Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 64-bit Infected with Trojan Horse Generic28.ANIC


  • This topic is locked This topic is locked
24 replies to this topic

#1 zamix

zamix

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 July 2012 - 08:46 PM

My Dell XPS 15z is infected with Trojan Horse Generic28.ANIC and possibly another trojan. The computer has been runniong very slow lately and freezes often. AVG detects the trojan but can not remove it.
Avg detects the following infected files:
C:\Windows\assembly\GAC_64\Desktop.ini Trojan Horse Generic28.ANIC
C:\Windows\assembly\GAC_32\Desktop.ini Trojan Horse BackDoor.Generic
The dds log is below. I did not run GMER as I have 64-bit Windows 7 and the instructions say to skip GMER on 64-bit systems. Your help is greatly appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32
Run by Kyra at 18:42:05 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4098 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\DEVMONSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\OBEXSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Cypress\TrackPad\CyCpIo.exe
C:\Program Files\Cypress\TrackPad\CyHidWin.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mstart.exe
C:\Users\Kyra\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\MEDIASRV.EXE
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mlauncher.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628154534.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
BHO: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Google Update] "C:\Users\Kyra\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [PdxRegCl] "C:\Program Files (x86)\Paradox\Programs\PdxRegCl.exe" /s /c
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Kyra\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kyra\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{DFF575D2-02F0-4EB4-BEE6-2345B62ED7FD} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DFF575D2-02F0-4EB4-BEE6-2345B62ED7FD}\65F67656C637472716E646 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{DFF575D2-02F0-4EB4-BEE6-2345B62ED7FD}\758435 : DhcpNameServer = 65.32.1.65
TCP: Interfaces\{DFF575D2-02F0-4EB4-BEE6-2345B62ED7FD}\A5F6F6D6D2A5F6F6D6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{DFF575D2-02F0-4EB4-BEE6-2345B62ED7FD}\B496274796563702E4564777F627B6 : DhcpNameServer = 167.206.251.129 167.206.251.130
TCP: Interfaces\{E0C75F45-DF80-4DAD-BE1E-14982EDC595D} : DhcpNameServer = 137.215.193.16 137.215.8.16 137.215.101.16
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628154534.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
BHO-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
BHO-X64: BFlix Toolbar - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: BFlix Toolbar: {a6bf16ab-42a1-4bc5-965d-5e407e449aaa} - C:\Program Files (x86)\bflixtoolbar\vmntemplateX.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [(Default)]
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [PdxRegCl] "C:\Program Files (x86)\Paradox\Programs\PdxRegCl.exe" /s /c
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\nvinit.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kyra\AppData\Roaming\Mozilla\Firefox\Profiles\rb1hng7u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B24c4acde-b04f-4452-9ee8-8faca070d945%7D&mid=34de0de7866947d1b66d591a68ea4c56-5f08d8778c34e61878b7c6b52591b5f7a1a0d40f&ds=AVG&v=11.1.0.12&lang=en&pr=fr&d=2012-06-07%2022%3A41%3A34&sap=ku&q=
FF - prefs.js: network.proxy.http - http://www.up.ac.za/proxy.pac1
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kyra\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kyra\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Kyra\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-5-22 98208]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 BandLuxe_Service;BandLuxe Service;C:\Program Files (x86)\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2009-7-23 116960]
R2 BLUETOOTH DEVICE MONITOR;BLUETOOTH DEVICE MONITOR;C:\Program Files (x86)\Intel\Bluetooth\DEVMONSRV.EXE [2011-1-24 901184]
R2 BLUETOOTH OBEX SERVICE;BLUETOOTH OBEX SERVICE;C:\Program Files (x86)\Intel\Bluetooth\OBEXSRV.EXE [2011-1-24 991296]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-5-8 229376]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-4 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-4 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-5-22 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-5-22 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-22 1997416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-22 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-24 378984]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-22 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-16 935008]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BLUETOOTH MEDIA SERVICE;BLUETOOTH MEDIA SERVICE;C:\Program Files (x86)\Intel\Bluetooth\MEDIASRV.EXE [2011-1-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys --> C:\Windows\system32\DRIVERS\cyhid.sys [?]
R3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys --> C:\Windows\system32\DRIVERS\cykbfltr.sys [?]
R3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys --> C:\Windows\system32\DRIVERS\cymfltr.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-4 249936]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-6-6 1025352]
S3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;C:\Windows\system32\DRIVERS\br3gmdm.sys --> C:\Windows\system32\DRIVERS\br3gmdm.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys [?]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys [?]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys [?]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-5-22 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-3 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-4 249936]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-27 13:14:31 -------- d-----w- C:\Program Files (x86)\Citrix
2012-07-27 13:13:30 60864 ----a-w- C:\Users\Kyra\g2mdlhlpx.exe
2012-07-22 21:42:55 -------- d-----w- C:\Users\Kyra\AppData\Local\Macromedia
2012-07-22 21:39:32 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-13 14:20:53 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-13 14:14:45 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-13 14:13:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-13 14:13:25 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-13 14:13:23 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-13 14:13:20 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-13 14:13:18 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-13 14:13:18 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-03 12:57:34 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-07-03 12:57:33 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-07-03 12:57:33 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-07-03 12:57:33 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-07-03 12:57:32 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-07-03 12:57:32 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-07-03 12:57:10 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-07-03 12:57:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-07-03 12:57:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-07-03 12:57:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-07-03 12:56:53 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-07-03 12:56:51 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-07-03 12:56:49 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-07-03 12:56:49 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-07-03 12:56:49 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-07-03 12:56:47 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-07-03 12:48:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-03 12:48:09 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-03 12:47:52 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-03 12:47:52 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-03 12:46:23 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-03 12:46:13 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-03 12:46:13 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-28 19:45:32 29312 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ScriptFF.dll
.
==================== Find3M ====================
.
2012-07-23 03:20:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-22 18:24:50 1691648 ----a-w- C:\Windows\sqliteodbc2010.dll
2012-05-03 08:33:04 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-03 08:33:04 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 18:42:41.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 03 August 2012 - 12:17 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 04 August 2012 - 04:58 PM

Gringo, thank you so much for replying. I ran into some problems when running SecurityCheck.exe.

The command (black) window opened and scrolled some things by really quick and closed without opening a notepad window.
One of the things to scroll by was "sc.exe is not a recognized internal or external command.". I opened a cmd window and typed sc to see if it would run. Same error.
I checked the path environment variable and noticed that C:\windows\system32\ was missing. So I added it to the path variable.

Ran SecurityCheck.exe again and it started running. Then...

Got a message that says that sed.exe has stopped unexpectedly.
After this, the notepad window opens but is empty.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 04 August 2012 - 05:19 PM

OK move on to combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 05 August 2012 - 06:38 AM

Ran Combofix. The blue shell screen opens and runs 50 or so checks. The computer rebooted and the screen said that the log was being prepared, do not open any other programs. This sat like this for two hours and didn't appear to be doing anything... So I closed it.

Next I got the "Illiegal operation attempted on a registry key that has been marked for deletion." so as per your instructions I rebooted.

Now my desktop icons have stopped working. The word shortcut worked once then it stopped working along with the others. It now just beeps when I double click a desktop icon. I can, however run these programs from the start menu.

The program R (statistics program I use) now gives an error "fatal error cannot mkdir R_tempdir". I can reinstall R if need be but I thought I should mention this to you as a symptom.
I'm running an AVG scan now to see if the Trojans are still detected. So far it just reports:

/device/mfeavfk01.sys hidden driver

I will let you know if it finds anything further. I did not find a Combofix.txt log on the desktop or on the 'C:\' drive but there is a 'C:\combofix\' directory that has a Combofix.txt file with the following contents.

ComboFix 12-08-05.02 - Kyra 08/05/2012 10:17:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.3796 [GMT 2:00]
Running from: C:\Users\Kyra\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 05 August 2012 - 12:18 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 05 August 2012 - 03:04 PM

Ran combofix in safe mode. A log was created and now R and the desktop icons seem to work again! Below is the combofix.txt log file.

ComboFix 12-08-05.02 - Kyra 08/05/2012 20:57:54.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4622 [GMT 2:00]
Running from: c:\users\Kyra\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\bflixtoolbar\chrome\content\lib\about.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpaneltransparent.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files (x86)\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\external.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files (x86)\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files (x86)\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files (x86)\bflixtoolbar\chrome\content\modules\nsDragAndDrop.js
c:\program files (x86)\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files (x86)\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files (x86)\bflixtoolbar\chrome\content\preferences.xml
c:\program files (x86)\bflixtoolbar\chrome\content\template.xml
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.htm
c:\program files (x86)\bflixtoolbar\chrome\content\toolbar.xul
c:\program files (x86)\bflixtoolbar\chrome\content\vmncode.js
c:\program files (x86)\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files (x86)\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\product.xml
c:\program files (x86)\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\engines.xml
c:\program files (x86)\bflixtoolbar\chrome\data\search\search.xsl
c:\program files (x86)\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_png
c:\program files (x86)\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files (x86)\bflixtoolbar\chrome\skin\about.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\about_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\arcade_png
c:\program files (x86)\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files (x86)\bflixtoolbar\chrome\skin\blank_png
c:\program files (x86)\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ca.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dictionary.png
c:\program files (x86)\bflixtoolbar\chrome\skin\divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email.png
c:\program files (x86)\bflixtoolbar\chrome\skin\email_on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook.png
c:\program files (x86)\bflixtoolbar\chrome\skin\facebook_png
c:\program files (x86)\bflixtoolbar\chrome\skin\games.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Games_png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphred5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\graphredna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\grey.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files (x86)\bflixtoolbar\chrome\skin\images.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\music-note.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-pause.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-btn-play.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-bg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-buffer.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-busy.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-on.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-eq-warning.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-design.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options-on.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-options.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\radio-volume-mute.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-handle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\scrollbar-track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slider.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\slideron.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\images\track.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_02.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_03.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_04.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_06.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_07.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_08.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_09.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_10.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_11.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_12.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_13.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_14.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_15.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_16.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_18.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_19.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_20.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\border_21.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-hot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\close-normal.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\loadingMid.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\proxy.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\template.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\templateFF.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\uwa\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\cond999.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\icons.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na-t.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\na.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\icons\weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\add.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.css
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\weatherbutton\panels\popupWeather.html
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\lichen.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files (x86)\bflixtoolbar\chrome\skin\logo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\mail.png
c:\program files (x86)\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\modify-save.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modify.png
c:\program files (x86)\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music.png
c:\program files (x86)\bflixtoolbar\chrome\skin\music_png
c:\program files (x86)\bflixtoolbar\chrome\skin\Myspace_png
c:\program files (x86)\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files (x86)\bflixtoolbar\chrome\skin\news.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-main.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-weather.png
c:\program files (x86)\bflixtoolbar\chrome\skin\options\options-widgets.png
c:\program files (x86)\bflixtoolbar\chrome\skin\orange.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\pixsy.png
c:\program files (x86)\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files (x86)\bflixtoolbar\chrome\skin\protect-id.png
c:\program files (x86)\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-found.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rss.png
c:\program files (x86)\bflixtoolbar\chrome\skin\rssback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\search-over.png
c:\program files (x86)\bflixtoolbar\chrome\skin\search.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-left.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-middle.png
c:\program files (x86)\bflixtoolbar\chrome\skin\searchbar\searchbar-background-right.png
c:\program files (x86)\bflixtoolbar\chrome\skin\settings.png
c:\program files (x86)\bflixtoolbar\chrome\skin\shopping.png
c:\program files (x86)\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files (x86)\bflixtoolbar\chrome\skin\skin.xml
c:\program files (x86)\bflixtoolbar\chrome\skin\technorati.png
c:\program files (x86)\bflixtoolbar\chrome\skin\throbber.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files (x86)\bflixtoolbar\chrome\skin\translate.png
c:\program files (x86)\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files (x86)\bflixtoolbar\chrome\skin\tv_png
c:\program files (x86)\bflixtoolbar\chrome\skin\twitter_png
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.css
c:\program files (x86)\bflixtoolbar\chrome\skin\vmn.png
c:\program files (x86)\bflixtoolbar\chrome\skin\Weather_png
c:\program files (x86)\bflixtoolbar\chrome\skin\web.png
c:\program files (x86)\bflixtoolbar\chrome\skin\websearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files (x86)\bflixtoolbar\chrome\skin\yellow.gif
c:\program files (x86)\bflixtoolbar\chrome\skin\youtube.png
c:\program files (x86)\bflixtoolbar\chrome\skin\zoom.png
c:\program files (x86)\bflixtoolbar\components\windowmediator.js
c:\program files (x86)\bflixtoolbar\install.ico
c:\program files (x86)\bflixtoolbar\manifest.xml
c:\program files (x86)\bflixtoolbar\partner.xml
c:\program files (x86)\bflixtoolbar\uninstall.exe
c:\program files (x86)\bflixtoolbar\vmntemplate.dll
c:\program files (x86)\bflixtoolbar\vmNTemplatex.dll
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0CA31DE1-E6FB-4292-B3F8-AB829DAC90A3}.xps
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1A63E700-B4A0-417D-8EE6-1EBBC76342AB}.xps
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2D00C161-3130-477C-AF8F-9B20ECADD3B2}.xps
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5299FC56-EE02-40A6-B347-2E89AFD71317}.xps
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{AD2493F2-D43B-406F-BC6F-4956DAADD381}.xps
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BCA13784-F462-4AD7-B7A3-13C94B98CBD5}.xps
c:\users\Kyra\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FC2EED62-F670-4E14-A38B-7E7D78D6F371}.xps
c:\users\Kyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
c:\users\Kyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk
c:\users\Kyra\AppData\Roaming\Mozilla\Firefox\Profiles\rb1hng7u.default\searchplugins\bing-zugo.xml
c:\users\Kyra\g2mdlhlpx.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\sqliteodbc2010.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 19:06 . 2012-08-05 19:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-05 19:06 . 2012-08-05 19:06 -------- d-----w- c:\users\Glenn\AppData\Local\temp
2012-08-05 19:06 . 2012-08-05 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 19:06 . 2012-08-05 19:06 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-04 20:24 . 2010-05-22 12:50 195584 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-08-04 20:24 . 2010-05-22 12:49 29696 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-08-04 20:24 . 2010-05-22 12:49 54784 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-08-04 20:24 . 2010-05-22 12:49 83456 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-08-04 20:24 . 2010-05-22 12:49 78848 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-08-04 20:24 . 2010-04-30 14:53 252928 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-08-04 20:24 . 2010-03-25 08:08 120704 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-08-04 20:24 . 2010-03-20 10:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-08-04 20:24 . 2010-01-18 16:48 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-08-04 20:24 . 2010-03-20 09:56 114560 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-08-04 20:01 . 2012-08-04 20:01 -------- d-----w- c:\programdata\MTN Online
2012-08-04 20:01 . 2012-08-04 19:58 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-08-04 20:01 . 2012-08-04 19:58 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-27 13:14 . 2012-08-05 10:38 -------- d-----w- c:\program files (x86)\Citrix
2012-07-22 21:42 . 2012-07-22 21:42 -------- d-----w- c:\users\Kyra\AppData\Local\Macromedia
2012-07-22 21:39 . 2012-07-23 03:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 14:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 14:14 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-13 14:13 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-13 14:13 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-13 14:13 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 14:13 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-13 14:13 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 14:13 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-13 14:13 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 03:20 . 2011-06-06 16:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 14:17 . 2011-06-09 00:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-07-03 12:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-03 12:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-03 12:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-03 12:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-03 12:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-03 12:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-03 12:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-03 12:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-07-03 12:47 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-16 12:53 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-16 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-12-23 491650]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"PdxRegCl"="c:\program files (x86)\Paradox\Programs\PdxRegCl.exe" [2004-06-14 49152]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-16 1107552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\Kyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kyra\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 BandLuxe_Service;BandLuxe Service;c:\program files (x86)\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2009-07-23 116960]
R2 BLUETOOTH DEVICE MONITOR;BLUETOOTH DEVICE MONITOR;c:\program files (x86)\INTEL\BLUETOOTH\DEVMONSRV.EXE [2011-01-24 901184]
R2 BLUETOOTH OBEX SERVICE;BLUETOOTH OBEX SERVICE;c:\program files (x86)\INTEL\BLUETOOTH\OBEXSRV.EXE [2011-01-24 991296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-16 935008]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 BLUETOOTH MEDIA SERVICE;BLUETOOTH MEDIA SERVICE;c:\program files (x86)\INTEL\BLUETOOTH\MEDIASRV.EXE [2011-01-24 1298496]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [2008-12-23 119296]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-09-10 176096]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 252928]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-09-09 122752]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-09-09 122752]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-09-09 122752]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2010-05-22 78848]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2010-05-22 29696]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2010-05-22 195584]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-03 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-08 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-03-17 104960]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-03-10 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-03-24 62464]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1949429700-2666389791-3451925955-1001Core.job
- c:\users\Kyra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 20:13]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1949429700-2666389791-3451925955-1001UA.job
- c:\users\Kyra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 20:13]
.
2012-08-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-08-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-03-10 2364928]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-03-10 2351104]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-26 6611560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-24 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-31 4500128]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kyra\AppData\Roaming\Mozilla\Firefox\Profiles\rb1hng7u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=150&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.http - http://www.up.ac.za/proxy.pac1
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-bflixtoolbar - c:\program files (x86)\bflixtoolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 21:08:29
ComboFix-quarantined-files.txt 2012-08-05 19:08
.
Pre-Run: 117,218,963,456 bytes free
Post-Run: 116,477,399,040 bytes free
.
- - End Of File - - B98DD5E111A7F6605FBF377DD27D1571

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 05 August 2012 - 03:45 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 06 August 2012 - 12:49 AM

Tdsskiller log:


06:59:35.0727 4036 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
06:59:37.0739 4036 ============================================================
06:59:37.0739 4036 Current date / time: 2012/08/06 06:59:37.0739
06:59:37.0739 4036 SystemInfo:
06:59:37.0739 4036
06:59:37.0739 4036 OS Version: 6.1.7601 ServicePack: 1.0
06:59:37.0739 4036 Product type: Workstation
06:59:37.0739 4036 ComputerName: KYRA15Z
06:59:37.0739 4036 UserName: Kyra
06:59:37.0739 4036 Windows directory: C:\Windows
06:59:37.0739 4036 System windows directory: C:\Windows
06:59:37.0739 4036 Running under WOW64
06:59:37.0739 4036 Processor architecture: Intel x64
06:59:37.0739 4036 Number of processors: 4
06:59:37.0739 4036 Page size: 0x1000
06:59:37.0739 4036 Boot type: Normal boot
06:59:37.0739 4036 ============================================================
06:59:38.0270 4036 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:59:38.0301 4036 ============================================================
06:59:38.0301 4036 \Device\Harddisk0\DR0:
06:59:38.0301 4036 MBR partitions:
06:59:38.0301 4036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000
06:59:38.0301 4036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x38606830
06:59:38.0301 4036 ============================================================
06:59:38.0332 4036 C: <-> \Device\Harddisk0\DR0\Partition1
06:59:38.0332 4036 ============================================================
06:59:38.0332 4036 Initialize success
06:59:38.0332 4036 ============================================================
06:59:43.0763 4364 ============================================================
06:59:43.0763 4364 Scan started
06:59:43.0763 4364 Mode: Manual;
06:59:43.0763 4364 ============================================================
06:59:44.0668 4364 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:59:44.0668 4364 1394ohci - ok
06:59:44.0730 4364 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
06:59:44.0730 4364 Acceler - ok
06:59:44.0792 4364 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:59:44.0792 4364 ACPI - ok
06:59:44.0808 4364 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:59:44.0808 4364 AcpiPmi - ok
06:59:44.0855 4364 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
06:59:44.0855 4364 adfs - ok
06:59:44.0980 4364 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:59:44.0980 4364 AdobeARMservice - ok
06:59:45.0058 4364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
06:59:45.0073 4364 adp94xx - ok
06:59:45.0151 4364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
06:59:45.0167 4364 adpahci - ok
06:59:45.0198 4364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
06:59:45.0214 4364 adpu320 - ok
06:59:45.0416 4364 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
06:59:45.0416 4364 AeLookupSvc - ok
06:59:45.0541 4364 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
06:59:45.0541 4364 AERTFilters - ok
06:59:45.0635 4364 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
06:59:45.0650 4364 AFD - ok
06:59:45.0697 4364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:59:45.0713 4364 agp440 - ok
06:59:45.0760 4364 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
06:59:45.0760 4364 ALG - ok
06:59:45.0791 4364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:59:45.0791 4364 aliide - ok
06:59:45.0806 4364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:59:45.0806 4364 amdide - ok
06:59:45.0822 4364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
06:59:45.0822 4364 AmdK8 - ok
06:59:45.0838 4364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
06:59:45.0838 4364 AmdPPM - ok
06:59:45.0884 4364 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:59:45.0900 4364 amdsata - ok
06:59:45.0947 4364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
06:59:45.0962 4364 amdsbs - ok
06:59:45.0994 4364 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:59:45.0994 4364 amdxata - ok
06:59:46.0040 4364 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:59:46.0040 4364 AppID - ok
06:59:46.0072 4364 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
06:59:46.0072 4364 AppIDSvc - ok
06:59:46.0134 4364 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
06:59:46.0134 4364 Appinfo - ok
06:59:46.0321 4364 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:59:46.0321 4364 Apple Mobile Device - ok
06:59:46.0415 4364 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
06:59:46.0415 4364 arc - ok
06:59:46.0430 4364 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
06:59:46.0446 4364 arcsas - ok
06:59:46.0571 4364 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
06:59:46.0571 4364 aspnet_state - ok
06:59:46.0602 4364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:59:46.0602 4364 AsyncMac - ok
06:59:46.0633 4364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:59:46.0633 4364 atapi - ok
06:59:46.0805 4364 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:59:46.0820 4364 AudioEndpointBuilder - ok
06:59:46.0836 4364 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
06:59:46.0852 4364 AudioSrv - ok
06:59:47.0148 4364 AVG Security Toolbar Service (124d235185004f699faf115ebd85733e) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
06:59:47.0164 4364 AVG Security Toolbar Service - ok
06:59:48.0302 4364 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
06:59:48.0334 4364 AVGIDSAgent - ok
06:59:48.0599 4364 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
06:59:48.0599 4364 AVGIDSDriver - ok
06:59:48.0630 4364 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
06:59:48.0630 4364 AVGIDSFilter - ok
06:59:48.0708 4364 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
06:59:48.0708 4364 AVGIDSHA - ok
06:59:48.0833 4364 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
06:59:48.0833 4364 Avgldx64 - ok
06:59:48.0926 4364 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
06:59:48.0926 4364 Avgmfx64 - ok
06:59:49.0020 4364 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
06:59:49.0020 4364 Avgrkx64 - ok
06:59:49.0114 4364 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
06:59:49.0129 4364 Avgtdia - ok
06:59:49.0582 4364 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
06:59:49.0582 4364 avgwd - ok
06:59:49.0660 4364 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
06:59:49.0675 4364 AxInstSV - ok
06:59:49.0784 4364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
06:59:49.0800 4364 b06bdrv - ok
06:59:50.0003 4364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:59:50.0003 4364 b57nd60a - ok
06:59:50.0221 4364 BandLuxe_Service (4b4b7d997eabc2c000c12f46a7d6a1f9) C:\Program Files (x86)\BandRich\BandLuxe HSDPA Utility R11\BRService.exe
06:59:50.0221 4364 BandLuxe_Service - ok
06:59:50.0299 4364 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
06:59:50.0315 4364 BDESVC - ok
06:59:50.0330 4364 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:59:50.0330 4364 Beep - ok
06:59:50.0549 4364 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
06:59:50.0564 4364 BFE - ok
06:59:50.0689 4364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
06:59:50.0705 4364 blbdrive - ok
06:59:51.0126 4364 BLUETOOTH DEVICE MONITOR (c440483a5ce0e0ab03a79a33ace35d91) C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\DEVMONSRV.EXE
06:59:51.0142 4364 BLUETOOTH DEVICE MONITOR - ok
06:59:51.0266 4364 BLUETOOTH MEDIA SERVICE (c8ab8ca3557cce041ac4c88e76afbad0) C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\MEDIASRV.EXE
06:59:51.0282 4364 BLUETOOTH MEDIA SERVICE - ok
06:59:51.0532 4364 BLUETOOTH OBEX SERVICE (df83fb0eb35c91339f1c84c6cf426100) C:\PROGRAM FILES (X86)\INTEL\BLUETOOTH\OBEXSRV.EXE
06:59:51.0547 4364 BLUETOOTH OBEX SERVICE - ok
06:59:52.0421 4364 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
06:59:52.0421 4364 Bonjour Service - ok
06:59:52.0826 4364 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:59:52.0826 4364 bowser - ok
06:59:52.0920 4364 br3gmdm (f2fca3d8e9d1d5c005c1f8b058bfa217) C:\Windows\system32\DRIVERS\br3gmdm.sys
06:59:52.0920 4364 br3gmdm - ok
06:59:52.0982 4364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
06:59:52.0998 4364 BrFiltLo - ok
06:59:52.0998 4364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
06:59:52.0998 4364 BrFiltUp - ok
06:59:53.0060 4364 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
06:59:53.0060 4364 BridgeMP - ok
06:59:53.0138 4364 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
06:59:53.0138 4364 Browser - ok
06:59:53.0170 4364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:59:53.0201 4364 Brserid - ok
06:59:53.0263 4364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:59:53.0263 4364 BrSerWdm - ok
06:59:53.0294 4364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:59:53.0294 4364 BrUsbMdm - ok
06:59:53.0294 4364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:59:53.0310 4364 BrUsbSer - ok
06:59:53.0372 4364 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
06:59:53.0388 4364 BthEnum - ok
06:59:53.0450 4364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
06:59:53.0466 4364 BTHMODEM - ok
06:59:53.0528 4364 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
06:59:53.0528 4364 BthPan - ok
06:59:53.0716 4364 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
06:59:53.0731 4364 BTHPORT - ok
06:59:53.0809 4364 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
06:59:53.0809 4364 bthserv - ok
06:59:53.0856 4364 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
06:59:53.0872 4364 BTHUSB - ok
06:59:53.0918 4364 btmaux (ba554bfcbf21201d310738a42c9c19e1) C:\Windows\system32\DRIVERS\btmaux.sys
06:59:53.0918 4364 btmaux - ok
06:59:54.0106 4364 btmhsf (40c6fec49d1cc4d112368a2bcd2bcbb7) C:\Windows\system32\DRIVERS\btmhsf.sys
06:59:54.0137 4364 btmhsf - ok
06:59:54.0168 4364 catchme - ok
06:59:54.0215 4364 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:59:54.0215 4364 cdfs - ok
06:59:54.0277 4364 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:59:54.0293 4364 cdrom - ok
06:59:54.0340 4364 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
06:59:54.0340 4364 CertPropSvc - ok
06:59:54.0418 4364 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
06:59:54.0433 4364 cfwids - ok
06:59:54.0496 4364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
06:59:54.0511 4364 circlass - ok
06:59:54.0589 4364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:59:54.0589 4364 CLFS - ok
06:59:54.0745 4364 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:59:54.0761 4364 clr_optimization_v2.0.50727_32 - ok
06:59:54.0839 4364 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:59:54.0870 4364 clr_optimization_v2.0.50727_64 - ok
06:59:55.0026 4364 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:59:55.0042 4364 clr_optimization_v4.0.30319_32 - ok
06:59:55.0166 4364 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:59:55.0166 4364 clr_optimization_v4.0.30319_64 - ok
06:59:55.0213 4364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
06:59:55.0229 4364 CmBatt - ok
06:59:55.0244 4364 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:59:55.0244 4364 cmdide - ok
06:59:55.0354 4364 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
06:59:55.0369 4364 CNG - ok
06:59:55.0416 4364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
06:59:55.0416 4364 Compbatt - ok
06:59:55.0447 4364 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
06:59:55.0447 4364 CompositeBus - ok
06:59:55.0463 4364 COMSysApp - ok
06:59:55.0494 4364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
06:59:55.0494 4364 crcdisk - ok
06:59:55.0790 4364 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
06:59:55.0790 4364 CryptSvc - ok
06:59:55.0853 4364 CtClsFlt (58cb536da016641c9d24d183197f6dbf) C:\Windows\system32\DRIVERS\CtClsFlt.sys
06:59:55.0868 4364 CtClsFlt - ok
06:59:55.0931 4364 cyhid (4d6f3baab386f3bc89ca934d50882f18) C:\Windows\system32\DRIVERS\cyhid.sys
06:59:55.0946 4364 cyhid - ok
06:59:55.0993 4364 cykbfltrService (c55a4130a0fa401a4dd0579e65189602) C:\Windows\system32\DRIVERS\cykbfltr.sys
06:59:55.0993 4364 cykbfltrService - ok
06:59:56.0040 4364 cymfltrService (64cc1e6cc5eedba636aa51ac595edc64) C:\Windows\system32\DRIVERS\cymfltr.sys
06:59:56.0056 4364 cymfltrService - ok
06:59:56.0134 4364 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
06:59:56.0134 4364 DcomLaunch - ok
06:59:56.0414 4364 DCService.exe (cc8b5c964b777f4ec3e89f13b4b5ff0f) C:\ProgramData\DatacardService\DCService.exe
06:59:56.0430 4364 DCService.exe - ok
06:59:56.0555 4364 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
06:59:56.0570 4364 defragsvc - ok
06:59:56.0633 4364 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:59:56.0633 4364 DfsC - ok
06:59:56.0695 4364 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
06:59:56.0711 4364 Dhcp - ok
06:59:56.0711 4364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:59:56.0726 4364 discache - ok
06:59:56.0804 4364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
06:59:56.0804 4364 Disk - ok
06:59:56.0867 4364 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
06:59:56.0867 4364 Dnscache - ok
06:59:56.0960 4364 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
06:59:56.0976 4364 dot3svc - ok
06:59:56.0992 4364 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
06:59:57.0007 4364 DPS - ok
06:59:57.0054 4364 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:59:57.0070 4364 drmkaud - ok
06:59:57.0132 4364 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:59:57.0163 4364 DXGKrnl - ok
06:59:57.0179 4364 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
06:59:57.0179 4364 EapHost - ok
06:59:57.0553 4364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
06:59:57.0662 4364 ebdrv - ok
06:59:57.0803 4364 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
06:59:57.0803 4364 EFS - ok
06:59:57.0974 4364 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
06:59:58.0037 4364 ehRecvr - ok
06:59:58.0084 4364 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
06:59:58.0084 4364 ehSched - ok
06:59:58.0224 4364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
06:59:58.0255 4364 elxstor - ok
06:59:58.0255 4364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:59:58.0271 4364 ErrDev - ok
06:59:58.0427 4364 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
06:59:58.0442 4364 EventSystem - ok
06:59:58.0801 4364 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
06:59:58.0832 4364 EvtEng - ok
06:59:59.0066 4364 ewusbnet (da7cef9ffbbd6498df106bcab84eb10a) C:\Windows\system32\DRIVERS\ewusbnet.sys
06:59:59.0066 4364 ewusbnet - ok
06:59:59.0238 4364 ew_hwusbdev (e2cbb821c7cae0ef8b56de28ed85c740) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
06:59:59.0238 4364 ew_hwusbdev - ok
06:59:59.0285 4364 ew_usbenumfilter (55e0eda185869f7ea67ea97fd0655b39) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
06:59:59.0285 4364 ew_usbenumfilter - ok
06:59:59.0425 4364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:59:59.0441 4364 exfat - ok
06:59:59.0472 4364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:59:59.0472 4364 fastfat - ok
06:59:59.0550 4364 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
06:59:59.0566 4364 Fax - ok
06:59:59.0597 4364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
06:59:59.0597 4364 fdc - ok
06:59:59.0659 4364 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
06:59:59.0659 4364 fdPHost - ok
06:59:59.0659 4364 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
06:59:59.0675 4364 FDResPub - ok
06:59:59.0722 4364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:59:59.0722 4364 FileInfo - ok
06:59:59.0753 4364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:59:59.0753 4364 Filetrace - ok
06:59:59.0862 4364 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:59:59.0893 4364 FLEXnet Licensing Service - ok
06:59:59.0909 4364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
06:59:59.0909 4364 flpydisk - ok
06:59:59.0956 4364 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:59:59.0956 4364 FltMgr - ok
07:00:00.0065 4364 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
07:00:00.0080 4364 FontCache - ok
07:00:00.0205 4364 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:00:00.0205 4364 FontCache3.0.0.0 - ok
07:00:00.0268 4364 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
07:00:00.0268 4364 FsDepends - ok
07:00:00.0299 4364 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
07:00:00.0299 4364 Fs_Rec - ok
07:00:00.0361 4364 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
07:00:00.0361 4364 fvevol - ok
07:00:00.0424 4364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
07:00:00.0424 4364 gagp30kx - ok
07:00:00.0470 4364 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:00:00.0470 4364 GEARAspiWDM - ok
07:00:00.0658 4364 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
07:00:00.0673 4364 gpsvc - ok
07:00:01.0141 4364 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:00:01.0157 4364 gusvc - ok
07:00:01.0188 4364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
07:00:01.0188 4364 hcw85cir - ok
07:00:01.0250 4364 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
07:00:01.0250 4364 HDAudBus - ok
07:00:01.0266 4364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
07:00:01.0266 4364 HidBatt - ok
07:00:01.0313 4364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
07:00:01.0328 4364 HidBth - ok
07:00:01.0375 4364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
07:00:01.0375 4364 HidIr - ok
07:00:01.0406 4364 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
07:00:01.0406 4364 hidserv - ok
07:00:01.0453 4364 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
07:00:01.0453 4364 HidUsb - ok
07:00:01.0484 4364 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
07:00:01.0484 4364 hkmsvc - ok
07:00:01.0516 4364 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
07:00:01.0516 4364 HomeGroupListener - ok
07:00:01.0562 4364 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
07:00:01.0578 4364 HomeGroupProvider - ok
07:00:01.0609 4364 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
07:00:01.0609 4364 HpSAMD - ok
07:00:01.0672 4364 HSPADataCardusbmdm (77b227f7171b882ed78835e94860ec17) C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
07:00:01.0672 4364 HSPADataCardusbmdm - ok
07:00:01.0718 4364 HSPADataCardusbnmea (77b227f7171b882ed78835e94860ec17) C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
07:00:01.0734 4364 HSPADataCardusbnmea - ok
07:00:01.0781 4364 HSPADataCardusbser (77b227f7171b882ed78835e94860ec17) C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
07:00:01.0781 4364 HSPADataCardusbser - ok
07:00:01.0859 4364 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
07:00:01.0874 4364 HTTP - ok
07:00:01.0937 4364 huawei_cdcacm (51921452b029dc057ec50e1a24429834) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
07:00:01.0937 4364 huawei_cdcacm - ok
07:00:01.0984 4364 huawei_enumerator (6dbd08bc1331c78548298e82c4b667c5) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
07:00:01.0984 4364 huawei_enumerator - ok
07:00:01.0999 4364 huawei_ext_ctrl (a3a362fd26482d52e383e30394a967f7) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
07:00:01.0999 4364 huawei_ext_ctrl - ok
07:00:02.0030 4364 huawei_wwanecm (1e1fec9867ca3206881558be49f10051) C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
07:00:02.0046 4364 huawei_wwanecm - ok
07:00:02.0077 4364 hwdatacard (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
07:00:02.0077 4364 hwdatacard - ok
07:00:02.0093 4364 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
07:00:02.0093 4364 hwpolicy - ok
07:00:02.0202 4364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
07:00:02.0202 4364 i8042prt - ok
07:00:02.0264 4364 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
07:00:02.0264 4364 iaStor - ok
07:00:02.0342 4364 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
07:00:02.0358 4364 iaStorV - ok
07:00:02.0436 4364 iBtFltCoex (fc47f5cf561bf0fd897efd1a9604dccf) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
07:00:02.0436 4364 iBtFltCoex - ok
07:00:02.0592 4364 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:00:02.0623 4364 idsvc - ok
07:00:04.0152 4364 igfx (66dc0ce2d1867b8178eaa0e11930dbd7) C:\Windows\system32\DRIVERS\igdkmd64.sys
07:00:04.0402 4364 igfx - ok
07:00:04.0714 4364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
07:00:04.0729 4364 iirsp - ok
07:00:04.0823 4364 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
07:00:04.0854 4364 IKEEXT - ok
07:00:04.0932 4364 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
07:00:04.0948 4364 Impcd - ok
07:00:05.0385 4364 IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
07:00:05.0400 4364 IntcAzAudAddService - ok
07:00:05.0603 4364 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
07:00:05.0603 4364 IntcDAud - ok
07:00:05.0634 4364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
07:00:05.0634 4364 intelide - ok
07:00:05.0665 4364 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
07:00:05.0665 4364 intelppm - ok
07:00:05.0712 4364 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
07:00:05.0712 4364 IPBusEnum - ok
07:00:05.0775 4364 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:00:05.0790 4364 IpFilterDriver - ok
07:00:05.0915 4364 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
07:00:05.0931 4364 iphlpsvc - ok
07:00:05.0962 4364 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
07:00:05.0977 4364 IPMIDRV - ok
07:00:05.0993 4364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
07:00:06.0009 4364 IPNAT - ok
07:00:06.0399 4364 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
07:00:06.0414 4364 iPod Service - ok
07:00:06.0477 4364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
07:00:06.0477 4364 IRENUM - ok
07:00:06.0492 4364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
07:00:06.0492 4364 isapnp - ok
07:00:06.0508 4364 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
07:00:06.0508 4364 iScsiPrt - ok
07:00:06.0586 4364 JMCR (43f319de026e04b9cf9219a14bf24fe8) C:\Windows\system32\DRIVERS\jmcr.sys
07:00:06.0601 4364 JMCR - ok
07:00:06.0726 4364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
07:00:06.0726 4364 kbdclass - ok
07:00:06.0789 4364 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
07:00:06.0789 4364 kbdhid - ok
07:00:06.0882 4364 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:00:06.0882 4364 KeyIso - ok
07:00:07.0194 4364 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
07:00:07.0194 4364 KSecDD - ok
07:00:07.0459 4364 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
07:00:07.0459 4364 KSecPkg - ok
07:00:07.0537 4364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
07:00:07.0553 4364 ksthunk - ok
07:00:07.0615 4364 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
07:00:07.0647 4364 KtmRm - ok
07:00:07.0725 4364 L1C (0219f13ab1664005adcba884c0eb975e) C:\Windows\system32\DRIVERS\L1C62x64.sys
07:00:07.0725 4364 L1C - ok
07:00:07.0803 4364 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
07:00:07.0803 4364 LanmanServer - ok
07:00:07.0959 4364 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
07:00:07.0959 4364 LanmanWorkstation - ok
07:00:08.0021 4364 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
07:00:08.0021 4364 lltdio - ok
07:00:08.0115 4364 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
07:00:08.0130 4364 lltdsvc - ok
07:00:08.0146 4364 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
07:00:08.0146 4364 lmhosts - ok
07:00:08.0489 4364 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:00:08.0489 4364 LMS - ok
07:00:08.0551 4364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
07:00:08.0551 4364 LSI_FC - ok
07:00:08.0567 4364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
07:00:08.0583 4364 LSI_SAS - ok
07:00:08.0583 4364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
07:00:08.0583 4364 LSI_SAS2 - ok
07:00:08.0598 4364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
07:00:08.0598 4364 LSI_SCSI - ok
07:00:08.0614 4364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
07:00:08.0614 4364 luafv - ok
07:00:08.0785 4364 McAWFwk (b6bd99c3e23507a732c474caa620c0d7) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
07:00:08.0801 4364 McAWFwk - ok
07:00:08.0848 4364 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
07:00:08.0848 4364 McMPFSvc - ok
07:00:08.0879 4364 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
07:00:08.0895 4364 mcmscsvc - ok
07:00:08.0910 4364 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
07:00:08.0910 4364 McNaiAnn - ok
07:00:08.0941 4364 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
07:00:08.0941 4364 McNASvc - ok
07:00:09.0129 4364 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe
07:00:09.0129 4364 McODS - ok
07:00:09.0144 4364 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
07:00:09.0144 4364 McOobeSv - ok
07:00:09.0160 4364 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
07:00:09.0160 4364 McProxy - ok
07:00:09.0222 4364 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
07:00:09.0222 4364 McShield - ok
07:00:09.0487 4364 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
07:00:09.0487 4364 Mcx2Svc - ok
07:00:09.0534 4364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
07:00:09.0550 4364 megasas - ok
07:00:09.0581 4364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
07:00:09.0597 4364 MegaSR - ok
07:00:09.0659 4364 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
07:00:09.0659 4364 MEIx64 - ok
07:00:09.0877 4364 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
07:00:09.0877 4364 mfeapfk - ok
07:00:10.0049 4364 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
07:00:10.0049 4364 mfeavfk - ok
07:00:10.0111 4364 mfeavfk01 - ok
07:00:10.0174 4364 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
07:00:10.0174 4364 mfefire - ok
07:00:10.0267 4364 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
07:00:10.0283 4364 mfefirek - ok
07:00:10.0470 4364 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
07:00:10.0486 4364 mfehidk - ok
07:00:10.0501 4364 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
07:00:10.0501 4364 mfenlfk - ok
07:00:10.0533 4364 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
07:00:10.0548 4364 mferkdet - ok
07:00:10.0626 4364 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
07:00:10.0626 4364 mfevtp - ok
07:00:10.0689 4364 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
07:00:10.0704 4364 mfewfpk - ok
07:00:10.0767 4364 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:00:10.0782 4364 MMCSS - ok
07:00:10.0813 4364 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
07:00:10.0813 4364 Modem - ok
07:00:10.0891 4364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
07:00:10.0891 4364 monitor - ok
07:00:10.0954 4364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
07:00:10.0954 4364 mouclass - ok
07:00:11.0016 4364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
07:00:11.0016 4364 mouhid - ok
07:00:11.0047 4364 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
07:00:11.0047 4364 mountmgr - ok
07:00:11.0157 4364 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:00:11.0157 4364 MozillaMaintenance - ok
07:00:11.0203 4364 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
07:00:11.0203 4364 mpio - ok
07:00:11.0235 4364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
07:00:11.0250 4364 mpsdrv - ok
07:00:11.0391 4364 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
07:00:11.0406 4364 MpsSvc - ok
07:00:11.0578 4364 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
07:00:11.0593 4364 MRxDAV - ok
07:00:11.0640 4364 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
07:00:11.0640 4364 mrxsmb - ok
07:00:12.0061 4364 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:00:12.0077 4364 mrxsmb10 - ok
07:00:12.0217 4364 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:00:12.0233 4364 mrxsmb20 - ok
07:00:12.0311 4364 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
07:00:12.0311 4364 msahci - ok
07:00:12.0342 4364 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
07:00:12.0358 4364 msdsm - ok
07:00:12.0405 4364 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
07:00:12.0420 4364 MSDTC - ok
07:00:12.0436 4364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
07:00:12.0451 4364 Msfs - ok
07:00:12.0483 4364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
07:00:12.0498 4364 mshidkmdf - ok
07:00:12.0514 4364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
07:00:12.0514 4364 msisadrv - ok
07:00:12.0576 4364 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
07:00:12.0576 4364 MSiSCSI - ok
07:00:12.0576 4364 msiserver - ok
07:00:13.0465 4364 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
07:00:13.0481 4364 MSK80Service - ok
07:00:13.0528 4364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
07:00:13.0528 4364 MSKSSRV - ok
07:00:13.0559 4364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
07:00:13.0559 4364 MSPCLOCK - ok
07:00:13.0575 4364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
07:00:13.0575 4364 MSPQM - ok
07:00:13.0653 4364 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
07:00:13.0653 4364 MsRPC - ok
07:00:13.0668 4364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
07:00:13.0668 4364 mssmbios - ok
07:00:13.0684 4364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
07:00:13.0699 4364 MSTEE - ok
07:00:13.0699 4364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
07:00:13.0699 4364 MTConfig - ok
07:00:13.0715 4364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
07:00:13.0715 4364 Mup - ok
07:00:13.0824 4364 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
07:00:13.0840 4364 MyWiFiDHCPDNS - ok
07:00:13.0887 4364 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
07:00:13.0902 4364 napagent - ok
07:00:13.0996 4364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
07:00:13.0996 4364 NativeWifiP - ok
07:00:14.0136 4364 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
07:00:14.0152 4364 NDIS - ok
07:00:14.0183 4364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
07:00:14.0183 4364 NdisCap - ok
07:00:14.0214 4364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
07:00:14.0214 4364 NdisTapi - ok
07:00:14.0245 4364 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
07:00:14.0245 4364 Ndisuio - ok
07:00:14.0261 4364 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
07:00:14.0277 4364 NdisWan - ok
07:00:14.0308 4364 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
07:00:14.0308 4364 NDProxy - ok
07:00:14.0323 4364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
07:00:14.0323 4364 NetBIOS - ok
07:00:14.0370 4364 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
07:00:14.0370 4364 NetBT - ok
07:00:14.0417 4364 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:00:14.0417 4364 Netlogon - ok
07:00:14.0495 4364 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
07:00:14.0511 4364 Netman - ok
07:00:14.0604 4364 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:00:14.0604 4364 NetMsmqActivator - ok
07:00:14.0620 4364 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:00:14.0620 4364 NetPipeActivator - ok
07:00:14.0667 4364 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
07:00:14.0667 4364 netprofm - ok
07:00:14.0682 4364 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:00:14.0682 4364 NetTcpActivator - ok
07:00:14.0682 4364 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:00:14.0698 4364 NetTcpPortSharing - ok
07:00:17.0724 4364 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
07:00:17.0865 4364 NETwNs64 - ok
07:00:18.0473 4364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
07:00:18.0489 4364 nfrd960 - ok
07:00:18.0629 4364 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
07:00:18.0629 4364 NlaSvc - ok
07:00:18.0676 4364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
07:00:18.0691 4364 Npfs - ok
07:00:18.0723 4364 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
07:00:18.0723 4364 nsi - ok
07:00:18.0801 4364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
07:00:18.0801 4364 nsiproxy - ok
07:00:18.0925 4364 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
07:00:18.0941 4364 Ntfs - ok
07:00:19.0955 4364 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
07:00:19.0955 4364 Null - ok
07:00:20.0017 4364 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys
07:00:20.0033 4364 nusb3hub - ok
07:00:20.0095 4364 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys
07:00:20.0095 4364 nusb3xhc - ok
07:00:20.0158 4364 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
07:00:20.0158 4364 NVHDA - ok
07:00:23.0715 4364 nvlddmkm (5b87b16d2781982e32bab6d359034c37) C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:00:23.0777 4364 nvlddmkm - ok
07:00:24.0370 4364 nvpciflt (0fb06978e39d3b2bb02d616b71a718dc) C:\Windows\system32\DRIVERS\nvpciflt.sys
07:00:24.0370 4364 nvpciflt - ok
07:00:24.0448 4364 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
07:00:24.0448 4364 nvraid - ok
07:00:24.0495 4364 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
07:00:24.0510 4364 nvstor - ok
07:00:24.0604 4364 NVSvc (e0978d69d66403beb006bed61b27b883) C:\Windows\system32\nvvsvc.exe
07:00:24.0619 4364 NVSvc - ok
07:00:25.0618 4364 nvUpdatusService (dc49ec481397457aea7d094383c0e1b6) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
07:00:25.0649 4364 nvUpdatusService - ok
07:00:26.0788 4364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
07:00:26.0788 4364 nv_agp - ok
07:00:26.0803 4364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
07:00:26.0819 4364 ohci1394 - ok
07:00:27.0193 4364 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:00:27.0225 4364 ose - ok
07:00:28.0831 4364 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:00:28.0987 4364 osppsvc - ok
07:00:30.0048 4364 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:00:30.0048 4364 p2pimsvc - ok
07:00:30.0579 4364 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
07:00:30.0610 4364 p2psvc - ok
07:00:30.0766 4364 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
07:00:30.0766 4364 Parport - ok
07:00:30.0906 4364 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
07:00:30.0906 4364 partmgr - ok
07:00:31.0047 4364 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
07:00:31.0047 4364 PcaSvc - ok
07:00:31.0405 4364 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
07:00:31.0405 4364 pci - ok
07:00:31.0483 4364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
07:00:31.0483 4364 pciide - ok
07:00:31.0530 4364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
07:00:31.0546 4364 pcmcia - ok
07:00:31.0561 4364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
07:00:31.0561 4364 pcw - ok
07:00:31.0639 4364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
07:00:31.0655 4364 PEAUTH - ok
07:00:32.0607 4364 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
07:00:32.0622 4364 PerfHost - ok
07:00:32.0825 4364 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
07:00:32.0872 4364 pla - ok
07:00:33.0574 4364 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
07:00:33.0574 4364 PlugPlay - ok
07:00:33.0667 4364 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
07:00:33.0699 4364 PNRPAutoReg - ok
07:00:33.0714 4364 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
07:00:33.0730 4364 PNRPsvc - ok
07:00:34.0557 4364 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
07:00:34.0588 4364 PolicyAgent - ok
07:00:34.0650 4364 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
07:00:34.0650 4364 Power - ok
07:00:34.0775 4364 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
07:00:34.0775 4364 PptpMiniport - ok
07:00:34.0806 4364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
07:00:34.0822 4364 Processor - ok
07:00:34.0869 4364 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
07:00:34.0869 4364 ProfSvc - ok
07:00:34.0947 4364 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:00:34.0947 4364 ProtectedStorage - ok
07:00:35.0009 4364 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
07:00:35.0025 4364 Psched - ok
07:00:35.0165 4364 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
07:00:35.0165 4364 PxHlpa64 - ok
07:00:35.0290 4364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
07:00:35.0337 4364 ql2300 - ok
07:00:35.0742 4364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
07:00:35.0742 4364 ql40xx - ok
07:00:35.0805 4364 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
07:00:35.0820 4364 QWAVE - ok
07:00:35.0836 4364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
07:00:35.0836 4364 QWAVEdrv - ok
07:00:35.0851 4364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
07:00:35.0851 4364 RasAcd - ok
07:00:35.0867 4364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
07:00:35.0883 4364 RasAgileVpn - ok
07:00:35.0976 4364 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
07:00:35.0976 4364 RasAuto - ok
07:00:36.0007 4364 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
07:00:36.0007 4364 Rasl2tp - ok
07:00:36.0085 4364 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
07:00:36.0085 4364 RasMan - ok
07:00:36.0117 4364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
07:00:36.0117 4364 RasPppoe - ok
07:00:36.0163 4364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
07:00:36.0163 4364 RasSstp - ok
07:00:36.0195 4364 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
07:00:36.0210 4364 rdbss - ok
07:00:36.0226 4364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
07:00:36.0226 4364 rdpbus - ok
07:00:36.0273 4364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
07:00:36.0273 4364 RDPCDD - ok
07:00:36.0288 4364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
07:00:36.0288 4364 RDPENCDD - ok
07:00:36.0304 4364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
07:00:36.0304 4364 RDPREFMP - ok
07:00:36.0366 4364 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
07:00:36.0366 4364 RDPWD - ok
07:00:36.0444 4364 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
07:00:36.0444 4364 rdyboost - ok
07:00:36.0787 4364 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:00:36.0787 4364 RegSrvc - ok
07:00:36.0834 4364 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
07:00:36.0850 4364 RemoteAccess - ok
07:00:36.0865 4364 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
07:00:36.0881 4364 RemoteRegistry - ok
07:00:37.0271 4364 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
07:00:37.0318 4364 RFCOMM - ok
07:00:38.0629 4364 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
07:00:38.0692 4364 RoxMediaDB12OEM - ok
07:00:38.0770 4364 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
07:00:38.0770 4364 RoxWatch12 - ok
07:00:39.0612 4364 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
07:00:39.0612 4364 RpcEptMapper - ok
07:00:39.0659 4364 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
07:00:39.0674 4364 RpcLocator - ok
07:00:39.0737 4364 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
07:00:39.0752 4364 RpcSs - ok
07:00:40.0018 4364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
07:00:40.0018 4364 rspndr - ok
07:00:40.0127 4364 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:00:40.0127 4364 SamSs - ok
07:00:40.0330 4364 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
07:00:40.0361 4364 sbp2port - ok
07:00:40.0392 4364 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
07:00:40.0408 4364 SCardSvr - ok
07:00:40.0532 4364 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
07:00:40.0564 4364 scfilter - ok
07:00:40.0829 4364 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
07:00:40.0844 4364 Schedule - ok
07:00:41.0141 4364 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:00:41.0141 4364 SCPolicySvc - ok
07:00:41.0203 4364 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
07:00:41.0219 4364 sdbus - ok
07:00:41.0250 4364 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
07:00:41.0266 4364 SDRSVC - ok
07:00:41.0344 4364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
07:00:41.0344 4364 secdrv - ok
07:00:41.0437 4364 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
07:00:41.0437 4364 seclogon - ok
07:00:41.0468 4364 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
07:00:41.0484 4364 SENS - ok
07:00:41.0515 4364 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
07:00:41.0515 4364 SensrSvc - ok
07:00:41.0562 4364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
07:00:41.0562 4364 Serenum - ok
07:00:41.0593 4364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
07:00:41.0593 4364 Serial - ok
07:00:41.0609 4364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
07:00:41.0609 4364 sermouse - ok
07:00:41.0656 4364 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
07:00:41.0656 4364 SessionEnv - ok
07:00:41.0671 4364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
07:00:41.0671 4364 sffdisk - ok
07:00:41.0671 4364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
07:00:41.0671 4364 sffp_mmc - ok
07:00:41.0671 4364 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
07:00:41.0671 4364 sffp_sd - ok
07:00:41.0687 4364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
07:00:41.0687 4364 sfloppy - ok
07:00:42.0607 4364 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
07:00:42.0638 4364 SftService - ok
07:00:43.0372 4364 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
07:00:43.0387 4364 SharedAccess - ok
07:00:43.0574 4364 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
07:00:43.0590 4364 ShellHWDetection - ok
07:00:43.0684 4364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
07:00:43.0684 4364 SiSRaid2 - ok
07:00:43.0699 4364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
07:00:43.0699 4364 SiSRaid4 - ok
07:00:44.0183 4364 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe
07:00:44.0198 4364 SkypeUpdate - ok
07:00:44.0276 4364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
07:00:44.0276 4364 Smb - ok
07:00:44.0339 4364 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
07:00:44.0354 4364 SNMPTRAP - ok
07:00:44.0370 4364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
07:00:44.0370 4364 spldr - ok
07:00:44.0588 4364 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
07:00:44.0604 4364 Spooler - ok
07:00:46.0570 4364 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
07:00:46.0585 4364 sppsvc - ok
07:00:46.0975 4364 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
07:00:46.0991 4364 sppuinotify - ok
07:00:47.0365 4364 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
07:00:47.0381 4364 srv - ok
07:00:47.0568 4364 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
07:00:47.0584 4364 srv2 - ok
07:00:47.0630 4364 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
07:00:47.0630 4364 srvnet - ok
07:00:47.0724 4364 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
07:00:47.0740 4364 SSDPSRV - ok
07:00:47.0755 4364 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
07:00:47.0755 4364 SstpSvc - ok
07:00:47.0802 4364 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
07:00:47.0802 4364 stdcfltn - ok
07:00:47.0942 4364 Stereo Service (39d9ca03cc9ff883f8e36d95e7bfd193) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
07:00:47.0958 4364 Stereo Service - ok
07:00:48.0005 4364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
07:00:48.0020 4364 stexstor - ok
07:00:48.0130 4364 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
07:00:48.0145 4364 stisvc - ok
07:00:48.0208 4364 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:00:48.0208 4364 stllssvr - ok
07:00:48.0239 4364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
07:00:48.0239 4364 swenum - ok
07:00:48.0582 4364 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:00:48.0598 4364 SwitchBoard - ok
07:00:48.0769 4364 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
07:00:48.0800 4364 swprv - ok
07:00:48.0925 4364 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
07:00:49.0019 4364 SysMain - ok
07:00:49.0534 4364 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
07:00:49.0549 4364 TabletInputService - ok
07:00:49.0580 4364 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
07:00:49.0612 4364 TapiSrv - ok
07:00:49.0643 4364 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
07:00:49.0643 4364 TBS - ok
07:00:50.0875 4364 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
07:00:50.0906 4364 Tcpip - ok
07:00:52.0061 4364 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
07:00:52.0076 4364 TCPIP6 - ok
07:00:52.0170 4364 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
07:00:52.0170 4364 tcpipreg - ok
07:00:52.0201 4364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
07:00:52.0201 4364 TDPIPE - ok
07:00:52.0248 4364 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
07:00:52.0248 4364 TDTCP - ok
07:00:52.0295 4364 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
07:00:52.0295 4364 tdx - ok
07:00:52.0310 4364 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
07:00:52.0310 4364 TermDD - ok
07:00:52.0388 4364 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
07:00:52.0420 4364 TermService - ok
07:00:52.0435 4364 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
07:00:52.0451 4364 Themes - ok
07:00:52.0466 4364 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
07:00:52.0482 4364 THREADORDER - ok
07:00:52.0513 4364 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
07:00:52.0529 4364 TrkWks - ok
07:00:52.0576 4364 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
07:00:52.0576 4364 TrustedInstaller - ok
07:00:52.0607 4364 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
07:00:52.0607 4364 tssecsrv - ok
07:00:52.0654 4364 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
07:00:52.0654 4364 TsUsbFlt - ok
07:00:52.0685 4364 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
07:00:52.0685 4364 TsUsbGD - ok
07:00:52.0732 4364 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
07:00:52.0747 4364 tunnel - ok
07:00:52.0794 4364 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
07:00:52.0794 4364 TurboB - ok
07:00:52.0903 4364 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
07:00:52.0903 4364 TurboBoost - ok
07:00:52.0934 4364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
07:00:52.0950 4364 uagp35 - ok
07:00:52.0997 4364 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
07:00:52.0997 4364 udfs - ok
07:00:53.0044 4364 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
07:00:53.0044 4364 UI0Detect - ok
07:00:53.0059 4364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
07:00:53.0075 4364 uliagpkx - ok
07:00:53.0122 4364 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
07:00:53.0122 4364 umbus - ok
07:00:53.0168 4364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
07:00:53.0168 4364 UmPass - ok
07:00:53.0356 4364 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
07:00:53.0402 4364 UNS - ok
07:00:53.0496 4364 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
07:00:53.0527 4364 upnphost - ok
07:00:53.0590 4364 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
07:00:53.0590 4364 USBAAPL64 - ok
07:00:53.0636 4364 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
07:00:53.0636 4364 usbccgp - ok
07:00:53.0714 4364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
07:00:53.0714 4364 usbcir - ok
07:00:53.0746 4364 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
07:00:53.0746 4364 usbehci - ok
07:00:53.0824 4364 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
07:00:53.0824 4364 usbhub - ok
07:00:53.0870 4364 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
07:00:53.0870 4364 usbohci - ok
07:00:53.0933 4364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
07:00:53.0933 4364 usbprint - ok
07:00:53.0995 4364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
07:00:53.0995 4364 usbscan - ok
07:00:54.0042 4364 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:00:54.0042 4364 USBSTOR - ok
07:00:54.0073 4364 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
07:00:54.0073 4364 usbuhci - ok
07:00:54.0151 4364 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
07:00:54.0151 4364 usbvideo - ok
07:00:54.0198 4364 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
07:00:54.0198 4364 UxSms - ok
07:00:54.0245 4364 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
07:00:54.0260 4364 VaultSvc - ok
07:00:54.0323 4364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
07:00:54.0323 4364 vdrvroot - ok
07:00:54.0370 4364 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
07:00:54.0385 4364 vds - ok
07:00:54.0416 4364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
07:00:54.0416 4364 vga - ok
07:00:54.0432 4364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
07:00:54.0432 4364 VgaSave - ok
07:00:54.0463 4364 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
07:00:54.0463 4364 vhdmp - ok
07:00:54.0479 4364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
07:00:54.0479 4364 viaide - ok
07:00:54.0494 4364 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
07:00:54.0494 4364 volmgr - ok
07:00:54.0557 4364 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
07:00:54.0557 4364 volmgrx - ok
07:00:54.0682 4364 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
07:00:54.0682 4364 volsnap - ok
07:00:54.0728 4364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
07:00:54.0744 4364 vsmraid - ok
07:00:54.0838 4364 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
07:00:54.0916 4364 VSS - ok
07:00:55.0118 4364 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
07:00:55.0118 4364 vToolbarUpdater11.2.0 - ok
07:00:55.0259 4364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
07:00:55.0259 4364 vwifibus - ok
07:00:55.0290 4364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
07:00:55.0290 4364 vwififlt - ok
07:00:55.0306 4364 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
07:00:55.0321 4364 vwifimp - ok
07:00:55.0384 4364 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
07:00:55.0399 4364 W32Time - ok
07:00:55.0415 4364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
07:00:55.0430 4364 WacomPen - ok
07:00:55.0462 4364 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:00:55.0462 4364 WANARP - ok
07:00:55.0477 4364 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
07:00:55.0477 4364 Wanarpv6 - ok
07:00:55.0602 4364 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
07:00:55.0649 4364 WatAdminSvc - ok
07:00:55.0727 4364 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
07:00:55.0774 4364 wbengine - ok
07:00:55.0867 4364 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
07:00:55.0883 4364 WbioSrvc - ok
07:00:55.0914 4364 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
07:00:55.0930 4364 wcncsvc - ok
07:00:55.0945 4364 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
07:00:55.0961 4364 WcsPlugInService - ok
07:00:55.0992 4364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
07:00:56.0008 4364 Wd - ok
07:00:56.0054 4364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
07:00:56.0070 4364 Wdf01000 - ok
07:00:56.0148 4364 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:00:56.0148 4364 WdiServiceHost - ok
07:00:56.0148 4364 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
07:00:56.0164 4364 WdiSystemHost - ok
07:00:56.0179 4364 wdkmd (94dc2bf6cbaaa95e369c3756d3115a76) C:\Windows\system32\DRIVERS\WDKMD.sys
07:00:56.0179 4364 wdkmd - ok
07:00:56.0226 4364 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
07:00:56.0242 4364 WebClient - ok
07:00:56.0257 4364 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
07:00:56.0273 4364 Wecsvc - ok
07:00:56.0288 4364 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
07:00:56.0304 4364 wercplsupport - ok
07:00:56.0335 4364 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
07:00:56.0351 4364 WerSvc - ok
07:00:56.0398 4364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
07:00:56.0398 4364 WfpLwf - ok
07:00:56.0429 4364 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
07:00:56.0444 4364 WimFltr - ok
07:00:56.0460 4364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
07:00:56.0460 4364 WIMMount - ok
07:00:56.0554 4364 WinDefend - ok
07:00:56.0569 4364 WinHttpAutoProxySvc - ok
07:00:56.0632 4364 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
07:00:56.0632 4364 Winmgmt - ok
07:00:56.0756 4364 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
07:00:56.0788 4364 WinRM - ok
07:00:56.0975 4364 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
07:00:56.0975 4364 WinUsb - ok
07:00:57.0053 4364 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
07:00:57.0068 4364 Wlansvc - ok
07:00:57.0162 4364 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:00:57.0162 4364 wlcrasvc - ok
07:00:57.0334 4364 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:00:57.0349 4364 wlidsvc - ok
07:00:57.0474 4364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
07:00:57.0474 4364 WmiAcpi - ok
07:00:57.0552 4364 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
07:00:57.0552 4364 wmiApSrv - ok
07:00:57.0614 4364 WMPNetworkSvc - ok
07:00:57.0677 4364 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
07:00:57.0692 4364 WPCSvc - ok
07:00:57.0708 4364 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
07:00:57.0724 4364 WPDBusEnum - ok
07:00:57.0739 4364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
07:00:57.0739 4364 ws2ifsl - ok
07:00:57.0802 4364 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
07:00:57.0802 4364 wscsvc - ok
07:00:57.0802 4364 WSearch - ok
07:00:57.0958 4364 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
07:00:58.0004 4364 wuauserv - ok
07:00:58.0176 4364 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
07:00:58.0176 4364 WudfPf - ok
07:00:58.0238 4364 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
07:00:58.0238 4364 WUDFRd - ok
07:00:58.0285 4364 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
07:00:58.0285 4364 wudfsvc - ok
07:00:58.0316 4364 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
07:00:58.0332 4364 WwanSvc - ok
07:00:58.0441 4364 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
07:00:58.0660 4364 \Device\Harddisk0\DR0 - ok
07:00:58.0675 4364 Boot (0x1200) (e6e177c7a383a2daed2821a5a10ebb63) \Device\Harddisk0\DR0\Partition0
07:00:58.0675 4364 \Device\Harddisk0\DR0\Partition0 - ok
07:00:58.0722 4364 Boot (0x1200) (c845d5c8bb657ee4ebcdf33a84300c9a) \Device\Harddisk0\DR0\Partition1
07:00:58.0722 4364 \Device\Harddisk0\DR0\Partition1 - ok
07:00:58.0722 4364 ============================================================
07:00:58.0722 4364 Scan finished
07:00:58.0722 4364 ============================================================
07:00:58.0738 3348 Detected object count: 0
07:00:58.0738 3348 Actual detected object count: 0
07:02:21.0144 4404 Deinitialize success

#10 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 06 August 2012 - 12:51 AM

aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-06 07:02:26
-----------------------------
07:02:26.462 OS Version: Windows x64 6.1.7601 Service Pack 1
07:02:26.462 Number of processors: 4 586 0x2A07
07:02:26.462 ComputerName: KYRA15Z UserName: Kyra
07:02:31.220 Initialize success
07:02:37.481 AVAST engine download error: 0
07:02:49.228 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:02:49.243 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
07:02:49.259 Disk 0 MBR read successfully
07:02:49.274 Disk 0 MBR scan
07:02:49.274 Disk 0 Windows VISTA default MBR code
07:02:49.290 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
07:02:49.306 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
07:02:49.306 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928896
07:02:49.352 Disk 0 scanning C:\Windows\system32\drivers
07:02:57.917 Service scanning
07:03:20.240 Modules scanning
07:03:20.256 Disk 0 trace - called modules:
07:03:20.272 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
07:03:20.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e9a060]
07:03:20.303 3 CLASSPNP.SYS[fffff88001bc843f] -> nt!IofCallDriver -> [0xfffffa8007d07b80]
07:03:20.318 5 stdcfltn.sys[fffff88001b5dc52] -> nt!IofCallDriver -> [0xfffffa800550b950]
07:03:20.334 7 ACPI.sys[fffff88000f587a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800603e050]
07:03:20.334 Scan finished successfully
07:04:17.836 Disk 0 MBR has been saved successfully to "C:\Users\Kyra\Desktop\MBR.dat"
07:04:17.836 The log file has been saved successfully to "C:\Users\Kyra\Desktop\aswMBR.txt"

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 06 August 2012 - 01:20 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 06 August 2012 - 01:50 AM

Here is the latest Combofix log:


ComboFix 12-08-05.02 - Kyra 08/06/2012 8:29.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4521 [GMT 2:00]
Running from: c:\users\Kyra\Desktop\ComboFix.exe
Command switches used :: c:\users\Kyra\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 06:36 . 2012-08-06 06:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-06 06:36 . 2012-08-06 06:36 -------- d-----w- c:\users\Glenn\AppData\Local\temp
2012-08-06 06:36 . 2012-08-06 06:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-06 06:36 . 2012-08-06 06:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-06 04:59 . 2012-08-06 04:59 -------- d-----w- c:\users\Kyra\AppData\Roaming\AVG10
2012-08-04 20:24 . 2010-05-22 12:50 195584 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-08-04 20:24 . 2010-05-22 12:49 29696 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-08-04 20:24 . 2010-05-22 12:49 54784 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-08-04 20:24 . 2010-05-22 12:49 83456 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-08-04 20:24 . 2010-05-22 12:49 78848 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-08-04 20:24 . 2010-04-30 14:53 252928 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-08-04 20:24 . 2010-03-25 08:08 120704 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-08-04 20:24 . 2010-03-20 10:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-08-04 20:24 . 2010-01-18 16:48 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-08-04 20:24 . 2010-03-20 09:56 114560 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-08-04 20:01 . 2012-08-04 20:01 -------- d-----w- c:\programdata\MTN Online
2012-08-04 20:01 . 2012-08-04 19:58 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-08-04 20:01 . 2012-08-04 19:58 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-27 13:14 . 2012-08-05 10:38 -------- d-----w- c:\program files (x86)\Citrix
2012-07-22 21:42 . 2012-07-22 21:42 -------- d-----w- c:\users\Kyra\AppData\Local\Macromedia
2012-07-22 21:39 . 2012-07-23 03:20 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 14:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-13 14:14 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-13 14:13 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-13 14:13 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-13 14:13 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-13 14:13 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-13 14:13 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-13 14:13 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-13 14:13 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-23 03:20 . 2011-06-06 16:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 14:17 . 2011-06-09 00:12 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-07-03 12:48 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-03 12:48 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-07-03 12:48 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-03 12:48 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-03 12:48 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-07-03 12:48 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-07-03 12:48 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-07-03 12:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-07-03 12:47 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_19.06.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-06 04:52 70578 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-06 04:52 42464 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-06-06 16:49 . 2012-08-06 04:52 24476 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1949429700-2666389791-3451925955-1001_UserData.bin
+ 2011-06-06 16:08 . 2012-08-06 04:56 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-06 16:08 . 2012-08-05 12:13 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-06-06 16:08 . 2012-08-06 04:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-06-06 16:08 . 2012-08-05 12:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-06 04:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-05 12:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-05 10:26 . 2012-08-05 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 04:49 . 2012-08-06 04:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 04:49 . 2012-08-06 04:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-05 10:26 . 2012-08-05 18:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-06 23:03 . 2012-08-06 06:23 357306 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-05 11:08 660530 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-06 04:56 660530 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-05 11:08 121426 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-06 04:56 121426 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-05 19:22 520536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-05 10:25 520536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-06 16:46 . 2012-08-05 10:25 37937640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1949429700-2666389791-3451925955-1001-8192.dat
+ 2011-06-06 16:46 . 2012-08-05 19:22 37937640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1949429700-2666389791-3451925955-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-16 12:53 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-16 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-12-23 491650]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"PdxRegCl"="c:\program files (x86)\Paradox\Programs\PdxRegCl.exe" [2004-06-14 49152]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-16 1107552]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-09 559616]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\users\Kyra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kyra\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R2 BLUETOOTH OBEX SERVICE;BLUETOOTH OBEX SERVICE;c:\program files (x86)\INTEL\BLUETOOTH\OBEXSRV.EXE [2011-01-24 991296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-05-30 1025352]
R3 BLUETOOTH MEDIA SERVICE;BLUETOOTH MEDIA SERVICE;c:\program files (x86)\INTEL\BLUETOOTH\MEDIASRV.EXE [2011-01-24 1298496]
R3 br3gmdm;BandLuxe 3.5G HSDPA Adapter - USB;c:\windows\system32\DRIVERS\br3gmdm.sys [2008-12-23 119296]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 114560]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-30 252928]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2010-09-09 122752]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2010-09-09 122752]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2010-09-09 122752]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2010-05-22 78848]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2010-05-22 29696]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2010-05-22 195584]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-11-11 172632]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-03 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-12 155752]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-08 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-24 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BandLuxe_Service;BandLuxe Service;c:\program files (x86)\BandRich\BandLuxe HSDPA Utility R11\BRService.exe [2009-07-23 116960]
S2 BLUETOOTH DEVICE MONITOR;BLUETOOTH DEVICE MONITOR;c:\program files (x86)\INTEL\BLUETOOTH\DEVMONSRV.EXE [2011-01-24 901184]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-24 1997416]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-16 935008]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-09-10 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-03-17 104960]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-03-10 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-03-24 62464]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-05-22 83456]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 02955930
*NewlyCreated* - ASWMBR
*Deregistered* - 02955930
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1949429700-2666389791-3451925955-1001Core.job
- c:\users\Kyra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 20:13]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1949429700-2666389791-3451925955-1001UA.job
- c:\users\Kyra\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-31 20:13]
.
2012-08-03 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-08-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kyra\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-03-10 2364928]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-03-10 2351104]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-26 6611560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-12-24 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Kyra\AppData\Roaming\Mozilla\Firefox\Profiles\rb1hng7u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=150&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.http - http://www.up.ac.za/proxy.pac1
FF - prefs.js: network.proxy.type - 1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-10 - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-06 08:38:55
ComboFix-quarantined-files.txt 2012-08-06 06:38
ComboFix2.txt 2012-08-05 19:08
.
Pre-Run: 116,403,032,064 bytes free
Post-Run: 116,081,639,424 bytes free
.
- - End Of File - - 05EDCFBA7FABB3D08CC2805E334B170D

#13 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 06 August 2012 - 01:58 AM

My computer seems to be running better now (I.e. not as slow) and I'm not getting complaints from AVG anymore. Thank you for your help.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:04 PM

Posted 06 August 2012 - 02:45 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BFlix Toolbar
Java™ 6 Update 32
Windows iLivid Toolbar
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zamix

zamix
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 07 August 2012 - 12:30 AM

MBAM Log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kyra :: KYRA15Z [administrator]

8/7/2012 7:01:05 AM
mbam-log-2012-08-07 (07-01-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 256755
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Kyra\Downloads\Setup (46).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users