64.exe
2012-07-12 23:52 - 2011-07-11 19:13 - 00000902 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 07:38 - 2009-07-13 20:45 - 00017952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 07:38 - 2009-07-13 20:45 - 00017952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 07:30 - 2012-07-12 07:30 - 00000000 ____A C:\Windows\setuperr.log
2012-07-12 07:30 - 2009-07-13 20:45 - 00298008 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 07:29 - 2011-07-03 20:21 - 00001080 ____A C:\Windows\System32\settingsbkup.sfm
2012-07-12 07:29 - 2011-07-03 20:21 - 00001080 ____A C:\Windows\System32\settings.sfm
2012-07-12 01:05 - 2012-07-12 01:05 - 00264856 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 01:02 - 2011-11-18 01:25 - 00002340 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-07-12 01:01 - 2011-02-19 10:27 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-09 10:47 - 2012-07-09 10:46 - 00607260 ____R (Swearware) C:\Users\Frankris\Desktop\dds.scr
2012-07-08 21:41 - 2012-07-08 21:41 - 00607260 ____R (Swearware) C:\Users\Frankris\Downloads\dds(1).scr
2012-07-08 21:41 - 2012-07-08 21:41 - 00607260 ____A (Swearware) C:\Users\Frankris\Downloads\dds.scr
2012-07-08 20:45 - 2012-07-08 20:45 - 00007605 ____A C:\Users\Frankris\AppData\Local\Resmon.ResmonCfg
2012-07-08 12:32 - 2011-12-11 14:23 - 00035515 ____A C:\Users\Frankris\Desktop\avgrep.txt
2012-07-08 09:01 - 2012-07-08 09:01 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-07-08 07:34 - 2012-07-08 07:34 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-07-08 07:28 - 2012-07-08 07:28 - 00739856 ____A (Google Inc.) C:\Users\Frankris\Downloads\ChromeSetup.exe
2012-07-08 07:26 - 2012-07-08 07:24 - 17246464 ____A (SUPERAntiSpyware.com) C:\Users\Frankris\Downloads\SUPERAntiSpyware.exe
2012-06-26 07:32 - 2012-06-26 07:32 - 00000000 ____A C:\Users\Frankris\Downloads\home.asp
2012-06-25 18:05 - 2012-06-25 07:47 - 00005443 ____A C:\Users\Frankris\Documents\text resume kris.txt
2012-06-25 14:04 - 2012-06-25 14:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-25 07:47 - 2012-06-25 07:46 - 00005354 ____A C:\Users\Frankris\Documents\resume.txt
2012-06-24 17:12 - 2011-03-05 09:57 - 00040448 ____A C:\Users\Frankris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-23 15:18 - 2012-06-23 15:18 - 00001239 ____A C:\Users\Frankris\Desktop\DVDVideoSoft Free Studio.lnk
2012-06-23 15:16 - 2012-06-23 15:12 - 70266936 ____A (DVDVideoSoft Ltd. ) C:\Users\Frankris\Downloads\FreeStudio.exe
2012-06-23 15:07 - 2012-06-23 15:05 - 29533072 ____A (Any-Video-Converter.com ) C:\Users\Frankris\Downloads\avc-free.exe
2012-06-23 14:47 - 2012-06-23 14:47 - 00001943 ____A C:\Users\Frankris\Desktop\Create Your Own Video Screensaver!.lnk
2012-06-23 14:47 - 2012-06-23 14:47 - 00001938 ____A C:\Users\Frankris\Desktop\Free Dolphin Screensaver.lnk
2012-06-23 14:47 - 2012-06-23 14:47 - 00001928 ____A C:\Users\Frankris\Desktop\Free Games!!.lnk
2012-06-21 15:27 - 2012-01-29 11:23 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-21 06:05 - 2012-06-21 06:04 - 00067163 ____A C:\Users\Frankris\Documents\Reading log.xlsx
2012-06-13 14:48 - 2011-02-20 06:54 - 00001615 ____A C:\Users\Frankris\Desktop\DivX Movies.lnk
2012-06-13 14:46 - 2012-06-13 14:46 - 00924600 ____A (Mozilla Corporation) C:\Users\Frankris\Downloads\Mozilla Firefox.lnk
2012-06-12 20:07 - 2012-06-12 18:25 - 00015008 ____A C:\Users\Frankris\Documents\Household Budget.xlsx
2012-06-11 19:08 - 2012-07-12 01:05 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 03:31 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 03:31 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 17:31 - 2012-06-07 17:30 - 15603168 ____A (DIRECTV) C:\Users\Frankris\Downloads\DIRECTV_Player_4.00.exe
2012-06-06 13:50 - 2011-01-15 11:28 - 00067728 ____A C:\Users\Frankris\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-06 10:57 - 2012-06-06 10:57 - 00007586 ____A C:\Users\Frankris\Downloads\WinDefend.reg
2012-06-06 10:57 - 2012-06-06 10:57 - 00005256 ____A C:\Users\Frankris\Downloads\wscsvc.reg
2012-06-06 10:48 - 2012-06-06 10:48 - 00176940 ____A C:\Users\Frankris\Downloads\BFE.reg
2012-06-06 10:48 - 2012-06-06 10:48 - 00006396 ____A C:\Users\Frankris\Downloads\MpsSvc.reg
2012-06-06 10:37 - 2012-06-06 10:37 - 00000198 ____A C:\Users\Frankris\Desktop\Repair.bat
2012-06-05 22:06 - 2012-07-11 03:31 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 03:31 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 03:30 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 03:31 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 03:31 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 03:30 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-19 04:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-19 04:07 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-19 04:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-19 04:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-19 04:07 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-19 04:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-19 04:07 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 13:19 - 2012-06-19 04:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 13:15 - 2012-06-19 04:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-11 03:30 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 03:30 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 03:30 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 03:30 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 03:30 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 03:30 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 03:30 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 03:30 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 03:30 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-22 13:47 - 2012-06-23 15:17 - 00405176 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-05-22 05:20 - 2011-06-27 17:15 - 00002211 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-05-14 20:01 - 2012-06-13 05:41 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:59 - 2012-06-13 05:41 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:03 - 2012-06-13 05:41 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:00 - 2012-06-13 05:41 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-13 16:39 - 2012-05-13 16:39 - 00404992 ____A C:\Users\Frankris\Downloads\WorldWinnerGamesInstaller-1.10.0.25.msi
2012-05-05 04:43 - 2012-05-05 04:43 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-05 04:43 - 2012-05-05 04:43 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-05 04:43 - 2012-05-05 04:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-05 04:43 - 2012-05-05 04:43 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-05 04:43 - 2011-06-20 20:48 - 00530824 ____A C:\Users\Public\Documents\at home time card.xlsx
2012-05-05 04:43 - 2011-02-19 10:29 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 11:58 - 2012-05-04 11:58 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Frankris\Downloads\jxpiinstall(2).exe
2012-05-04 11:55 - 2012-05-04 11:55 - 00909088 ____A (Sun Microsystems, Inc.) C:\Users\Frankris\Downloads\jxpiinstall(1).exe
2012-05-04 03:06 - 2012-06-13 05:40 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 05:40 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 05:40 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 09:31 - 2012-05-01 09:31 - 01628200 ____A (Inbox.com, Inc. ) C:\Users\Frankris\Downloads\MapsSetup.exe
2012-04-30 21:40 - 2012-06-13 05:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 05:39 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 05:40 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 05:40 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 05:40 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 05:39 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 05:39 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 05:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 05:39 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 05:39 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 05:39 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-21 21:37 - 2012-04-21 21:37 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\Frankris\Downloads\jxpiinstall.exe
2012-04-19 21:42 - 2012-06-13 05:41 - 12297216 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 09059840 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 02454528 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 01494016 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-19 21:42 - 2012-06-13 05:41 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-19 21:00 - 2012-06-13 05:41 - 01231360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-19 21:00 - 2012-06-13 05:41 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-19 20:57 - 2012-06-13 05:41 - 06027776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-19 20:57 - 2012-06-13 05:41 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-19 20:57 - 2012-06-13 05:41 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-19 20:56 - 2012-06-13 05:41 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-19 20:56 - 2012-06-13 05:41 - 02073600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-19 20:56 - 2012-06-13 05:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-19 19:45 - 2012-06-13 05:41 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-19 19:16 - 2012-06-13 05:41 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-16 21:31 - 2012-06-13 05:42 - 00918016 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-16 20:34 - 2012-06-13 05:42 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll


ZeroAccess:
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\L
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\L\00000004.@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\L\1afb2d56
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\L\201d3dde
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U\00000004.@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U\00000008.@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U\000000cb.@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U\80000000.@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U\80000032.@
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U\80000064.@

ZeroAccess:
C:\Users\Frankris\AppData\Local\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}
C:\Users\Frankris\AppData\Local\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\@
C:\Users\Frankris\AppData\Local\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\L
C:\Users\Frankris\AppData\Local\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4061.18 MB
Available physical RAM: 3429.68 MB
Total Pagefile: 4059.32 MB
Available Pagefile: 3428.02 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:906.34 GB) (Free:788.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
7 Drive j: (My Passport) (Fixed) (Total:465.73 GB) (Free:220.27 GB) NTFS
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 465 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 906 GB 101 MB
Partition 3 OEM 25 GB 906 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 906 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 LENOVO_PART NTFS Partition 25 GB Healthy Hidden

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 5
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J My Passport NTFS Partition 465 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 18:47

======================= End Of Log ==========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 13 July 2012 - 12:36 PM

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 13 July 2012 - 04:48 PM

Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 2012-07-13 15:41:27
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 13 July 2012 - 05:28 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}
C:\Users\Frankris\AppData\Local\{e8d1677a-2fbc-1d61-0392-40a5e27546b4}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 13 July 2012 - 06:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-13 17:28:37 Run:1
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{e8d1677a-2fbc-1d61-0392-40a5e27546b4} moved successfully.
C:\Users\Frankris\AppData\Local\{e8d1677a-2fbc-1d61-0392-40a5e27546b4} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 13 July 2012 - 07:33 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 July 2012 - 12:46 AM

I have attached to combofix log below. I didn't experience any issues while running it. After the reboot, I went to a couple of websites to see if I would be redirected or get alerts from AVG as before and so far none!

ComboFix 12-07-13.03 - Frankris 07/13/2012 23:22:55.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2817 [GMT -6:00]
Running from: c:\users\Frankris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Search Toolbar
c:\users\Frankris\AppData\Local\ArcSoft\Apps\axzxljy.dll
c:\users\Frankris\Desktop\Internet Explorer.lnk
c:\users\Frankris\Desktop\Setup.exe
c:\users\Public\Documents\~WRL3536.tmp
c:\users\Public\Documents\~WRL3626.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 )))))))))))))))))))))))))))))))
.
.
2012-07-13 10:11 . 2012-07-13 10:12 -------- d-----w- C:\FRST
2012-07-12 09:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 11:31 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 11:31 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 11:31 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 11:31 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 11:31 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 11:31 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-08 17:01 . 2012-06-14 22:20 867072 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-07-08 15:34 . 2012-07-08 15:34 -------- d-----w- c:\users\Frankris\AppData\Roaming\SUPERAntiSpyware.com
2012-07-08 15:34 . 2012-07-08 15:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-08 15:34 . 2012-07-08 15:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-07 20:34 . 2012-07-07 20:34 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-27 03:47 . 2012-06-27 04:45 -------- d-----w- C:\pra
2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-23 23:17 . 2012-05-22 21:47 405176 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-06-23 23:17 . 2012-06-23 23:17 -------- d-----w- c:\program files (x86)\Common Files\DVDVIDEOSOFT
2012-06-23 23:17 . 2012-06-23 23:17 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-06-23 23:16 . 2012-06-23 23:30 -------- d-----w- c:\users\Frankris\AppData\Roaming\DVDVideoSoft
2012-06-23 23:09 . 2012-06-23 23:09 -------- d-----w- c:\users\Frankris\AppData\Roaming\AnvSoft
2012-06-19 12:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:07 . 2012-06-02 21:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:07 . 2012-06-02 21:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 04:28 . 2012-06-17 04:28 -------- d-----w- c:\program files (x86)\Spirent Communications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 01:32 . 2012-06-08 01:32 63080 ----a-r- c:\users\Frankris\AppData\Roaming\Microsoft\Installer\{5F3783B7-F809-45A7-8A92-A44B441FDA7C}\ARPPRODUCTICON.exe
2012-05-15 04:01 . 2012-06-13 13:41 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:03 . 2012-06-13 13:41 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-05 12:43 . 2012-05-05 12:43 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-05 12:43 . 2011-02-19 18:29 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 13:40 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 13:40 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 13:40 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 13:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 13:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 13:40 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 13:40 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 13:40 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 13:39 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 13:39 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 13:39 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 13:39 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 13:39 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 13:39 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45 . 2012-06-13 13:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-20 03:16 . 2012-06-13 13:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-01 02:49 . 2012-02-01 02:49 510 ----a-w- c:\program files (x86)\0131201220495838.bat
2011-06-26 00:40 . 2011-06-26 00:40 481 ----a-w- c:\program files (x86)\0625201118402054.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-12 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"PCShowServer"="c:\users\Frankris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-26 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-08 585728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-11-30 393640]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Philips Device Listener"="c:\program files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-01-05 380416]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-24 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 136176]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-04 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2011-07-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-07 230488]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-07 95320]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 32768]
R3 MAUSBPRODUCER;Service for M-Audio Producer;c:\windows\system32\DRIVERS\MAudioProducer.sys [2009-09-02 187912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 netr7364;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-16 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-08-03 11576]
S2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-07 230488]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-07 1445976]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-07 95320]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-07 1612888]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys [2009-06-06 11848]
S3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\DRIVERS\ustor2k.sys [2010-02-22 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 03:13]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 03:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-05 8060960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-09-02 798216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.10.1
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-Apps - c:\users\Frankris\AppData\Local\ArcSoft\Apps\axzxljy.dll
Wow6432Node-HKU-Default-Run-Apps - c:\users\Frankris\AppData\Local\ArcSoft\Apps\axzxljy.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=hex:51,66,7a,6c,4c,1d,38,12,81,47,e9,
25,5f,79,3d,08,e4,19,c9,c9,d6,7c,d4,7c
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}"=hex:51,66,7a,6c,4c,1d,38,12,ae,8e,49,
e5,24,cb,cf,07,fe,fc,9f,d4,e9,44,8b,04
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=hex:51,66,7a,6c,4c,1d,38,12,e0,a3,9c,
e7,58,bb,07,04,d4,e3,1f,31,e6,9f,17,b5
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:eb,13,0c,2c,58,f0,cb,01
.
[HKEY_USERS\S-1-5-21-315945536-1523150895-4108563598-1002\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**x{*s]
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:50004d5f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\users\Frankris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\SysWOW64\CTXFISPI.EXE
.
**************************************************************************
.
Completion time: 2012-07-13 23:34:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-14 05:34
.
Pre-Run: 845,828,186,112 bytes free
Post-Run: 845,662,568,448 bytes free
.
- - End Of File - - 53A9AB380102B7919A4A627F0D75CE70

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 14 July 2012 - 11:19 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 July 2012 - 01:13 PM

I have attached both reports below. Just to update post Combofix from last night. The PC is still not alerting me of any tracking cookies or virus anymore, but I am still being redirected occasionally to junk sites....In addition, after I finished running the aswMBR, I got a blue screen saying that windows experienced a problem and had to be shut down and then it automatically rebooted.

11:44:27.0171 7108 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:44:27.0525 7108 ============================================================
11:44:27.0525 7108 Current date / time: 2012/07/14 11:44:27.0525
11:44:27.0525 7108 SystemInfo:
11:44:27.0525 7108
11:44:27.0525 7108 OS Version: 6.1.7601 ServicePack: 1.0
11:44:27.0525 7108 Product type: Workstation
11:44:27.0525 7108 ComputerName: FRANKRIS-PC
11:44:27.0525 7108 UserName: Frankris
11:44:27.0525 7108 Windows directory: C:\windows
11:44:27.0525 7108 System windows directory: C:\windows
11:44:27.0526 7108 Running under WOW64
11:44:27.0526 7108 Processor architecture: Intel x64
11:44:27.0526 7108 Number of processors: 2
11:44:27.0526 7108 Page size: 0x1000
11:44:27.0526 7108 Boot type: Normal boot
11:44:27.0526 7108 ============================================================
11:44:28.0342 7108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:44:28.0347 7108 ============================================================
11:44:28.0347 7108 \Device\Harddisk0\DR0:
11:44:28.0347 7108 MBR partitions:
11:44:28.0347 7108 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:44:28.0347 7108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x714AE800
11:44:28.0347 7108 ============================================================
11:44:28.0406 7108 C: <-> \Device\Harddisk0\DR0\Partition1
11:44:28.0407 7108 ============================================================
11:44:28.0407 7108 Initialize success
11:44:28.0407 7108 ============================================================
11:44:34.0543 5688 ============================================================
11:44:34.0543 5688 Scan started
11:44:34.0543 5688 Mode: Manual;
11:44:34.0543 5688 ============================================================
11:44:35.0276 5688 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
11:44:35.0278 5688 !SASCORE - ok
11:44:35.0400 5688 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
11:44:35.0411 5688 1394ohci - ok
11:44:35.0517 5688 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:44:35.0518 5688 ACDaemon - ok
11:44:35.0565 5688 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
11:44:35.0568 5688 ACPI - ok
11:44:35.0608 5688 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
11:44:35.0616 5688 AcpiPmi - ok
11:44:35.0657 5688 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:44:35.0657 5688 AdobeARMservice - ok
11:44:35.0694 5688 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
11:44:35.0699 5688 adp94xx - ok
11:44:35.0720 5688 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
11:44:35.0724 5688 adpahci - ok
11:44:35.0741 5688 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
11:44:35.0744 5688 adpu320 - ok
11:44:35.0770 5688 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
11:44:35.0771 5688 AeLookupSvc - ok
11:44:35.0835 5688 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
11:44:35.0839 5688 AFD - ok
11:44:35.0875 5688 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
11:44:35.0877 5688 agp440 - ok
11:44:35.0897 5688 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
11:44:35.0898 5688 ALG - ok
11:44:35.0912 5688 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
11:44:35.0913 5688 aliide - ok
11:44:35.0917 5688 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
11:44:35.0919 5688 amdide - ok
11:44:35.0945 5688 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
11:44:35.0947 5688 AmdK8 - ok
11:44:35.0956 5688 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
11:44:35.0958 5688 AmdPPM - ok
11:44:35.0995 5688 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
11:44:35.0997 5688 amdsata - ok
11:44:36.0012 5688 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
11:44:36.0015 5688 amdsbs - ok
11:44:36.0030 5688 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
11:44:36.0031 5688 amdxata - ok
11:44:36.0065 5688 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
11:44:36.0067 5688 AppID - ok
11:44:36.0089 5688 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
11:44:36.0090 5688 AppIDSvc - ok
11:44:36.0119 5688 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
11:44:36.0120 5688 Appinfo - ok
11:44:36.0204 5688 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:44:36.0205 5688 Apple Mobile Device - ok
11:44:36.0240 5688 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
11:44:36.0242 5688 arc - ok
11:44:36.0256 5688 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
11:44:36.0258 5688 arcsas - ok
11:44:36.0283 5688 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
11:44:36.0283 5688 AsyncMac - ok
11:44:36.0297 5688 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
11:44:36.0297 5688 atapi - ok
11:44:36.0477 5688 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\drivers\atikmdag.sys
11:44:36.0546 5688 atikmdag - ok
11:44:36.0671 5688 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:44:36.0677 5688 AudioEndpointBuilder - ok
11:44:36.0684 5688 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
11:44:36.0688 5688 AudioSrv - ok
11:44:37.0087 5688 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
11:44:37.0153 5688 AVGIDSAgent - ok
11:44:37.0232 5688 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
11:44:37.0234 5688 AVGIDSDriver - ok
11:44:37.0265 5688 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
11:44:37.0266 5688 AVGIDSEH - ok
11:44:37.0277 5688 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
11:44:37.0278 5688 AVGIDSFilter - ok
11:44:37.0317 5688 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
11:44:37.0320 5688 Avgldx64 - ok
11:44:37.0362 5688 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
11:44:37.0363 5688 Avgmfx64 - ok
11:44:37.0397 5688 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
11:44:37.0399 5688 Avgrkx64 - ok
11:44:37.0431 5688 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
11:44:37.0435 5688 Avgtdia - ok
11:44:37.0477 5688 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:44:37.0478 5688 avgwd - ok
11:44:37.0533 5688 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
11:44:37.0535 5688 AxInstSV - ok
11:44:37.0589 5688 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
11:44:37.0594 5688 b06bdrv - ok
11:44:37.0646 5688 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
11:44:37.0649 5688 b57nd60a - ok
11:44:37.0689 5688 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
11:44:37.0691 5688 BDESVC - ok
11:44:37.0699 5688 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
11:44:37.0701 5688 Beep - ok
11:44:37.0776 5688 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
11:44:37.0782 5688 BFE - ok
11:44:37.0821 5688 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
11:44:37.0826 5688 BITS - ok
11:44:37.0866 5688 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
11:44:37.0868 5688 blbdrive - ok
11:44:37.0933 5688 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:44:37.0937 5688 Bonjour Service - ok
11:44:37.0974 5688 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
11:44:37.0976 5688 bowser - ok
11:44:37.0996 5688 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
11:44:37.0998 5688 BrFiltLo - ok
11:44:38.0005 5688 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
11:44:38.0006 5688 BrFiltUp - ok
11:44:38.0031 5688 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
11:44:38.0032 5688 BridgeMP - ok
11:44:38.0065 5688 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
11:44:38.0066 5688 Browser - ok
11:44:38.0091 5688 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
11:44:38.0094 5688 Brserid - ok
11:44:38.0113 5688 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
11:44:38.0114 5688 BrSerWdm - ok
11:44:38.0124 5688 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
11:44:38.0126 5688 BrUsbMdm - ok
11:44:38.0139 5688 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
11:44:38.0141 5688 BrUsbSer - ok
11:44:38.0160 5688 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
11:44:38.0162 5688 BTHMODEM - ok
11:44:38.0181 5688 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
11:44:38.0183 5688 bthserv - ok
11:44:38.0270 5688 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS
11:44:38.0272 5688 BVRPMPR5a64 - ok
11:44:38.0287 5688 catchme - ok
11:44:38.0303 5688 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
11:44:38.0305 5688 cdfs - ok
11:44:38.0347 5688 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
11:44:38.0349 5688 cdrom - ok
11:44:38.0394 5688 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:44:38.0395 5688 CertPropSvc - ok
11:44:38.0411 5688 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
11:44:38.0412 5688 circlass - ok
11:44:38.0438 5688 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
11:44:38.0442 5688 CLFS - ok
11:44:38.0504 5688 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:44:38.0506 5688 clr_optimization_v2.0.50727_32 - ok
11:44:38.0539 5688 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:44:38.0541 5688 clr_optimization_v2.0.50727_64 - ok
11:44:38.0630 5688 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:44:38.0632 5688 clr_optimization_v4.0.30319_32 - ok
11:44:38.0671 5688 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:44:38.0673 5688 clr_optimization_v4.0.30319_64 - ok
11:44:38.0688 5688 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
11:44:38.0690 5688 CmBatt - ok
11:44:38.0718 5688 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
11:44:38.0719 5688 cmdide - ok
11:44:38.0781 5688 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
11:44:38.0786 5688 CNG - ok
11:44:38.0798 5688 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
11:44:38.0800 5688 Compbatt - ok
11:44:38.0838 5688 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
11:44:38.0839 5688 CompositeBus - ok
11:44:38.0852 5688 COMSysApp - ok
11:44:38.0868 5688 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
11:44:38.0870 5688 crcdisk - ok
11:44:38.0957 5688 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
11:44:38.0958 5688 Creative ALchemy AL6 Licensing Service - ok
11:44:38.0987 5688 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
11:44:38.0988 5688 Creative Audio Engine Licensing Service - ok
11:44:39.0035 5688 Creative Media Toolbox 6 Licensing Service (d03466c36ef0e5c7694ff38b45271d9d) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe
11:44:39.0050 5688 Creative Media Toolbox 6 Licensing Service - ok
11:44:39.0092 5688 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
11:44:39.0094 5688 CryptSvc - ok
11:44:39.0138 5688 CT20XUT (148c9c111291c41d6b2abfb6fbb43856) C:\windows\system32\drivers\CT20XUT.SYS
11:44:39.0141 5688 CT20XUT - ok
11:44:39.0146 5688 CT20XUT.SYS (148c9c111291c41d6b2abfb6fbb43856) C:\windows\System32\drivers\CT20XUT.SYS
11:44:39.0147 5688 CT20XUT.SYS - ok
11:44:39.0187 5688 ctac32k (397fbd4454e5b2fb77e55d1013df548c) C:\windows\system32\drivers\ctac32k.sys
11:44:39.0193 5688 ctac32k - ok
11:44:39.0231 5688 ctaud2k (50a8cd4df066fe57d0c473a2645988cc) C:\windows\system32\drivers\ctaud2k.sys
11:44:39.0237 5688 ctaud2k - ok
11:44:39.0318 5688 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
11:44:39.0320 5688 CTAudSvcService - ok
11:44:39.0365 5688 CTEXFIFX (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\windows\system32\drivers\CTEXFIFX.SYS
11:44:39.0390 5688 CTEXFIFX - ok
11:44:39.0498 5688 CTEXFIFX.SYS (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\windows\System32\drivers\CTEXFIFX.SYS
11:44:39.0505 5688 CTEXFIFX.SYS - ok
11:44:39.0553 5688 CTHWIUT (ae78ca7ee865a28ac841211db655acf3) C:\windows\system32\drivers\CTHWIUT.SYS
11:44:39.0555 5688 CTHWIUT - ok
11:44:39.0560 5688 CTHWIUT.SYS (ae78ca7ee865a28ac841211db655acf3) C:\windows\System32\drivers\CTHWIUT.SYS
11:44:39.0561 5688 CTHWIUT.SYS - ok
11:44:39.0573 5688 ctprxy2k (757776e207ca5e71e4a16bd1260ae1f2) C:\windows\system32\drivers\ctprxy2k.sys
11:44:39.0574 5688 ctprxy2k - ok
11:44:39.0587 5688 ctsfm2k (9b111ee2f488a8d9c21a13ed4c777795) C:\windows\system32\drivers\ctsfm2k.sys
11:44:39.0590 5688 ctsfm2k - ok
11:44:39.0668 5688 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
11:44:39.0673 5688 cvhsvc - ok
11:44:39.0713 5688 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:44:39.0718 5688 DcomLaunch - ok
11:44:39.0757 5688 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
11:44:39.0769 5688 defragsvc - ok
11:44:39.0819 5688 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
11:44:39.0823 5688 DfsC - ok
11:44:39.0846 5688 DgiVecp - ok
11:44:39.0892 5688 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
11:44:39.0909 5688 Dhcp - ok
11:44:39.0959 5688 DigiRefresh - ok
11:44:39.0994 5688 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
11:44:39.0995 5688 discache - ok
11:44:40.0025 5688 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
11:44:40.0028 5688 Disk - ok
11:44:40.0066 5688 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
11:44:40.0068 5688 Dnscache - ok
11:44:40.0109 5688 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
11:44:40.0112 5688 dot3svc - ok
11:44:40.0126 5688 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
11:44:40.0128 5688 DPS - ok
11:44:40.0138 5688 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
11:44:40.0139 5688 drmkaud - ok
11:44:40.0267 5688 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
11:44:40.0277 5688 DXGKrnl - ok
11:44:40.0309 5688 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
11:44:40.0315 5688 EapHost - ok
11:44:40.0415 5688 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
11:44:40.0608 5688 ebdrv - ok
11:44:43.0008 5688 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
11:44:43.0009 5688 EFS - ok
11:44:43.0074 5688 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
11:44:43.0081 5688 ehRecvr - ok
11:44:43.0103 5688 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
11:44:43.0104 5688 ehSched - ok
11:44:43.0156 5688 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
11:44:43.0162 5688 elxstor - ok
11:44:43.0235 5688 emupia (683dcaf0d4efc3f95a32e8924849202d) C:\windows\system32\drivers\emupia2k.sys
11:44:43.0242 5688 emupia - ok
11:44:43.0274 5688 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
11:44:43.0276 5688 ErrDev - ok
11:44:43.0307 5688 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
11:44:43.0312 5688 EventSystem - ok
11:44:43.0334 5688 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
11:44:43.0338 5688 exfat - ok
11:44:43.0374 5688 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
11:44:43.0380 5688 fastfat - ok
11:44:43.0436 5688 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
11:44:43.0443 5688 Fax - ok
11:44:43.0482 5688 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
11:44:43.0483 5688 fdc - ok
11:44:43.0505 5688 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
11:44:43.0509 5688 fdPHost - ok
11:44:43.0521 5688 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
11:44:43.0522 5688 FDResPub - ok
11:44:43.0537 5688 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
11:44:43.0539 5688 FileInfo - ok
11:44:43.0548 5688 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
11:44:43.0549 5688 Filetrace - ok
11:44:43.0567 5688 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
11:44:43.0569 5688 flpydisk - ok
11:44:43.0612 5688 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
11:44:43.0616 5688 FltMgr - ok
11:44:43.0745 5688 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
11:44:43.0775 5688 FontCache - ok
11:44:43.0872 5688 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:44:43.0873 5688 FontCache3.0.0.0 - ok
11:44:43.0912 5688 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
11:44:43.0913 5688 FsDepends - ok
11:44:43.0955 5688 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
11:44:43.0957 5688 Fs_Rec - ok
11:44:43.0996 5688 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
11:44:43.0999 5688 fvevol - ok
11:44:44.0014 5688 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
11:44:44.0016 5688 gagp30kx - ok
11:44:44.0049 5688 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\Drivers\GEARAspiWDM.sys
11:44:44.0051 5688 GEARAspiWDM - ok
11:44:44.0087 5688 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
11:44:44.0094 5688 gpsvc - ok
11:44:44.0184 5688 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:44:44.0186 5688 gupdate - ok
11:44:44.0205 5688 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:44:44.0206 5688 gupdatem - ok
11:44:44.0255 5688 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:44:44.0257 5688 gusvc - ok
11:44:44.0330 5688 ha20x22k (076f366b87575adc7d152c7a34acb3dc) C:\windows\system32\drivers\ha20x22k.sys
11:44:44.0364 5688 ha20x22k - ok
11:44:44.0551 5688 ha20x2k (4a7533eb52dc9d1847e7f78dee1ce322) C:\windows\system32\drivers\ha20x2k.sys
11:44:44.0576 5688 ha20x2k - ok
11:44:44.0632 5688 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
11:44:44.0633 5688 hcw85cir - ok
11:44:44.0679 5688 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
11:44:44.0683 5688 HdAudAddService - ok
11:44:44.0723 5688 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
11:44:44.0724 5688 HDAudBus - ok
11:44:44.0739 5688 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
11:44:44.0740 5688 HidBatt - ok
11:44:44.0752 5688 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
11:44:44.0753 5688 HidBth - ok
11:44:44.0764 5688 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
11:44:44.0765 5688 HidIr - ok
11:44:44.0786 5688 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
11:44:44.0788 5688 hidserv - ok
11:44:44.0837 5688 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
11:44:44.0839 5688 HidUsb - ok
11:44:44.0919 5688 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
11:44:44.0921 5688 hkmsvc - ok
11:44:44.0961 5688 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
11:44:44.0965 5688 HomeGroupListener - ok
11:44:44.0990 5688 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
11:44:44.0993 5688 HomeGroupProvider - ok
11:44:45.0012 5688 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
11:44:45.0014 5688 HpSAMD - ok
11:44:45.0086 5688 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\windows\system32\Drivers\ANDROIDUSB.sys
11:44:45.0087 5688 HTCAND64 - ok
11:44:45.0150 5688 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
11:44:45.0157 5688 HTTP - ok
11:44:45.0183 5688 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
11:44:45.0184 5688 hwpolicy - ok
11:44:45.0227 5688 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
11:44:45.0236 5688 i8042prt - ok
11:44:45.0294 5688 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
11:44:45.0298 5688 iaStorV - ok
11:44:45.0380 5688 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:44:45.0382 5688 IDriverT - ok
11:44:45.0455 5688 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:44:45.0464 5688 idsvc - ok
11:44:45.0794 5688 igfx (677aa5991026a65ada128c4b59cf2bad) C:\windows\system32\DRIVERS\igdkmd64.sys
11:44:45.0940 5688 igfx - ok
11:44:46.0008 5688 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
11:44:46.0010 5688 iirsp - ok
11:44:46.0086 5688 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
11:44:46.0094 5688 IKEEXT - ok
11:44:46.0166 5688 IntcAzAudAddService (9aa6a93852e36fe76c3f7fc2904f3b01) C:\windows\system32\drivers\RTKVHD64.sys
11:44:46.0234 5688 IntcAzAudAddService - ok
11:44:46.0302 5688 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
11:44:46.0303 5688 intelide - ok
11:44:46.0325 5688 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
11:44:46.0326 5688 intelppm - ok
11:44:46.0351 5688 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
11:44:46.0353 5688 IPBusEnum - ok
11:44:46.0379 5688 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
11:44:46.0381 5688 IpFilterDriver - ok
11:44:46.0440 5688 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
11:44:46.0446 5688 iphlpsvc - ok
11:44:46.0478 5688 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
11:44:46.0479 5688 IPMIDRV - ok
11:44:46.0501 5688 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
11:44:46.0503 5688 IPNAT - ok
11:44:46.0589 5688 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
11:44:46.0597 5688 iPod Service - ok
11:44:46.0614 5688 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
11:44:46.0615 5688 IRENUM - ok
11:44:46.0661 5688 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
11:44:46.0662 5688 isapnp - ok
11:44:46.0696 5688 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
11:44:46.0699 5688 iScsiPrt - ok
11:44:46.0715 5688 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
11:44:46.0716 5688 kbdclass - ok
11:44:46.0751 5688 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
11:44:46.0760 5688 kbdhid - ok
11:44:46.0789 5688 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:44:46.0790 5688 KeyIso - ok
11:44:46.0823 5688 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
11:44:46.0825 5688 KSecDD - ok
11:44:46.0838 5688 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
11:44:46.0840 5688 KSecPkg - ok
11:44:46.0853 5688 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
11:44:46.0855 5688 ksthunk - ok
11:44:46.0875 5688 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
11:44:46.0880 5688 KtmRm - ok
11:44:46.0914 5688 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
11:44:46.0917 5688 LanmanServer - ok
11:44:46.0953 5688 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
11:44:46.0956 5688 LanmanWorkstation - ok
11:44:46.0966 5688 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
11:44:46.0968 5688 lltdio - ok
11:44:46.0987 5688 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
11:44:46.0991 5688 lltdsvc - ok
11:44:47.0008 5688 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
11:44:47.0009 5688 lmhosts - ok
11:44:47.0050 5688 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
11:44:47.0052 5688 LSI_FC - ok
11:44:47.0064 5688 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
11:44:47.0067 5688 LSI_SAS - ok
11:44:47.0079 5688 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
11:44:47.0081 5688 LSI_SAS2 - ok
11:44:47.0095 5688 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
11:44:47.0097 5688 LSI_SCSI - ok
11:44:47.0117 5688 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
11:44:47.0119 5688 luafv - ok
11:44:47.0160 5688 MAUSBPRODUCER (e5bea9f4ee3d55466459985a2376387b) C:\windows\system32\DRIVERS\MAudioProducer.sys
11:44:47.0162 5688 MAUSBPRODUCER - ok
11:44:47.0219 5688 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
11:44:47.0221 5688 McciCMService - ok
11:44:47.0273 5688 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
11:44:47.0278 5688 McciCMService64 - ok
11:44:47.0311 5688 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
11:44:47.0314 5688 Mcx2Svc - ok
11:44:47.0335 5688 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
11:44:47.0336 5688 megasas - ok
11:44:47.0358 5688 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
11:44:47.0362 5688 MegaSR - ok
11:44:47.0382 5688 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:44:47.0384 5688 MMCSS - ok
11:44:47.0394 5688 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
11:44:47.0395 5688 Modem - ok
11:44:47.0408 5688 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
11:44:47.0409 5688 monitor - ok
11:44:47.0443 5688 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
11:44:47.0444 5688 mouclass - ok
11:44:47.0842 5688 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
11:44:47.0879 5688 mouhid - ok
11:44:48.0028 5688 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
11:44:48.0030 5688 mountmgr - ok
11:44:48.0109 5688 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:44:48.0110 5688 MozillaMaintenance - ok
11:44:48.0143 5688 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
11:44:48.0145 5688 mpio - ok
11:44:48.0160 5688 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
11:44:48.0162 5688 mpsdrv - ok
11:44:48.0234 5688 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
11:44:48.0242 5688 MpsSvc - ok
11:44:48.0264 5688 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
11:44:48.0284 5688 MREMP50 - ok
11:44:48.0297 5688 MREMP50a64 - ok
11:44:48.0301 5688 MREMPR5 - ok
11:44:48.0306 5688 MRENDIS5 - ok
11:44:48.0341 5688 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
11:44:48.0350 5688 MRESP50 - ok
11:44:48.0353 5688 MRESP50a64 - ok
11:44:48.0401 5688 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
11:44:48.0403 5688 MRxDAV - ok
11:44:48.0445 5688 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
11:44:48.0447 5688 mrxsmb - ok
11:44:48.0486 5688 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
11:44:48.0489 5688 mrxsmb10 - ok
11:44:48.0503 5688 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
11:44:48.0505 5688 mrxsmb20 - ok
11:44:48.0537 5688 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
11:44:48.0538 5688 msahci - ok
11:44:48.0576 5688 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
11:44:48.0578 5688 msdsm - ok
11:44:48.0600 5688 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
11:44:48.0603 5688 MSDTC - ok
11:44:48.0629 5688 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
11:44:48.0631 5688 Msfs - ok
11:44:48.0649 5688 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
11:44:48.0650 5688 mshidkmdf - ok
11:44:48.0687 5688 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
11:44:48.0688 5688 msisadrv - ok
11:44:48.0705 5688 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
11:44:48.0707 5688 MSiSCSI - ok
11:44:48.0711 5688 msiserver - ok
11:44:48.0730 5688 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
11:44:48.0732 5688 MSKSSRV - ok
11:44:48.0745 5688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
11:44:48.0747 5688 MSPCLOCK - ok
11:44:48.0760 5688 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
11:44:48.0761 5688 MSPQM - ok
11:44:48.0781 5688 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
11:44:48.0785 5688 MsRPC - ok
11:44:48.0828 5688 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
11:44:48.0829 5688 mssmbios - ok
11:44:48.0842 5688 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
11:44:48.0844 5688 MSTEE - ok
11:44:48.0853 5688 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
11:44:48.0854 5688 MTConfig - ok
11:44:48.0872 5688 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
11:44:48.0873 5688 Mup - ok
11:44:48.0919 5688 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
11:44:48.0924 5688 napagent - ok
11:44:48.0963 5688 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
11:44:48.0966 5688 NativeWifiP - ok
11:44:49.0015 5688 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
11:44:49.0020 5688 NDIS - ok
11:44:49.0049 5688 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
11:44:49.0051 5688 NdisCap - ok
11:44:49.0070 5688 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
11:44:49.0071 5688 NdisTapi - ok
11:44:49.0096 5688 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
11:44:49.0097 5688 Ndisuio - ok
11:44:49.0125 5688 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
11:44:49.0127 5688 NdisWan - ok
11:44:49.0140 5688 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
11:44:49.0141 5688 NDProxy - ok
11:44:49.0150 5688 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
11:44:49.0152 5688 NetBIOS - ok
11:44:49.0171 5688 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
11:44:49.0174 5688 NetBT - ok
11:44:49.0203 5688 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:44:49.0204 5688 Netlogon - ok
11:44:49.0239 5688 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
11:44:49.0242 5688 Netman - ok
11:44:49.0259 5688 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
11:44:49.0263 5688 netprofm - ok
11:44:49.0308 5688 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\windows\system32\DRIVERS\netr7364.sys
11:44:49.0315 5688 netr7364 - ok
11:44:49.0393 5688 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:44:49.0395 5688 NetTcpPortSharing - ok
11:44:49.0407 5688 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
11:44:49.0408 5688 nfrd960 - ok
11:44:49.0429 5688 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
11:44:49.0433 5688 NlaSvc - ok
11:44:49.0442 5688 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
11:44:49.0444 5688 Npfs - ok
11:44:49.0453 5688 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
11:44:49.0455 5688 nsi - ok
11:44:49.0466 5688 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
11:44:49.0467 5688 nsiproxy - ok
11:44:49.0540 5688 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
11:44:49.0548 5688 Ntfs - ok
11:44:49.0612 5688 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
11:44:49.0613 5688 Null - ok
11:44:49.0651 5688 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
11:44:49.0654 5688 nvraid - ok
11:44:49.0690 5688 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
11:44:49.0692 5688 nvstor - ok
11:44:49.0728 5688 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
11:44:49.0730 5688 nv_agp - ok
11:44:49.0766 5688 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
11:44:49.0768 5688 ohci1394 - ok
11:44:49.0819 5688 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:44:49.0821 5688 ose - ok
11:44:49.0995 5688 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:44:50.0060 5688 osppsvc - ok
11:44:50.0129 5688 ossrv (a29a80a1cf63d0dc27eefcaf27d34664) C:\windows\system32\drivers\ctoss2k.sys
11:44:50.0131 5688 ossrv - ok
11:44:50.0146 5688 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:44:50.0150 5688 p2pimsvc - ok
11:44:50.0176 5688 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
11:44:50.0181 5688 p2psvc - ok
11:44:50.0203 5688 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
11:44:50.0205 5688 Parport - ok
11:44:50.0253 5688 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
11:44:50.0255 5688 partmgr - ok
11:44:50.0269 5688 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
11:44:50.0272 5688 PcaSvc - ok
11:44:50.0310 5688 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
11:44:50.0313 5688 pci - ok
11:44:50.0323 5688 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
11:44:50.0324 5688 pciide - ok
11:44:50.0349 5688 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
11:44:50.0352 5688 pcmcia - ok
11:44:50.0384 5688 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
11:44:50.0387 5688 pcw - ok
11:44:50.0411 5688 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
11:44:50.0418 5688 PEAUTH - ok
11:44:50.0494 5688 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
11:44:50.0496 5688 PerfHost - ok
11:44:50.0577 5688 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
11:44:50.0601 5688 pla - ok
11:44:50.0668 5688 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
11:44:50.0672 5688 PlugPlay - ok
11:44:50.0677 5688 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
11:44:50.0679 5688 PNRPAutoReg - ok
11:44:50.0699 5688 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
11:44:50.0702 5688 PNRPsvc - ok
11:44:50.0736 5688 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
11:44:50.0742 5688 PolicyAgent - ok
11:44:50.0763 5688 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
11:44:50.0766 5688 Power - ok
11:44:50.0828 5688 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
11:44:50.0829 5688 PptpMiniport - ok
11:44:50.0849 5688 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
11:44:50.0850 5688 Processor - ok
11:44:50.0888 5688 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
11:44:50.0891 5688 ProfSvc - ok
11:44:50.0925 5688 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:44:50.0927 5688 ProtectedStorage - ok
11:44:50.0979 5688 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
11:44:50.0980 5688 Psched - ok
11:44:51.0035 5688 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
11:44:51.0059 5688 ql2300 - ok
11:44:51.0134 5688 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
11:44:51.0137 5688 ql40xx - ok
11:44:51.0155 5688 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
11:44:51.0158 5688 QWAVE - ok
11:44:51.0168 5688 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
11:44:51.0170 5688 QWAVEdrv - ok
11:44:51.0183 5688 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
11:44:51.0184 5688 RasAcd - ok
11:44:51.0207 5688 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
11:44:51.0209 5688 RasAgileVpn - ok
11:44:51.0221 5688 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
11:44:51.0224 5688 RasAuto - ok
11:44:51.0234 5688 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
11:44:51.0236 5688 Rasl2tp - ok
11:44:51.0255 5688 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
11:44:51.0259 5688 RasMan - ok
11:44:51.0270 5688 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
11:44:51.0272 5688 RasPppoe - ok
11:44:51.0283 5688 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
11:44:51.0285 5688 RasSstp - ok
11:44:51.0319 5688 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
11:44:51.0322 5688 rdbss - ok
11:44:51.0334 5688 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
11:44:51.0335 5688 rdpbus - ok
11:44:51.0352 5688 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
11:44:51.0352 5688 RDPCDD - ok
11:44:51.0383 5688 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
11:44:51.0384 5688 RDPENCDD - ok
11:44:51.0396 5688 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
11:44:51.0397 5688 RDPREFMP - ok
11:44:51.0430 5688 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
11:44:51.0432 5688 RDPWD - ok
11:44:51.0480 5688 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
11:44:51.0482 5688 rdyboost - ok
11:44:51.0527 5688 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
11:44:51.0529 5688 RemoteAccess - ok
11:44:51.0542 5688 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
11:44:51.0544 5688 RemoteRegistry - ok
11:44:51.0568 5688 RimUsb (71700b4c5797da5412e9250e26894586) C:\windows\system32\Drivers\RimUsb_AMD64.sys
11:44:51.0570 5688 RimUsb - ok
11:44:51.0599 5688 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
11:44:51.0601 5688 RimVSerPort - ok
11:44:51.0616 5688 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
11:44:51.0617 5688 ROOTMODEM - ok
11:44:51.0630 5688 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
11:44:51.0632 5688 RpcEptMapper - ok
11:44:51.0639 5688 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
11:44:51.0640 5688 RpcLocator - ok
11:44:51.0684 5688 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
11:44:51.0687 5688 RpcSs - ok
11:44:51.0701 5688 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
11:44:51.0703 5688 rspndr - ok
11:44:51.0718 5688 RTL8023x64 (68dd0457d18fccef7384ae84022f0c86) C:\windows\system32\DRIVERS\Rtnic64.sys
11:44:51.0720 5688 RTL8023x64 - ok
11:44:51.0750 5688 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
11:44:51.0761 5688 RTL8167 - ok
11:44:51.0791 5688 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:44:51.0792 5688 SamSs - ok
11:44:51.0875 5688 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
11:44:51.0883 5688 SASDIFSV - ok
11:44:51.0891 5688 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
11:44:51.0899 5688 SASKUTIL - ok
11:44:51.0934 5688 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
11:44:51.0936 5688 sbp2port - ok
11:44:51.0958 5688 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
11:44:51.0961 5688 SCardSvr - ok
11:44:52.0000 5688 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
11:44:52.0001 5688 scfilter - ok
11:44:52.0038 5688 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
11:44:52.0044 5688 Schedule - ok
11:44:52.0079 5688 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
11:44:52.0080 5688 SCPolicySvc - ok
11:44:52.0133 5688 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
11:44:52.0136 5688 SDRSVC - ok
11:44:52.0171 5688 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
11:44:52.0173 5688 secdrv - ok
11:44:52.0209 5688 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
11:44:52.0210 5688 seclogon - ok
11:44:52.0224 5688 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
11:44:52.0225 5688 SENS - ok
11:44:52.0241 5688 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
11:44:52.0243 5688 SensrSvc - ok
11:44:52.0253 5688 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
11:44:52.0254 5688 Serenum - ok
11:44:52.0266 5688 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
11:44:52.0268 5688 Serial - ok
11:44:52.0308 5688 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
11:44:52.0309 5688 sermouse - ok
11:44:52.0373 5688 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
11:44:52.0375 5688 SessionEnv - ok
11:44:52.0412 5688 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
11:44:52.0413 5688 sffdisk - ok
11:44:52.0419 5688 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
11:44:52.0421 5688 sffp_mmc - ok
11:44:52.0431 5688 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
11:44:52.0432 5688 sffp_sd - ok
11:44:52.0446 5688 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
11:44:52.0447 5688 sfloppy - ok
11:44:52.0480 5688 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
11:44:52.0488 5688 Sftfs - ok
11:44:52.0596 5688 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
11:44:52.0601 5688 sftlist - ok
11:44:52.0641 5688 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
11:44:52.0644 5688 Sftplay - ok
11:44:52.0654 5688 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
11:44:52.0655 5688 Sftredir - ok
11:44:52.0664 5688 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
11:44:52.0665 5688 Sftvol - ok
11:44:52.0680 5688 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
11:44:52.0682 5688 sftvsa - ok
11:44:52.0724 5688 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
11:44:52.0728 5688 SharedAccess - ok
11:44:52.0749 5688 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
11:44:52.0752 5688 ShellHWDetection - ok
11:44:52.0771 5688 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
11:44:52.0773 5688 SiSRaid2 - ok
11:44:52.0785 5688 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
11:44:52.0786 5688 SiSRaid4 - ok
11:44:52.0806 5688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
11:44:52.0808 5688 Smb - ok
11:44:52.0846 5688 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
11:44:52.0848 5688 SNMPTRAP - ok
11:44:52.0857 5688 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
11:44:52.0858 5688 spldr - ok
11:44:52.0887 5688 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
11:44:52.0891 5688 Spooler - ok
11:44:53.0011 5688 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
11:44:53.0068 5688 sppsvc - ok
11:44:53.0457 5688 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
11:44:53.0459 5688 sppuinotify - ok
11:44:53.0512 5688 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
11:44:53.0517 5688 srv - ok
11:44:53.0547 5688 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
11:44:53.0552 5688 srv2 - ok
11:44:53.0566 5688 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
11:44:53.0569 5688 srvnet - ok
11:44:53.0592 5688 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
11:44:53.0595 5688 SSDPSRV - ok
11:44:53.0613 5688 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\windows\system32\Drivers\SSPORT.sys
11:44:53.0614 5688 SSPORT - ok
11:44:53.0631 5688 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
11:44:53.0633 5688 SstpSvc - ok
11:44:53.0644 5688 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
11:44:53.0645 5688 stexstor - ok
11:44:53.0694 5688 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
11:44:53.0695 5688 StillCam - ok
11:44:53.0749 5688 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
11:44:53.0755 5688 stisvc - ok
11:44:53.0789 5688 SuperIO (d310da4bb3d61a52f8c50ddb1a62ff5e) C:\windows\system32\DRIVERS\spio.sys
11:44:53.0790 5688 SuperIO - ok
11:44:53.0823 5688 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
11:44:53.0824 5688 swenum - ok
11:44:53.0847 5688 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
11:44:53.0853 5688 swprv - ok
11:44:53.0927 5688 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
11:44:53.0958 5688 SysMain - ok
11:44:54.0045 5688 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
11:44:54.0047 5688 TabletInputService - ok
11:44:54.0062 5688 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
11:44:54.0064 5688 TapiSrv - ok
11:44:54.0078 5688 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
11:44:54.0080 5688 TBS - ok
11:44:54.0162 5688 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
11:44:54.0171 5688 Tcpip - ok
11:44:54.0253 5688 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
11:44:54.0262 5688 TCPIP6 - ok
11:44:54.0328 5688 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
11:44:54.0329 5688 tcpipreg - ok
11:44:54.0358 5688 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
11:44:54.0360 5688 TDPIPE - ok
11:44:54.0402 5688 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
11:44:54.0404 5688 TDTCP - ok
11:44:54.0449 5688 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
11:44:54.0450 5688 tdx - ok
11:44:54.0470 5688 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
11:44:54.0472 5688 TermDD - ok
11:44:54.0504 5688 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
11:44:54.0509 5688 TermService - ok
11:44:54.0519 5688 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
11:44:54.0521 5688 Themes - ok
11:44:54.0540 5688 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
11:44:54.0542 5688 THREADORDER - ok
11:44:54.0619 5688 Tpkd (c676b0f52f2b6483afb88f79cabb011e) C:\windows\system32\drivers\Tpkd.sys
11:44:54.0621 5688 Tpkd - ok
11:44:54.0633 5688 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
11:44:54.0636 5688 TrkWks - ok
11:44:54.0655 5688 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
11:44:54.0657 5688 TrustedInstaller - ok
11:44:54.0690 5688 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
11:44:54.0692 5688 tssecsrv - ok
11:44:54.0717 5688 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
11:44:54.0719 5688 TsUsbFlt - ok
11:44:54.0766 5688 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
11:44:54.0768 5688 tunnel - ok
11:44:54.0803 5688 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
11:44:54.0805 5688 uagp35 - ok
11:44:54.0853 5688 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
11:44:54.0857 5688 udfs - ok
11:44:54.0873 5688 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
11:44:54.0876 5688 UI0Detect - ok
11:44:54.0889 5688 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
11:44:54.0890 5688 uliagpkx - ok
11:44:54.0948 5688 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
11:44:54.0957 5688 umbus - ok
11:44:54.0967 5688 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
11:44:54.0969 5688 UmPass - ok
11:44:54.0993 5688 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
11:44:54.0997 5688 upnphost - ok
11:44:55.0030 5688 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
11:44:55.0032 5688 USBAAPL64 - ok
11:44:55.0081 5688 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
11:44:55.0082 5688 usbaudio - ok
11:44:55.0120 5688 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
11:44:55.0122 5688 usbccgp - ok
11:44:55.0167 5688 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
11:44:55.0177 5688 usbcir - ok
11:44:55.0183 5688 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
11:44:55.0184 5688 usbehci - ok
11:44:55.0204 5688 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
11:44:55.0208 5688 usbhub - ok
11:44:55.0222 5688 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
11:44:55.0230 5688 usbohci - ok
11:44:55.0246 5688 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
11:44:55.0247 5688 usbprint - ok
11:44:55.0289 5688 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
11:44:55.0290 5688 usbscan - ok
11:44:55.0313 5688 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
11:44:55.0314 5688 USBSTOR - ok
11:44:55.0319 5688 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
11:44:55.0320 5688 usbuhci - ok
11:44:55.0339 5688 USTOR2K (88ce07826f25b851e824ed2e57106323) C:\windows\system32\DRIVERS\ustor2k.sys
11:44:55.0340 5688 USTOR2K - ok
11:44:55.0347 5688 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
11:44:55.0349 5688 UxSms - ok
11:44:55.0395 5688 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
11:44:55.0397 5688 VaultSvc - ok
11:44:55.0405 5688 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
11:44:55.0406 5688 vdrvroot - ok
11:44:55.0463 5688 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
11:44:55.0469 5688 vds - ok
11:44:55.0482 5688 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
11:44:55.0484 5688 vga - ok
11:44:55.0500 5688 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
11:44:55.0501 5688 VgaSave - ok
11:44:55.0536 5688 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
11:44:55.0539 5688 vhdmp - ok
11:44:55.0567 5688 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
11:44:55.0568 5688 viaide - ok
11:44:55.0602 5688 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
11:44:55.0603 5688 volmgr - ok
11:44:55.0654 5688 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
11:44:55.0658 5688 volmgrx - ok
11:44:55.0697 5688 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
11:44:55.0700 5688 volsnap - ok
11:44:55.0727 5688 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
11:44:55.0729 5688 vsmraid - ok
11:44:55.0837 5688 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
11:44:55.0894 5688 VSS - ok
11:44:55.0975 5688 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
11:44:55.0977 5688 vwifibus - ok
11:44:55.0993 5688 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
11:44:55.0995 5688 vwififlt - ok
11:44:56.0020 5688 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
11:44:56.0021 5688 vwifimp - ok
11:44:56.0055 5688 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
11:44:56.0060 5688 W32Time - ok
11:44:56.0073 5688 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
11:44:56.0074 5688 WacomPen - ok
11:44:56.0162 5688 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files\Wajam\Updater\WajamUpdater.exe
11:44:56.0164 5688 WajamUpdater - ok
11:44:56.0192 5688 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:44:56.0194 5688 WANARP - ok
11:44:56.0197 5688 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
11:44:56.0198 5688 Wanarpv6 - ok
11:44:56.0272 5688 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
11:44:56.0296 5688 WatAdminSvc - ok
11:44:56.0371 5688 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
11:44:56.0417 5688 wbengine - ok
11:44:56.0496 5688 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
11:44:56.0499 5688 WbioSrvc - ok
11:44:56.0522 5688 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
11:44:56.0526 5688 wcncsvc - ok
11:44:56.0557 5688 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
11:44:56.0559 5688 WcsPlugInService - ok
11:44:56.0592 5688 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
11:44:56.0593 5688 Wd - ok
11:44:56.0631 5688 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
11:44:56.0632 5688 WDC_SAM - ok
11:44:56.0657 5688 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
11:44:56.0663 5688 Wdf01000 - ok
11:44:56.0675 5688 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:44:56.0678 5688 WdiServiceHost - ok
11:44:56.0681 5688 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
11:44:56.0683 5688 WdiSystemHost - ok
11:44:56.0746 5688 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
11:44:56.0750 5688 WebClient - ok
11:44:56.0768 5688 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
11:44:56.0772 5688 Wecsvc - ok
11:44:56.0788 5688 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
11:44:56.0790 5688 wercplsupport - ok
11:44:56.0821 5688 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
11:44:56.0824 5688 WerSvc - ok
11:44:56.0856 5688 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
11:44:56.0857 5688 WfpLwf - ok
11:44:56.0876 5688 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
11:44:56.0878 5688 WIMMount - ok
11:44:56.0949 5688 WinDefend - ok
11:44:56.0956 5688 WinHttpAutoProxySvc - ok
11:44:56.0998 5688 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
11:44:57.0001 5688 Winmgmt - ok
11:44:57.0082 5688 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
11:44:57.0120 5688 WinRM - ok
11:44:57.0210 5688 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
11:44:57.0212 5688 WinUsb - ok
11:44:57.0250 5688 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
11:44:57.0259 5688 Wlansvc - ok
11:44:57.0305 5688 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
11:44:57.0307 5688 WmiAcpi - ok
11:44:57.0330 5688 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
11:44:57.0333 5688 wmiApSrv - ok
11:44:57.0341 5688 WMPNetworkSvc - ok
11:44:57.0370 5688 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
11:44:57.0372 5688 WPCSvc - ok
11:44:57.0411 5688 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
11:44:57.0414 5688 WPDBusEnum - ok
11:44:57.0438 5688 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
11:44:57.0439 5688 ws2ifsl - ok
11:44:57.0486 5688 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
11:44:57.0488 5688 wscsvc - ok
11:44:57.0492 5688 WSearch - ok
11:44:57.0526 5688 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
11:44:57.0529 5688 wsvd - ok
11:44:57.0626 5688 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
11:44:57.0663 5688 wuauserv - ok
11:44:57.0735 5688 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
11:44:57.0737 5688 WudfPf - ok
11:44:57.0778 5688 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
11:44:57.0781 5688 WUDFRd - ok
11:44:57.0790 5688 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
11:44:57.0793 5688 wudfsvc - ok
11:44:57.0814 5688 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
11:44:57.0817 5688 WwanSvc - ok
11:44:57.0879 5688 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:44:57.0884 5688 YahooAUService - ok
11:44:57.0912 5688 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\windows\system32\DRIVERS\yk62x64.sys
11:44:57.0917 5688 yukonw7 - ok
11:44:57.0952 5688 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:44:58.0036 5688 \Device\Harddisk0\DR0 - ok
11:44:58.0039 5688 Boot (0x1200) (1eee8e50b2d7a33b23f77d617cdbc15e) \Device\Harddisk0\DR0\Partition0
11:44:58.0041 5688 \Device\Harddisk0\DR0\Partition0 - ok
11:44:58.0064 5688 Boot (0x1200) (3643ec311910429fc79ab17ae69064a5) \Device\Harddisk0\DR0\Partition1
11:44:58.0066 5688 \Device\Harddisk0\DR0\Partition1 - ok
11:44:58.0066 5688 ============================================================
11:44:58.0066 5688 Scan finished
11:44:58.0066 5688 ============================================================
11:44:58.0075 5756 Detected object count: 0
11:44:58.0076 5756 Actual detected object count: 0




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-14 11:51:21
-----------------------------
11:51:21.331 OS Version: Windows x64 6.1.7601 Service Pack 1
11:51:21.331 Number of processors: 2 586 0x170A
11:51:21.332 ComputerName: FRANKRIS-PC UserName: Frankris
11:51:23.148 Initialize success
11:54:34.525 AVAST engine defs: 12071401
11:55:09.652 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:55:09.654 Disk 0 Vendor: ST31000528AS CC68 Size: 953869MB BusType: 11
11:55:09.674 Disk 0 MBR read successfully
11:55:09.676 Disk 0 MBR scan
11:55:09.679 Disk 0 Windows 7 default MBR code
11:55:09.690 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:55:09.703 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 928093 MB offset 206848
11:55:09.738 Disk 0 Partition 3 00 12 Compaq diag NTFS 25675 MB offset 1900941312
11:55:09.783 Disk 0 scanning C:\windows\system32\drivers
11:55:21.414 Service scanning
11:55:41.263 Modules scanning
11:55:41.268 Disk 0 trace - called modules:
11:55:41.271
11:55:42.979 AVAST engine scan C:\windows
11:55:47.018 AVAST engine scan C:\windows\system32
11:58:39.965 AVAST engine scan C:\windows\system32\drivers
11:58:54.708 AVAST engine scan C:\Users\Frankris
12:05:01.083 AVAST engine scan C:\ProgramData
12:06:31.539 Scan finished successfully
12:07:35.447 Disk 0 MBR has been saved successfully to "C:\Users\Frankris\Desktop\MBR.dat"
12:07:35.453 The log file has been saved successfully to "C:\Users\Frankris\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:02 AM

Posted 14 July 2012 - 02:40 PM

Hello

In which browsers are you getting the redirect - please verify all that are installed on the computer

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 kp31

kp31
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:08:02 AM

Posted 14 July 2012 - 03:14 PM

It is happening on both browsers. It only happens when I am searching for things, not when I am entering an address in the address bar directly. I typically use yahoo to search.

OTL logfile created on: 7/14/2012 1:59:19 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Frankris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 45.24% Memory free
7.93 Gb Paging File | 5.69 Gb Available in Paging File | 71.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 906.34 Gb Total Space | 785.82 Gb Free Space | 86.70% Space Free | Partition Type: NTFS

Computer Name: FRANKRIS-PC | User Name: Frankris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Frankris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Frankris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
PRC - C:\Users\Frankris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe ()
PRC - C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
PRC - C:\Program Files (x86)\Digidesign\Pro Tools\ProToolsSE.exe (Avid Technology, Inc..)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
PRC - C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\z.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\libxml2-2.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\gsttspplugin.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\ndsLogStore.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\boost_thread-vc90-mt-1_39.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\XferManagerDll.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\TSB.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\PCShowServerDll.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\NDSPCShowServer.exe ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\DrmSingleton.dll ()
MOD - C:\Users\Frankris\AppData\Local\DIRECTV Player\CatalogDll.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\Digidesign\Pro Tools\LGC.dll ()
MOD - C:\Program Files (x86)\Digidesign\Pro Tools\DigiExt.dll ()
MOD - C:\Program Files (x86)\Digidesign\Pro Tools\Trns.dll ()
MOD - C:\Program Files (x86)\Digidesign\Pro Tools\Sib.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()
MOD - C:\Program Files (x86)\jmesoft\KeyHook.dll ()
MOD - C:\Windows\SysWOW64\CtxfiRes.dll ()
MOD - C:\Program Files (x86)\jmesoft\VistaVolume.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WajamUpdater) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (DigiRefresh) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ha20x22k) -- C:\Windows\SysNative\drivers\ha20x22k.sys (Creative Technology Ltd)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (USTOR2K) -- C:\Windows\SysNative\drivers\ustor2k.sys (Genesys Logic)
DRV:64bit: - (Tpkd) -- C:\windows\SysNative\drivers\Tpkd.sys (PACE Anti-Piracy, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (MAUSBPRODUCER) -- C:\Windows\SysNative\drivers\MAudioProducer.sys (Avid Technology, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SuperIO) -- C:\Windows\SysNative\drivers\spio.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (GEARAspiWDM) -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (MRESP50) -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/homepage.aspx?tbid=80114&lng=en
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{648937CA-8DAC-4613-87A2-4F72B022EB82}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110106,6901,0,8,0
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80114&lng=en
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Frankris\AppData\Local\DIRECTV Player\npPCShowPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Frankris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Frankris\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 12:00:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/08 11:01:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/13 13:01:57 | 000,000,000 | ---D | M]

[2011/07/24 14:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Extensions
[2011/07/24 14:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Extensions\{dd77d456-f77d-4302-a7df-f6f8868ded4e}
[2011/06/27 18:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2012/07/14 09:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\extensions
[2012/05/31 12:33:15 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2012/07/08 09:29:53 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/06/23 17:18:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/03/30 19:19:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Frankris\AppData\Roaming\Mozilla\Firefox\Profiles\i2mx0n7z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/08 11:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/14 16:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/13 13:01:55 | 000,215,864 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[2012/01/01 14:45:03 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/14 16:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/14 16:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Frankris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Frankris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Wajam = C:\Users\Frankris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.23_0\

O1 HOSTS File: ([2012/07/13 23:29:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTxfiHlp] C:\windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe (JME)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\windows\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [Ares] C:\Users\Frankris\AppData\Local\Best Buy pc app\Ares\xckor.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Ares] C:\Users\Frankris\AppData\Local\Best Buy pc app\Ares\xckor.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002..\Run: [Ares] C:\Users\Frankris\AppData\Local\Best Buy pc app\Ares\xckor.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002..\Run: [PCShowServer] C:\Users\Frankris\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-315945536-1523150895-4108563598-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files%20(x86)/Turbo%20Pizza/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergysworkathome.com/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files%20(x86)/Turbo%20Pizza/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab (WebBrowserType Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{041F5F5B-6D04-47BA-A5A4-AB36083EF42D}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F36BC562-2113-4EE5-B242-44317B670513}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/14 13:57:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Frankris\Desktop\OTL.exe
[2012/07/14 12:09:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/14 11:49:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Frankris\Desktop\aswMBR.exe
[2012/07/14 11:43:37 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Frankris\Desktop\tdsskiller.exe
[2012/07/13 23:34:26 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/07/13 23:20:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/07/13 23:20:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/07/13 23:20:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/07/13 23:13:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/13 23:13:19 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/07/13 23:12:06 | 004,577,833 | R--- | C] (Swearware) -- C:\Users\Frankris\Desktop\ComboFix.exe
[2012/07/13 04:11:59 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/11 05:31:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
[2012/07/11 05:31:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
[2012/07/11 05:30:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2012/07/11 05:30:53 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
[2012/07/11 05:30:53 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
[2012/07/09 12:46:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Frankris\Desktop\dds.scr
[2012/07/08 09:34:33 | 000,000,000 | ---D | C] -- C:\Users\Frankris\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/08 09:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/08 09:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/08 09:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/07 14:34:19 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/06/26 21:47:16 | 000,000,000 | ---D | C] -- C:\pra
[2012/06/25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4.dll
[2012/06/23 17:18:50 | 000,000,000 | ---D | C] -- C:\Users\Frankris\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/06/23 17:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012/06/23 17:17:27 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\windows\SysWow64\Newtonsoft.Json.Net20.dll
[2012/06/23 17:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2012/06/23 17:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVIDEOSOFT
[2012/06/23 17:16:58 | 000,000,000 | ---D | C] -- C:\Users\Frankris\AppData\Roaming\DVDVideoSoft
[2012/06/23 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\Frankris\Documents\Any Video Converter
[2012/06/23 17:09:14 | 000,000,000 | ---D | C] -- C:\Users\Frankris\AppData\Roaming\AnvSoft
[2012/06/19 06:07:34 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/19 06:07:34 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/19 06:07:34 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/19 06:07:27 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/19 06:07:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/19 06:07:27 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/19 06:07:20 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/19 06:07:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/16 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\Frankris\Documents\Kris HTC Dox
[2012/06/16 22:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/06/16 22:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/14 13:57:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Frankris\Desktop\OTL.exe
[2012/07/14 13:33:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/14 13:27:22 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 13:27:22 | 000,017,952 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/14 12:15:43 | 000,727,334 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/14 12:15:43 | 000,624,614 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/14 12:15:43 | 000,106,732 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/14 12:09:50 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/14 12:09:39 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2012/07/14 12:09:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/14 12:09:13 | 694,826,208 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/14 12:09:13 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/14 12:07:35 | 000,000,512 | ---- | M] () -- C:\Users\Frankris\Desktop\MBR.dat
[2012/07/14 11:49:58 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Frankris\Desktop\aswMBR.exe
[2012/07/14 11:43:42 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Frankris\Desktop\tdsskiller.exe
[2012/07/14 07:26:42 | 000,061,852 | ---- | M] () -- C:\windows\SysNative\BMXStateBkp-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
[2012/07/14 07:26:42 | 000,061,852 | ---- | M] () -- C:\windows\SysNative\BMXState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
[2012/07/14 07:26:42 | 000,000,820 | ---- | M] () -- C:\windows\SysNative\DVCState-{00000002-00000000-00000000-00001102-0000000B-00411102}.rfx
[2012/07/13 23:29:46 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/07/13 23:12:19 | 004,577,833 | R--- | M] (Swearware) -- C:\Users\Frankris\Desktop\ComboFix.exe
[2012/07/13 23:09:54 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/13 17:11:07 | 101,431,055 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/07/13 15:35:25 | 000,001,080 | ---- | M] () -- C:\windows\SysNative\settingsbkup.sfm
[2012/07/13 15:35:25 | 000,001,080 | ---- | M] () -- C:\windows\SysNative\settings.sfm
[2012/07/12 18:32:38 | 000,455,719 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/12 09:30:45 | 000,298,008 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/12 03:02:56 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/07/09 12:47:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Frankris\Desktop\dds.scr
[2012/07/08 22:45:03 | 000,007,605 | ---- | M] () -- C:\Users\Frankris\AppData\Local\Resmon.ResmonCfg
[2012/07/08 11:01:07 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/03 17:09:53 | 001,105,427 | ---- | M] () -- C:\Users\Frankris\Documents\chore list for mom.pdf
[2012/07/01 10:51:06 | 000,021,321 | ---- | M] () -- C:\Users\Frankris\Documents\insurance claim form.pdf
[2012/07/01 10:49:57 | 000,131,908 | ---- | M] () -- C:\Users\Frankris\Documents\assessment form.pdf
[2012/06/25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msxml4.dll
[2012/06/24 19:12:39 | 000,040,448 | ---- | M] () -- C:\Users\Frankris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/23 17:18:35 | 000,001,239 | ---- | M] () -- C:\Users\Frankris\Desktop\DVDVideoSoft Free Studio.lnk
[2012/06/23 16:47:43 | 000,001,943 | ---- | M] () -- C:\Users\Frankris\Desktop\Create Your Own Video Screensaver!.lnk
[2012/06/23 16:47:43 | 000,001,928 | ---- | M] () -- C:\Users\Frankris\Desktop\Free Games!!.lnk
[2012/06/23 16:47:42 | 000,001,938 | ---- | M] () -- C:\Users\Frankris\Desktop\Free Dolphin Screensaver.lnk
[2012/06/21 17:27:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 10:56:41 | 000,071,104 | ---- | M] () -- C:\windows\CouponPrinter.ocx
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/14 12:09:13 | 694,826,208 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/07/14 12:07:35 | 000,000,512 | ---- | C] () -- C:\Users\Frankris\Desktop\MBR.dat
[2012/07/13 23:20:49 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/07/13 23:20:49 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/07/13 23:20:49 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/07/13 23:20:49 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/07/13 23:20:49 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/07/08 22:45:03 | 000,007,605 | ---- | C] () -- C:\Users\Frankris\AppData\Local\Resmon.ResmonCfg
[2012/07/08 11:01:07 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/08 11:01:07 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/07/08 09:34:09 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/03 17:09:50 | 001,105,427 | ---- | C] () -- C:\Users\Frankris\Documents\chore list for mom.pdf
[2012/07/01 10:51:06 | 000,021,321 | ---- | C] () -- C:\Users\Frankris\Documents\insurance claim form.pdf
[2012/07/01 10:05:35 | 000,131,908 | ---- | C] () -- C:\Users\Frankris\Documents\assessment form.pdf
[2012/06/23 17:18:35 | 000,001,239 | ---- | C] () -- C:\Users\Frankris\Desktop\DVDVideoSoft Free Studio.lnk
[2012/06/23 16:47:43 | 000,001,943 | ---- | C] () -- C:\Users\Frankris\Desktop\Create Your Own Video Screensaver!.lnk
[2012/06/23 16:47:43 | 000,001,928 | ---- | C] () -- C:\Users\Frankris\Desktop\Free Games!!.lnk
[2012/06/23 16:47:42 | 000,001,938 | ---- | C] () -- C:\Users\Frankris\Desktop\Free Dolphin Screensaver.lnk
[2012/04/08 07:51:14 | 000,005,396 | ---- | C] () -- C:\Users\Frankris\m
[2012/01/31 20:49:58 | 000,000,510 | ---- | C] () -- C:\Program Files (x86)\0131201220495838.bat
[2012/01/17 16:58:01 | 000,142,128 | ---- | C] () -- C:\windows\wiainst64.exe
[2011/12/19 08:52:37 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/15 09:31:37 | 000,098,304 | ---- | C] () -- C:\windows\SysWow64\redmonnt.dll
[2011/12/11 16:05:50 | 000,010,638 | -HS- | C] () -- C:\Users\Frankris\AppData\Local\5o42hc3l58u034
[2011/12/11 16:05:50 | 000,010,638 | -HS- | C] () -- C:\ProgramData\5o42hc3l58u034
[2011/10/12 16:10:25 | 000,217,088 | ---- | C] () -- C:\windows\SysWow64\qtmlClient.dll
[2011/08/04 20:45:07 | 000,000,663 | ---- | C] () -- C:\Users\Frankris\AppData\Local\cookies.ini
[2011/07/10 11:55:58 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/07/03 19:44:59 | 000,177,664 | ---- | C] () -- C:\windows\SysWow64\APOMngr.DLL
[2011/07/03 19:44:59 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\CmdRtr.DLL
[2011/06/25 18:40:20 | 000,000,481 | ---- | C] () -- C:\Program Files (x86)\0625201118402054.bat
[2011/05/22 18:05:02 | 000,510,976 | ---- | C] () -- C:\windows\SysWow64\synsoacc.dll
[2011/05/13 16:40:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\CIOSupport
[2011/05/13 16:40:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bundle
[2011/05/13 16:40:29 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bubble Noise
[2011/05/13 16:40:29 | 000,000,268 | -H-- | C] () -- C:\Users\Frankris\AppData\Roaming\Breath Pad
[2011/05/13 16:40:29 | 000,000,268 | -H-- | C] () -- C:\Users\Frankris\AppData\Roaming\Booms
[2011/05/13 16:40:29 | 000,000,268 | -H-- | C] () -- C:\Users\Frankris\AppData\Roaming\BookService
[2011/05/13 16:40:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/05/13 16:40:29 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/05/13 16:40:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\ColorSync
[2011/05/13 16:40:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Colors
[2011/05/13 16:40:29 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Clips
[2011/05/13 16:40:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/04/14 22:50:31 | 000,482,408 | ---- | C] () -- C:\windows\ssndii.exe
[2011/04/14 22:50:30 | 000,113,768 | ---- | C] () -- C:\windows\Wiainst.exe
[2011/03/05 11:57:38 | 000,040,448 | ---- | C] () -- C:\Users\Frankris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/20 08:38:47 | 000,000,074 | ---- | C] () -- C:\windows\wininit.ini
[2011/01/21 18:34:41 | 000,000,000 | ---- | C] () -- C:\Users\Frankris\systemlog
[2011/01/17 21:57:55 | 000,743,538 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/23 03:14:03 | 000,000,023 | ---- | C] () -- C:\windows\SysWow64\drivers\psn.dat
[2010/11/20 20:11:40 | 000,139,264 | ---- | C] () -- C:\windows\SysWow64\ustor.dll
[2010/11/20 20:11:37 | 000,001,393 | ---- | C] () -- C:\windows\SysWow64\IconCfg0.ini
[2010/11/20 20:11:37 | 000,000,722 | ---- | C] () -- C:\windows\SysWow64\ProductName.ini
[2010/11/20 20:03:56 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/11/20 20:03:56 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 987 bytes -> C:\Users\Frankris\AppData\Local\Ixsvs2yXsDKTi:I9AJrtskvr9XIhvg
@Alternate Data Stream - 959 bytes -> C:\ProgramData\Microsoft:PCMmMTJCouWmwOB2989W0nZ
@Alternate Data Stream - 948 bytes -> C:\Users\Frankris\AppData\Local\Temp:DGGWWQu4zlQJUUkIaayCRXFet
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:03777453
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D0030B7B
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B0A3DB99
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:1F9C3D08
@Alternate Data Stream - 1131 bytes -> C:\Users\Frankris\AppData\Local\Temp:UOS39Tdc2vlfOpEnw
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:10D98D98
@Alternate Data Stream - 1087 bytes -> C:\ProgramData\Microsoft:R00DEaoxZJxpuV755I91j
@Alternate Data Stream - 1051 bytes -> C:\ProgramData\Microsoft:OJfgPnZAde64AcrSsD1Le
@Alternate Data Stream - 1022 bytes -> C:\ProgramData\Microsoft:ONv3evXqBcfbRljuBb8Wzb
@Alternate Data Stream - 1010 bytes -> C:\ProgramData\Microsoft:8KHkEm54dXwqXVuG5XRdleDiqWP

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users