TechSpot

IDP.Trojan Infection Found in WINDOWS: Now Concerned with Possible Further Infection

By morkiemama
Aug 10, 2012
  1. Hello,

    Well I consider myself a pretty cautious computer user, so I was shocked when I turned on my laptop today to check a grocery list and AVG caught a trojan immediately upon startup. :( I had not done anything odd prior to this startup, so I assume either it has been lurking and hiding effectively or AVG's virus/malware database updated and it is only now just finding it. Either way, I am now concerned about the security of my computer and if the infection spread.

    Any help assuring my computer is clean from other infections would be much appreciated. I'm not sure how this Trojan functions or what damage it can cause. I have followed the starting steps and here are my log results:

    Malwarebytes:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.10.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Sara :: QTBUG [administrator]

    8/10/2012 3:47:24 PM
    mbam-log-2012-08-10 (15-47-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196987
    Time elapsed: 3 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 3
    HKCR\CLSID\{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} (PUP.BlekkoSearchBar) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Sara\AppData\Local\Temp\0.9140393679885204 (Trojan.BHO) -> Quarantined and deleted successfully.

    (end)
     
  2. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    GMER:

    My notepad GMER log was blank... Not sure if I did something wrong?

    DDS:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Sara at 16:10:01 on 2012-08-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2341 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Windows\system32\lxducoms.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\WirelessOffMsg.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    mURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Sara\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}\2456C6B696E6 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}\2656C6B696E6E2631336 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}\3547162776164756 : DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}\6594A45543 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}\9666279647 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\5784bx84.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-1-11 2413056]
    R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-1 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-31 167264]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-1 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 113120]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-10 19:46:58 -------- d-----w- C:\Users\Sara\AppData\Roaming\Malwarebytes
    2012-08-10 19:46:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-10 19:46:40 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-10 19:46:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-03 01:49:47 9827016 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-12 05:42:10 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-08-03 01:49:57 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-03 01:49:57 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-17 18:23:32 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-05-17 18:23:32 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    .
    ============= FINISH: 16:10:18.11 ===============
     
  3. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/31/2011 6:59:52 PM
    System Uptime: 8/10/2012 3:57:34 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 165C
    Processor: AMD Turion(tm) II P560 Dual-Core Processor | Socket S1G4 | 2500/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 208.019 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 1.547 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP155: 6/19/2012 11:37:15 AM - Windows Update
    RP156: 6/24/2012 7:00:08 PM - Windows Backup
    RP157: 6/30/2012 5:19:15 PM - Installed Becker's Final Review - 2012 Edition
    RP158: 7/1/2012 7:04:04 PM - Windows Backup
    RP159: 7/8/2012 8:09:05 PM - Windows Backup
    RP160: 7/12/2012 1:34:11 AM - Windows Update
    RP161: 7/15/2012 9:22:31 PM - Windows Backup
    RP162: 7/22/2012 7:00:07 PM - Windows Backup
    RP163: 7/29/2012 7:00:04 PM - Windows Backup
    RP164: 8/6/2012 2:48:56 PM - Windows Backup
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    Becker's CPA Exam Review - 2012 Edition
    Becker's Final Review - 2012 Edition
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    Chuzzle Deluxe
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Dungeons and Dragons Anthology: The Master Collection
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Farm Frenzy
    FATE
    Final Drive Nitro
    Google Chrome
    Google Update Helper
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    IDT Audio
    Java Auto Updater
    Java(TM) 6 Update 31
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    League of Legends
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Microsoft Default Manager
    Microsoft Office File Validation Add-In
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    Pando Media Booster
    Penguins!
    PictureMover
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype™ 5.5
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Visual Studio 2008 x64 Redistributables
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    Yahoo! Detect
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/7/2012 4:20:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    8/3/2012 10:57:16 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
    8/10/2012 3:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Thank you so much for your help! I really appreciate it. <3

    It does not seem anything was found during the scan.

    Here is the log:

    17:40:25.0193 6036 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    17:40:25.0771 6036 ============================================================
    17:40:25.0771 6036 Current date / time: 2012/08/10 17:40:25.0771
    17:40:25.0771 6036 SystemInfo:
    17:40:25.0771 6036
    17:40:25.0786 6036 OS Version: 6.1.7601 ServicePack: 1.0
    17:40:25.0786 6036 Product type: Workstation
    17:40:25.0786 6036 ComputerName: QTBUG
    17:40:25.0786 6036 UserName: Sara
    17:40:25.0786 6036 Windows directory: C:\Windows
    17:40:25.0786 6036 System windows directory: C:\Windows
    17:40:25.0786 6036 Running under WOW64
    17:40:25.0786 6036 Processor architecture: Intel x64
    17:40:25.0786 6036 Number of processors: 2
    17:40:25.0786 6036 Page size: 0x1000
    17:40:25.0786 6036 Boot type: Normal boot
    17:40:25.0786 6036 ============================================================
    17:40:27.0799 6036 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    17:40:27.0814 6036 ============================================================
    17:40:27.0814 6036 \Device\Harddisk0\DR0:
    17:40:27.0814 6036 MBR partitions:
    17:40:27.0814 6036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    17:40:27.0814 6036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x235D6800
    17:40:27.0814 6036 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2363A800, BlocksNum 0x1DC0000
    17:40:27.0814 6036 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    17:40:27.0814 6036 ============================================================
    17:40:27.0892 6036 C: <-> \Device\Harddisk0\DR0\Partition1
    17:40:28.0001 6036 D: <-> \Device\Harddisk0\DR0\Partition2
    17:40:28.0001 6036 ============================================================
    17:40:28.0001 6036 Initialize success
    17:40:28.0001 6036 ============================================================
    17:40:31.0574 4488 ============================================================
    17:40:31.0574 4488 Scan started
    17:40:31.0574 4488 Mode: Manual;
    17:40:31.0574 4488 ============================================================
    17:40:32.0650 4488 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    17:40:32.0666 4488 1394ohci - ok
    17:40:32.0728 4488 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    17:40:32.0744 4488 ACPI - ok
    17:40:32.0759 4488 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    17:40:32.0775 4488 AcpiPmi - ok
    17:40:33.0243 4488 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    17:40:33.0243 4488 AdobeARMservice - ok
    17:40:33.0508 4488 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    17:40:33.0524 4488 AdobeFlashPlayerUpdateSvc - ok
    17:40:33.0649 4488 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    17:40:33.0649 4488 adp94xx - ok
    17:40:33.0711 4488 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    17:40:33.0711 4488 adpahci - ok
    17:40:33.0773 4488 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    17:40:33.0789 4488 adpu320 - ok
    17:40:33.0867 4488 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    17:40:33.0867 4488 AeLookupSvc - ok
    17:40:33.0976 4488 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    17:40:33.0976 4488 AFD - ok
    17:40:34.0039 4488 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    17:40:34.0039 4488 agp440 - ok
    17:40:34.0101 4488 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    17:40:34.0163 4488 ALG - ok
    17:40:34.0241 4488 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    17:40:34.0241 4488 aliide - ok
    17:40:34.0304 4488 AMD External Events Utility (2e7970f3b33f3d9bc3c29c6e2eb5a100) C:\Windows\system32\atiesrxx.exe
    17:40:34.0304 4488 AMD External Events Utility - ok
    17:40:34.0382 4488 AMD FUEL Service - ok
    17:40:34.0475 4488 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    17:40:34.0475 4488 AMD Reservation Manager - ok
    17:40:34.0522 4488 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    17:40:34.0522 4488 amdide - ok
    17:40:34.0553 4488 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
    17:40:34.0585 4488 amdiox64 - ok
    17:40:34.0631 4488 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    17:40:34.0647 4488 AmdK8 - ok
    17:40:35.0630 4488 amdkmdag (2c89431a9db6d3b6f55c95f8d41ca64d) C:\Windows\system32\DRIVERS\atikmdag.sys
    17:40:35.0833 4488 amdkmdag - ok
    17:40:36.0051 4488 amdkmdap (572411b9d88e5070fe08d4376e507237) C:\Windows\system32\DRIVERS\atikmpag.sys
    17:40:36.0067 4488 amdkmdap - ok
    17:40:36.0129 4488 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    17:40:36.0129 4488 AmdPPM - ok
    17:40:36.0191 4488 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    17:40:36.0254 4488 amdsata - ok
    17:40:36.0347 4488 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    17:40:36.0363 4488 amdsbs - ok
    17:40:36.0379 4488 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    17:40:36.0394 4488 amdxata - ok
    17:40:36.0425 4488 amd_sata (08e8a4172c57abd7693a6915cf1e7a99) C:\Windows\system32\DRIVERS\amd_sata.sys
    17:40:36.0425 4488 amd_sata - ok
    17:40:36.0457 4488 amd_xata (9866af4e4ad7f16e810b6c0b8473f9cd) C:\Windows\system32\DRIVERS\amd_xata.sys
    17:40:36.0457 4488 amd_xata - ok
    17:40:36.0519 4488 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    17:40:36.0535 4488 AppID - ok
    17:40:36.0722 4488 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    17:40:36.0737 4488 AppIDSvc - ok
    17:40:36.0800 4488 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    17:40:36.0800 4488 Appinfo - ok
    17:40:36.0862 4488 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    17:40:36.0878 4488 arc - ok
    17:40:36.0925 4488 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    17:40:36.0925 4488 arcsas - ok
    17:40:36.0987 4488 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:40:37.0003 4488 AsyncMac - ok
    17:40:37.0034 4488 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    17:40:37.0034 4488 atapi - ok
    17:40:37.0096 4488 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
    17:40:37.0112 4488 AtiHdmiService - ok
    17:40:37.0159 4488 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
    17:40:37.0159 4488 AtiPcie - ok
    17:40:37.0283 4488 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:40:37.0315 4488 AudioEndpointBuilder - ok
    17:40:37.0346 4488 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    17:40:37.0346 4488 AudioSrv - ok
    17:40:37.0549 4488 AVG Security Toolbar Service (d45b7995761253a92ab071d576114f28) C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    17:40:37.0549 4488 AVG Security Toolbar Service - ok
    17:40:38.0251 4488 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    17:40:38.0438 4488 AVGIDSAgent - ok
    17:40:38.0687 4488 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    17:40:38.0703 4488 AVGIDSDriver - ok
    17:40:38.0719 4488 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    17:40:38.0719 4488 AVGIDSEH - ok
    17:40:38.0734 4488 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    17:40:38.0734 4488 AVGIDSFilter - ok
    17:40:38.0797 4488 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\Windows\system32\DRIVERS\avgldx64.sys
    17:40:38.0812 4488 Avgldx64 - ok
    17:40:38.0828 4488 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\Windows\system32\DRIVERS\avgmfx64.sys
    17:40:38.0828 4488 Avgmfx64 - ok
    17:40:38.0859 4488 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\Windows\system32\DRIVERS\avgrkx64.sys
    17:40:38.0875 4488 Avgrkx64 - ok
    17:40:38.0968 4488 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\Windows\system32\DRIVERS\avgtdia.sys
    17:40:38.0984 4488 Avgtdia - ok
    17:40:39.0124 4488 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    17:40:39.0124 4488 avgwd - ok
    17:40:39.0233 4488 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    17:40:39.0249 4488 AxInstSV - ok
    17:40:39.0343 4488 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    17:40:39.0374 4488 b06bdrv - ok
    17:40:39.0483 4488 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    17:40:39.0499 4488 b57nd60a - ok
    17:40:40.0013 4488 BCM43XX (461e574d7967e895640109a371a912a5) C:\Windows\system32\DRIVERS\bcmwl664.sys
    17:40:40.0154 4488 BCM43XX - ok
    17:40:40.0310 4488 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    17:40:40.0325 4488 BDESVC - ok
    17:40:40.0450 4488 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    17:40:40.0450 4488 Beep - ok
    17:40:40.0559 4488 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    17:40:40.0606 4488 BFE - ok
    17:40:40.0747 4488 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    17:40:40.0778 4488 BITS - ok
    17:40:40.0840 4488 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    17:40:40.0840 4488 blbdrive - ok
    17:40:40.0887 4488 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    17:40:40.0918 4488 bowser - ok
    17:40:40.0949 4488 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    17:40:40.0965 4488 BrFiltLo - ok
    17:40:40.0981 4488 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    17:40:40.0981 4488 BrFiltUp - ok
    17:40:41.0043 4488 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    17:40:41.0043 4488 Browser - ok
    17:40:41.0105 4488 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    17:40:41.0105 4488 Brserid - ok
    17:40:41.0168 4488 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    17:40:41.0183 4488 BrSerWdm - ok
    17:40:41.0199 4488 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    17:40:41.0199 4488 BrUsbMdm - ok
    17:40:41.0230 4488 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    17:40:41.0230 4488 BrUsbSer - ok
    17:40:41.0277 4488 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    17:40:41.0277 4488 BTHMODEM - ok
    17:40:41.0339 4488 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    17:40:41.0355 4488 bthserv - ok
    17:40:41.0449 4488 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:40:41.0449 4488 cdfs - ok
    17:40:41.0511 4488 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    17:40:41.0527 4488 cdrom - ok
    17:40:41.0589 4488 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:40:41.0589 4488 CertPropSvc - ok
    17:40:41.0636 4488 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    17:40:41.0636 4488 circlass - ok
    17:40:41.0729 4488 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    17:40:41.0745 4488 CLFS - ok
    17:40:41.0854 4488 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    17:40:41.0885 4488 clr_optimization_v2.0.50727_32 - ok
    17:40:42.0104 4488 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    17:40:42.0104 4488 clr_optimization_v2.0.50727_64 - ok
    17:40:42.0244 4488 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    17:40:42.0260 4488 clr_optimization_v4.0.30319_32 - ok
    17:40:42.0463 4488 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    17:40:42.0463 4488 clr_optimization_v4.0.30319_64 - ok
    17:40:42.0509 4488 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    17:40:42.0525 4488 clwvd - ok
    17:40:42.0572 4488 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:40:42.0572 4488 CmBatt - ok
    17:40:42.0603 4488 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    17:40:42.0603 4488 cmdide - ok
    17:40:42.0759 4488 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
    17:40:42.0775 4488 CNG - ok
    17:40:42.0837 4488 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    17:40:42.0837 4488 Compbatt - ok
    17:40:42.0884 4488 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    17:40:42.0899 4488 CompositeBus - ok
    17:40:42.0915 4488 COMSysApp - ok
    17:40:42.0993 4488 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    17:40:42.0993 4488 crcdisk - ok
    17:40:43.0055 4488 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
    17:40:43.0055 4488 CryptSvc - ok
    17:40:43.0133 4488 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:40:43.0149 4488 DcomLaunch - ok
    17:40:43.0227 4488 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    17:40:43.0243 4488 defragsvc - ok
    17:40:43.0289 4488 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    17:40:43.0305 4488 DfsC - ok
    17:40:43.0367 4488 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    17:40:43.0367 4488 Dhcp - ok
    17:40:43.0414 4488 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    17:40:43.0414 4488 discache - ok
    17:40:43.0508 4488 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    17:40:43.0523 4488 Disk - ok
    17:40:43.0586 4488 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    17:40:43.0617 4488 Dnscache - ok
    17:40:43.0664 4488 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    17:40:43.0695 4488 dot3svc - ok
    17:40:43.0773 4488 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    17:40:43.0773 4488 DPS - ok
    17:40:43.0820 4488 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    17:40:43.0820 4488 drmkaud - ok
    17:40:43.0945 4488 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    17:40:43.0976 4488 DXGKrnl - ok
    17:40:44.0069 4488 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    17:40:44.0069 4488 EapHost - ok
    17:40:44.0397 4488 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    17:40:44.0506 4488 ebdrv - ok
    17:40:44.0693 4488 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    17:40:44.0693 4488 EFS - ok
    17:40:44.0834 4488 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    17:40:44.0881 4488 ehRecvr - ok
    17:40:44.0927 4488 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    17:40:44.0943 4488 ehSched - ok
    17:40:45.0052 4488 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    17:40:45.0068 4488 elxstor - ok
    17:40:45.0099 4488 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    17:40:45.0115 4488 ErrDev - ok
    17:40:45.0224 4488 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    17:40:45.0255 4488 EventSystem - ok
    17:40:45.0302 4488 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    17:40:45.0317 4488 exfat - ok
    17:40:45.0364 4488 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    17:40:45.0364 4488 fastfat - ok
    17:40:45.0551 4488 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    17:40:45.0583 4488 Fax - ok
    17:40:45.0614 4488 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    17:40:45.0614 4488 fdc - ok
    17:40:45.0645 4488 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    17:40:45.0645 4488 fdPHost - ok
    17:40:45.0661 4488 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    17:40:45.0661 4488 FDResPub - ok
    17:40:45.0739 4488 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    17:40:45.0754 4488 FileInfo - ok
    17:40:45.0770 4488 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    17:40:45.0770 4488 Filetrace - ok
    17:40:45.0801 4488 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:40:45.0801 4488 flpydisk - ok
    17:40:45.0879 4488 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    17:40:45.0895 4488 FltMgr - ok
    17:40:46.0066 4488 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    17:40:46.0082 4488 FontCache - ok
    17:40:46.0144 4488 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    17:40:46.0144 4488 FontCache3.0.0.0 - ok
    17:40:46.0207 4488 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    17:40:46.0207 4488 FsDepends - ok
    17:40:46.0269 4488 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    17:40:46.0300 4488 Fs_Rec - ok
    17:40:46.0394 4488 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    17:40:46.0394 4488 fvevol - ok
    17:40:46.0425 4488 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    17:40:46.0441 4488 gagp30kx - ok
    17:40:46.0659 4488 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    17:40:46.0675 4488 GameConsoleService - ok
    17:40:46.0784 4488 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    17:40:46.0799 4488 gpsvc - ok
    17:40:46.0971 4488 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:40:46.0971 4488 gupdate - ok
    17:40:46.0987 4488 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    17:40:46.0987 4488 gupdatem - ok
    17:40:47.0033 4488 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    17:40:47.0033 4488 hcw85cir - ok
    17:40:47.0127 4488 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    17:40:47.0143 4488 HdAudAddService - ok
    17:40:47.0252 4488 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    17:40:47.0252 4488 HDAudBus - ok
    17:40:47.0299 4488 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    17:40:47.0299 4488 HidBatt - ok
    17:40:47.0345 4488 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    17:40:47.0345 4488 HidBth - ok
    17:40:47.0361 4488 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    17:40:47.0361 4488 HidIr - ok
    17:40:47.0408 4488 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    17:40:47.0408 4488 hidserv - ok
    17:40:47.0517 4488 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    17:40:47.0517 4488 HidUsb - ok
    17:40:47.0548 4488 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    17:40:47.0564 4488 hkmsvc - ok
    17:40:47.0611 4488 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    17:40:47.0642 4488 HomeGroupListener - ok
    17:40:47.0689 4488 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    17:40:47.0704 4488 HomeGroupProvider - ok
    17:40:47.0907 4488 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    17:40:47.0923 4488 HP Support Assistant Service - ok
    17:40:48.0110 4488 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    17:40:48.0110 4488 HP Wireless Assistant Service - ok
    17:40:48.0203 4488 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    17:40:48.0203 4488 HPClientSvc - ok
    17:40:48.0391 4488 hpqwmiex (e7c7829ba0395e48f8c8fe16b8832344) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    17:40:48.0406 4488 hpqwmiex - ok
    17:40:48.0952 4488 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    17:40:48.0952 4488 HpSAMD - ok
    17:40:49.0061 4488 HPWMISVC (2bec76bdcd1bc080210325e7b5094834) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    17:40:49.0061 4488 HPWMISVC - ok
    17:40:49.0155 4488 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    17:40:49.0171 4488 HTTP - ok
    17:40:49.0249 4488 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    17:40:49.0249 4488 hwpolicy - ok
    17:40:49.0295 4488 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:40:49.0295 4488 i8042prt - ok
    17:40:49.0373 4488 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    17:40:49.0405 4488 iaStorV - ok
    17:40:49.0779 4488 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    17:40:49.0857 4488 IconMan_R - ok
    17:40:50.0060 4488 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    17:40:50.0091 4488 idsvc - ok
    17:40:50.0933 4488 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    17:40:51.0105 4488 igfx - ok
    17:40:51.0308 4488 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    17:40:51.0308 4488 iirsp - ok
    17:40:51.0448 4488 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    17:40:51.0479 4488 IKEEXT - ok
    17:40:51.0526 4488 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    17:40:51.0526 4488 intelide - ok
    17:40:51.0589 4488 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    17:40:51.0589 4488 intelppm - ok
    17:40:51.0682 4488 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    17:40:51.0682 4488 IPBusEnum - ok
    17:40:51.0729 4488 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:40:51.0729 4488 IpFilterDriver - ok
    17:40:51.0823 4488 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    17:40:51.0838 4488 iphlpsvc - ok
    17:40:51.0869 4488 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    17:40:51.0885 4488 IPMIDRV - ok
    17:40:51.0963 4488 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    17:40:51.0963 4488 IPNAT - ok
    17:40:51.0994 4488 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    17:40:51.0994 4488 IRENUM - ok
    17:40:52.0025 4488 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    17:40:52.0025 4488 isapnp - ok
    17:40:52.0072 4488 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    17:40:52.0072 4488 iScsiPrt - ok
    17:40:52.0103 4488 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    17:40:52.0119 4488 kbdclass - ok
    17:40:52.0166 4488 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    17:40:52.0181 4488 kbdhid - ok
    17:40:52.0213 4488 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:40:52.0213 4488 KeyIso - ok
    17:40:52.0259 4488 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
    17:40:52.0275 4488 KSecDD - ok
    17:40:52.0322 4488 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
    17:40:52.0369 4488 KSecPkg - ok
    17:40:52.0462 4488 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    17:40:52.0462 4488 ksthunk - ok
    17:40:52.0525 4488 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    17:40:52.0571 4488 KtmRm - ok
    17:40:52.0665 4488 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    17:40:52.0696 4488 LanmanServer - ok
    17:40:52.0774 4488 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    17:40:52.0821 4488 LanmanWorkstation - ok
    17:40:52.0883 4488 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    17:40:52.0899 4488 lltdio - ok
    17:40:53.0008 4488 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    17:40:53.0039 4488 lltdsvc - ok
    17:40:53.0071 4488 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    17:40:53.0071 4488 lmhosts - ok
    17:40:53.0149 4488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    17:40:53.0164 4488 LSI_FC - ok
    17:40:53.0195 4488 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    17:40:53.0211 4488 LSI_SAS - ok
    17:40:53.0289 4488 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    17:40:53.0289 4488 LSI_SAS2 - ok
    17:40:53.0336 4488 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    17:40:53.0351 4488 LSI_SCSI - ok
    17:40:53.0398 4488 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    17:40:53.0414 4488 luafv - ok
    17:40:53.0429 4488 lxdu_device - ok
    17:40:53.0523 4488 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    17:40:53.0539 4488 Mcx2Svc - ok
    17:40:53.0554 4488 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    17:40:53.0554 4488 megasas - ok
    17:40:53.0632 4488 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    17:40:53.0663 4488 MegaSR - ok
    17:40:53.0975 4488 Microsoft SharePoint Workspace Audit Service - ok
    17:40:54.0022 4488 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:40:54.0022 4488 MMCSS - ok
    17:40:54.0053 4488 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    17:40:54.0053 4488 Modem - ok
    17:40:54.0085 4488 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    17:40:54.0100 4488 monitor - ok
    17:40:54.0163 4488 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    17:40:54.0178 4488 mouclass - ok
    17:40:54.0225 4488 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    17:40:54.0225 4488 mouhid - ok
    17:40:54.0272 4488 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    17:40:54.0272 4488 mountmgr - ok
    17:40:54.0428 4488 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    17:40:54.0443 4488 MozillaMaintenance - ok
    17:40:54.0490 4488 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    17:40:54.0506 4488 mpio - ok
    17:40:54.0568 4488 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    17:40:54.0584 4488 mpsdrv - ok
    17:40:54.0724 4488 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    17:40:54.0755 4488 MpsSvc - ok
    17:40:54.0818 4488 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    17:40:54.0818 4488 MRxDAV - ok
    17:40:54.0927 4488 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:40:54.0943 4488 mrxsmb - ok
    17:40:54.0989 4488 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:40:55.0005 4488 mrxsmb10 - ok
    17:40:55.0036 4488 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:40:55.0036 4488 mrxsmb20 - ok
    17:40:55.0083 4488 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    17:40:55.0083 4488 msahci - ok
    17:40:55.0177 4488 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    17:40:55.0177 4488 msdsm - ok
    17:40:55.0223 4488 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    17:40:55.0223 4488 MSDTC - ok
    17:40:55.0270 4488 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    17:40:55.0286 4488 Msfs - ok
    17:40:55.0301 4488 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    17:40:55.0301 4488 mshidkmdf - ok
    17:40:55.0333 4488 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    17:40:55.0348 4488 msisadrv - ok
    17:40:55.0442 4488 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    17:40:55.0457 4488 MSiSCSI - ok
    17:40:55.0473 4488 msiserver - ok
    17:40:55.0520 4488 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    17:40:55.0520 4488 MSKSSRV - ok
    17:40:55.0535 4488 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:40:55.0535 4488 MSPCLOCK - ok
    17:40:55.0551 4488 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    17:40:55.0551 4488 MSPQM - ok
    17:40:55.0629 4488 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    17:40:55.0660 4488 MsRPC - ok
    17:40:55.0738 4488 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    17:40:55.0738 4488 mssmbios - ok
    17:40:55.0769 4488 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    17:40:55.0769 4488 MSTEE - ok
    17:40:55.0801 4488 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    17:40:55.0801 4488 MTConfig - ok
    17:40:55.0832 4488 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    17:40:55.0847 4488 Mup - ok
    17:40:55.0910 4488 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    17:40:55.0925 4488 napagent - ok
    17:40:56.0050 4488 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    17:40:56.0081 4488 NativeWifiP - ok
    17:40:56.0206 4488 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    17:40:56.0222 4488 NDIS - ok
    17:40:56.0315 4488 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    17:40:56.0315 4488 NdisCap - ok
    17:40:56.0347 4488 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:40:56.0362 4488 NdisTapi - ok
    17:40:56.0409 4488 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:40:56.0425 4488 Ndisuio - ok
    17:40:56.0487 4488 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:40:56.0503 4488 NdisWan - ok
    17:40:56.0768 4488 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    17:40:56.0783 4488 NDProxy - ok
    17:40:56.0815 4488 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    17:40:56.0815 4488 NetBIOS - ok
    17:40:56.0861 4488 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    17:40:56.0877 4488 NetBT - ok
    17:40:56.0908 4488 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:40:56.0908 4488 Netlogon - ok
    17:40:57.0002 4488 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    17:40:57.0033 4488 Netman - ok
    17:40:57.0064 4488 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    17:40:57.0080 4488 netprofm - ok
    17:40:57.0158 4488 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    17:40:57.0173 4488 NetTcpPortSharing - ok
    17:40:57.0782 4488 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    17:40:57.0938 4488 netw5v64 - ok
    17:40:58.0141 4488 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    17:40:58.0141 4488 nfrd960 - ok
    17:40:58.0203 4488 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    17:40:58.0219 4488 NlaSvc - ok
    17:40:58.0281 4488 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    17:40:58.0281 4488 Npfs - ok
    17:40:58.0312 4488 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    17:40:58.0312 4488 nsi - ok
    17:40:58.0328 4488 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    17:40:58.0328 4488 nsiproxy - ok
    17:40:58.0577 4488 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    17:40:58.0655 4488 Ntfs - ok
    17:40:58.0827 4488 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    17:40:58.0827 4488 Null - ok
    17:40:58.0889 4488 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    17:40:58.0905 4488 nvraid - ok
    17:40:58.0967 4488 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    17:40:58.0983 4488 nvstor - ok
    17:40:59.0108 4488 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    17:40:59.0123 4488 nv_agp - ok
    17:40:59.0170 4488 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    17:40:59.0170 4488 ohci1394 - ok
    17:40:59.0342 4488 ose64 (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    17:40:59.0357 4488 ose64 - ok
    17:40:59.0997 4488 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    17:41:00.0153 4488 osppsvc - ok
    17:41:00.0371 4488 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:41:00.0371 4488 p2pimsvc - ok
    17:41:00.0465 4488 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    17:41:00.0481 4488 p2psvc - ok
    17:41:00.0715 4488 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    17:41:00.0715 4488 Parport - ok
    17:41:00.0761 4488 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
    17:41:00.0761 4488 partmgr - ok
    17:41:00.0824 4488 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    17:41:00.0839 4488 PcaSvc - ok
    17:41:00.0886 4488 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    17:41:00.0902 4488 pci - ok
    17:41:00.0917 4488 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    17:41:00.0917 4488 pciide - ok
    17:41:00.0980 4488 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:41:00.0995 4488 pcmcia - ok
    17:41:01.0027 4488 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    17:41:01.0042 4488 pcw - ok
    17:41:01.0105 4488 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    17:41:01.0136 4488 PEAUTH - ok
    17:41:01.0229 4488 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    17:41:01.0229 4488 PerfHost - ok
    17:41:01.0432 4488 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    17:41:01.0495 4488 pla - ok
    17:41:01.0619 4488 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
    17:41:01.0635 4488 PlugPlay - ok
    17:41:01.0682 4488 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    17:41:01.0682 4488 PNRPAutoReg - ok
    17:41:01.0744 4488 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    17:41:01.0744 4488 PNRPsvc - ok
    17:41:01.0838 4488 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    17:41:01.0853 4488 PolicyAgent - ok
    17:41:01.0916 4488 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    17:41:01.0931 4488 Power - ok
    17:41:02.0009 4488 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    17:41:02.0025 4488 PptpMiniport - ok
    17:41:02.0150 4488 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    17:41:02.0150 4488 Processor - ok
    17:41:02.0212 4488 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
    17:41:02.0212 4488 ProfSvc - ok
    17:41:02.0243 4488 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:41:02.0259 4488 ProtectedStorage - ok
    17:41:02.0306 4488 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    17:41:02.0306 4488 Psched - ok
    17:41:02.0540 4488 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    17:41:02.0618 4488 ql2300 - ok
    17:41:02.0821 4488 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    17:41:02.0836 4488 ql40xx - ok
    17:41:02.0883 4488 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    17:41:02.0899 4488 QWAVE - ok
    17:41:02.0977 4488 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    17:41:02.0977 4488 QWAVEdrv - ok
    17:41:03.0008 4488 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    17:41:03.0008 4488 RasAcd - ok
    17:41:03.0070 4488 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    17:41:03.0070 4488 RasAgileVpn - ok
    17:41:03.0117 4488 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    17:41:03.0133 4488 RasAuto - ok
    17:41:03.0164 4488 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:41:03.0179 4488 Rasl2tp - ok
    17:41:03.0304 4488 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    17:41:03.0320 4488 RasMan - ok
    17:41:03.0351 4488 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:41:03.0367 4488 RasPppoe - ok
    17:41:03.0398 4488 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    17:41:03.0398 4488 RasSstp - ok
    17:41:03.0445 4488 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    17:41:03.0460 4488 rdbss - ok
    17:41:03.0554 4488 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    17:41:03.0569 4488 rdpbus - ok
     
  6. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    17:41:03.0616 4488 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:41:03.0616 4488 RDPCDD - ok
    17:41:03.0647 4488 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    17:41:03.0647 4488 RDPENCDD - ok
    17:41:03.0679 4488 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    17:41:03.0679 4488 RDPREFMP - ok
    17:41:03.0725 4488 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
    17:41:03.0725 4488 RDPWD - ok
    17:41:03.0835 4488 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    17:41:03.0850 4488 rdyboost - ok
    17:41:03.0881 4488 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    17:41:03.0881 4488 RemoteAccess - ok
    17:41:03.0928 4488 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    17:41:03.0928 4488 RemoteRegistry - ok
    17:41:04.0100 4488 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    17:41:04.0115 4488 RoxioNow Service - ok
    17:41:04.0147 4488 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    17:41:04.0147 4488 RpcEptMapper - ok
    17:41:04.0178 4488 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    17:41:04.0178 4488 RpcLocator - ok
    17:41:04.0256 4488 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    17:41:04.0271 4488 RpcSs - ok
    17:41:04.0443 4488 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys
    17:41:04.0459 4488 RSPCIESTOR - ok
    17:41:04.0505 4488 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    17:41:04.0505 4488 rspndr - ok
    17:41:04.0724 4488 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    17:41:04.0739 4488 RTL8167 - ok
    17:41:04.0771 4488 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:41:04.0771 4488 SamSs - ok
    17:41:04.0817 4488 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    17:41:04.0817 4488 sbp2port - ok
    17:41:04.0895 4488 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    17:41:04.0911 4488 SCardSvr - ok
    17:41:04.0989 4488 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    17:41:04.0989 4488 scfilter - ok
    17:41:05.0129 4488 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    17:41:05.0161 4488 Schedule - ok
    17:41:05.0239 4488 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    17:41:05.0254 4488 SCPolicySvc - ok
    17:41:05.0301 4488 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    17:41:05.0317 4488 sdbus - ok
    17:41:05.0348 4488 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    17:41:05.0364 4488 SDRSVC - ok
    17:41:05.0426 4488 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    17:41:05.0426 4488 secdrv - ok
    17:41:05.0504 4488 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    17:41:05.0535 4488 seclogon - ok
    17:41:05.0582 4488 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    17:41:05.0582 4488 SENS - ok
    17:41:05.0613 4488 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    17:41:05.0629 4488 SensrSvc - ok
    17:41:05.0660 4488 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    17:41:05.0660 4488 Serenum - ok
    17:41:05.0676 4488 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    17:41:05.0691 4488 Serial - ok
    17:41:05.0722 4488 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    17:41:05.0722 4488 sermouse - ok
    17:41:05.0847 4488 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    17:41:05.0863 4488 SessionEnv - ok
    17:41:05.0894 4488 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    17:41:05.0894 4488 sffdisk - ok
    17:41:05.0925 4488 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    17:41:05.0925 4488 sffp_mmc - ok
    17:41:05.0941 4488 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    17:41:05.0956 4488 sffp_sd - ok
    17:41:05.0988 4488 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    17:41:05.0988 4488 sfloppy - ok
    17:41:06.0128 4488 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    17:41:06.0144 4488 SharedAccess - ok
    17:41:06.0222 4488 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    17:41:06.0237 4488 ShellHWDetection - ok
    17:41:06.0284 4488 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    17:41:06.0284 4488 SiSRaid2 - ok
    17:41:06.0393 4488 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    17:41:06.0409 4488 SiSRaid4 - ok
    17:41:06.0456 4488 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    17:41:06.0456 4488 Smb - ok
    17:41:06.0518 4488 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    17:41:06.0518 4488 SNMPTRAP - ok
    17:41:06.0549 4488 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    17:41:06.0549 4488 spldr - ok
    17:41:06.0736 4488 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    17:41:06.0752 4488 Spooler - ok
    17:41:07.0142 4488 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    17:41:07.0220 4488 sppsvc - ok
    17:41:07.0392 4488 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    17:41:07.0423 4488 sppuinotify - ok
    17:41:07.0579 4488 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    17:41:07.0579 4488 srv - ok
    17:41:07.0641 4488 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    17:41:07.0657 4488 srv2 - ok
    17:41:07.0750 4488 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    17:41:07.0782 4488 SrvHsfHDA - ok
    17:41:07.0922 4488 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    17:41:07.0984 4488 SrvHsfV92 - ok
    17:41:08.0203 4488 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    17:41:08.0250 4488 SrvHsfWinac - ok
    17:41:08.0312 4488 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    17:41:08.0328 4488 srvnet - ok
    17:41:08.0390 4488 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    17:41:08.0406 4488 SSDPSRV - ok
    17:41:08.0421 4488 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    17:41:08.0421 4488 SstpSvc - ok
    17:41:08.0655 4488 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
    17:41:08.0671 4488 STacSV - ok
    17:41:08.0702 4488 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    17:41:08.0702 4488 stexstor - ok
    17:41:08.0811 4488 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
    17:41:08.0842 4488 STHDA - ok
    17:41:08.0967 4488 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    17:41:08.0983 4488 stisvc - ok
    17:41:09.0030 4488 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    17:41:09.0030 4488 swenum - ok
    17:41:09.0139 4488 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    17:41:09.0154 4488 swprv - ok
    17:41:09.0357 4488 SynTP (c447977ed2a4ae9346fe3a0579a34d7c) C:\Windows\system32\DRIVERS\SynTP.sys
    17:41:09.0420 4488 SynTP - ok
    17:41:09.0763 4488 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    17:41:09.0810 4488 SysMain - ok
    17:41:09.0966 4488 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    17:41:09.0981 4488 TabletInputService - ok
    17:41:10.0044 4488 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    17:41:10.0059 4488 TapiSrv - ok
    17:41:10.0106 4488 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    17:41:10.0122 4488 TBS - ok
    17:41:10.0449 4488 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
    17:41:10.0512 4488 Tcpip - ok
    17:41:10.0980 4488 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:41:11.0011 4488 TCPIP6 - ok
    17:41:11.0151 4488 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    17:41:11.0167 4488 tcpipreg - ok
    17:41:11.0229 4488 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    17:41:11.0229 4488 TDPIPE - ok
    17:41:11.0260 4488 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
    17:41:11.0292 4488 TDTCP - ok
    17:41:11.0338 4488 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    17:41:11.0354 4488 tdx - ok
    17:41:11.0432 4488 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    17:41:11.0432 4488 TermDD - ok
    17:41:11.0510 4488 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    17:41:11.0541 4488 TermService - ok
    17:41:11.0588 4488 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    17:41:11.0588 4488 Themes - ok
    17:41:11.0650 4488 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    17:41:11.0666 4488 THREADORDER - ok
    17:41:11.0682 4488 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    17:41:11.0682 4488 TrkWks - ok
    17:41:11.0744 4488 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    17:41:11.0744 4488 TrustedInstaller - ok
    17:41:11.0806 4488 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:41:11.0806 4488 tssecsrv - ok
    17:41:11.0931 4488 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    17:41:11.0947 4488 TsUsbFlt - ok
    17:41:11.0994 4488 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    17:41:12.0009 4488 tunnel - ok
    17:41:12.0040 4488 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    17:41:12.0056 4488 uagp35 - ok
    17:41:12.0118 4488 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    17:41:12.0134 4488 udfs - ok
    17:41:12.0212 4488 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    17:41:12.0228 4488 UI0Detect - ok
    17:41:12.0274 4488 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    17:41:12.0290 4488 uliagpkx - ok
    17:41:12.0321 4488 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    17:41:12.0321 4488 umbus - ok
    17:41:12.0352 4488 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    17:41:12.0352 4488 UmPass - ok
    17:41:12.0415 4488 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    17:41:12.0446 4488 upnphost - ok
    17:41:12.0508 4488 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:41:12.0524 4488 usbccgp - ok
    17:41:12.0586 4488 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    17:41:12.0586 4488 usbcir - ok
    17:41:12.0664 4488 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    17:41:12.0664 4488 usbehci - ok
    17:41:12.0742 4488 usbfilter (dc2b306861f42eeeb92ef525f4119f08) C:\Windows\system32\DRIVERS\usbfilter.sys
    17:41:12.0758 4488 usbfilter - ok
    17:41:12.0836 4488 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    17:41:12.0852 4488 usbhub - ok
    17:41:12.0883 4488 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    17:41:12.0883 4488 usbohci - ok
    17:41:12.0914 4488 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    17:41:12.0930 4488 usbprint - ok
    17:41:12.0992 4488 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    17:41:13.0008 4488 usbscan - ok
    17:41:13.0039 4488 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:41:13.0039 4488 USBSTOR - ok
    17:41:13.0117 4488 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    17:41:13.0117 4488 usbuhci - ok
    17:41:13.0398 4488 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
    17:41:13.0398 4488 usbvideo - ok
    17:41:13.0429 4488 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    17:41:13.0444 4488 UxSms - ok
    17:41:13.0476 4488 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    17:41:13.0491 4488 VaultSvc - ok
    17:41:13.0554 4488 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    17:41:13.0554 4488 vdrvroot - ok
    17:41:13.0678 4488 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    17:41:13.0710 4488 vds - ok
    17:41:13.0756 4488 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:41:13.0756 4488 vga - ok
    17:41:13.0788 4488 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    17:41:13.0788 4488 VgaSave - ok
    17:41:13.0834 4488 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    17:41:13.0850 4488 vhdmp - ok
    17:41:13.0912 4488 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    17:41:13.0912 4488 viaide - ok
    17:41:13.0944 4488 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    17:41:13.0944 4488 volmgr - ok
    17:41:14.0022 4488 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    17:41:14.0037 4488 volmgrx - ok
    17:41:14.0068 4488 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    17:41:14.0084 4488 volsnap - ok
    17:41:14.0193 4488 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    17:41:14.0193 4488 vsmraid - ok
    17:41:14.0380 4488 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    17:41:14.0427 4488 VSS - ok
    17:41:14.0708 4488 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    17:41:14.0739 4488 vToolbarUpdater11.2.0 - ok
    17:41:14.0942 4488 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    17:41:14.0942 4488 vwifibus - ok
    17:41:14.0989 4488 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    17:41:14.0989 4488 vwififlt - ok
    17:41:15.0020 4488 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    17:41:15.0020 4488 vwifimp - ok
    17:41:15.0114 4488 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    17:41:15.0129 4488 W32Time - ok
    17:41:15.0192 4488 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    17:41:15.0192 4488 WacomPen - ok
    17:41:15.0238 4488 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:41:15.0238 4488 WANARP - ok
    17:41:15.0270 4488 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    17:41:15.0270 4488 Wanarpv6 - ok
    17:41:15.0472 4488 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
    17:41:15.0519 4488 WatAdminSvc - ok
    17:41:15.0722 4488 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    17:41:15.0769 4488 wbengine - ok
    17:41:15.0972 4488 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    17:41:15.0987 4488 WbioSrvc - ok
    17:41:16.0050 4488 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    17:41:16.0065 4488 wcncsvc - ok
    17:41:16.0112 4488 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    17:41:16.0112 4488 WcsPlugInService - ok
    17:41:16.0174 4488 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    17:41:16.0174 4488 Wd - ok
    17:41:16.0268 4488 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    17:41:16.0284 4488 Wdf01000 - ok
    17:41:16.0362 4488 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:41:16.0362 4488 WdiServiceHost - ok
    17:41:16.0362 4488 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    17:41:16.0377 4488 WdiSystemHost - ok
    17:41:16.0424 4488 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    17:41:16.0440 4488 WebClient - ok
    17:41:16.0486 4488 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    17:41:16.0502 4488 Wecsvc - ok
    17:41:16.0549 4488 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    17:41:16.0580 4488 wercplsupport - ok
    17:41:16.0642 4488 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    17:41:16.0658 4488 WerSvc - ok
    17:41:16.0736 4488 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    17:41:16.0752 4488 WfpLwf - ok
    17:41:16.0767 4488 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    17:41:16.0767 4488 WIMMount - ok
    17:41:16.0798 4488 WinDefend - ok
    17:41:16.0814 4488 WinHttpAutoProxySvc - ok
    17:41:16.0939 4488 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    17:41:16.0954 4488 Winmgmt - ok
    17:41:17.0235 4488 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    17:41:17.0313 4488 WinRM - ok
    17:41:17.0547 4488 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    17:41:17.0547 4488 WinUsb - ok
    17:41:17.0703 4488 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    17:41:17.0719 4488 Wlansvc - ok
    17:41:17.0812 4488 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    17:41:17.0812 4488 wlcrasvc - ok
    17:41:18.0124 4488 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    17:41:18.0234 4488 wlidsvc - ok
    17:41:18.0686 4488 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    17:41:18.0702 4488 WmiAcpi - ok
    17:41:18.0795 4488 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    17:41:18.0811 4488 wmiApSrv - ok
    17:41:18.0951 4488 WMPNetworkSvc - ok
    17:41:18.0998 4488 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    17:41:18.0998 4488 WPCSvc - ok
    17:41:19.0045 4488 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    17:41:19.0060 4488 WPDBusEnum - ok
    17:41:19.0076 4488 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    17:41:19.0092 4488 ws2ifsl - ok
    17:41:19.0107 4488 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    17:41:19.0123 4488 wscsvc - ok
    17:41:19.0216 4488 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
    17:41:19.0248 4488 WSDPrintDevice - ok
    17:41:19.0248 4488 WSearch - ok
    17:41:19.0544 4488 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
    17:41:19.0638 4488 wuauserv - ok
    17:41:19.0840 4488 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    17:41:19.0856 4488 WudfPf - ok
    17:41:19.0903 4488 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:41:19.0918 4488 WUDFRd - ok
    17:41:20.0012 4488 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    17:41:20.0012 4488 wudfsvc - ok
    17:41:20.0059 4488 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    17:41:20.0074 4488 WwanSvc - ok
    17:41:20.0184 4488 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    17:41:20.0199 4488 yukonw7 - ok
    17:41:20.0308 4488 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    17:41:20.0776 4488 \Device\Harddisk0\DR0 - ok
    17:41:20.0792 4488 Boot (0x1200) (2d0ffa2027c33f2922e6d3abc1e53b51) \Device\Harddisk0\DR0\Partition0
    17:41:20.0792 4488 \Device\Harddisk0\DR0\Partition0 - ok
    17:41:20.0808 4488 Boot (0x1200) (d522a1d7de9591b5c2d4b572ea085113) \Device\Harddisk0\DR0\Partition1
    17:41:20.0808 4488 \Device\Harddisk0\DR0\Partition1 - ok
    17:41:20.0854 4488 Boot (0x1200) (1ebc23b23ef74ee4d1502a20bc0b8fc0) \Device\Harddisk0\DR0\Partition2
    17:41:20.0854 4488 \Device\Harddisk0\DR0\Partition2 - ok
    17:41:20.0917 4488 Boot (0x1200) (666c1154316cdf7af5f9129d8b8fb5ca) \Device\Harddisk0\DR0\Partition3
    17:41:20.0932 4488 \Device\Harddisk0\DR0\Partition3 - ok
    17:41:20.0932 4488 ============================================================
    17:41:20.0932 4488 Scan finished
    17:41:20.0932 4488 ============================================================
    17:41:20.0964 4728 Detected object count: 0
    17:41:20.0964 4728 Actual detected object count: 0
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

    There are 2 different versions. If one of them won't run then download and try to run the other one.

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.

    ======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  8. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Rkill log:

    Rkill 2.1.0 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2012 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/10/2012 05:50:28 PM in x64 mode.
    Windows Version: Windows 7

    Checking for Windows services to stop.

    * No malware services found to stop.

    Checking for processes to terminate.

    * No malware processes found to kill.

    Checking Registry for malware related settings.

    * Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

    Backup Registry file created at:
    C:\Users\Sara\Desktop\rkill-backup\rkill-08-10-2012-05-50-34.reg

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks.

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 08/10/2012 05:50:50 PM
    Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)
     
  9. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Sorry for the delay. This one took longer to scan. :)

    aswMBR log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-10 17:53:13
    -----------------------------
    17:53:13.178 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:53:13.178 Number of processors: 2 586 0x603
    17:53:13.178 ComputerName: QTBUG UserName: Sara
    17:53:15.674 Initialize success
    17:53:50.133 AVAST engine defs: 12081001
    17:53:58.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
    17:53:58.604 Disk 0 Vendor: WDC_WD32 02.0 Size: 305245MB BusType: 11
    17:53:58.994 Disk 0 MBR read successfully
    17:53:58.994 Disk 0 MBR scan
    17:53:59.010 Disk 0 Windows 7 default MBR code
    17:53:59.041 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    17:53:59.119 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289709 MB offset 409600
    17:53:59.197 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15232 MB offset 593733632
    17:53:59.353 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
    17:53:59.416 Disk 0 scanning C:\Windows\system32\drivers
    17:54:19.104 Service scanning
    17:55:29.668 Modules scanning
    17:55:29.678 Disk 0 trace - called modules:
    17:55:30.197 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    17:55:30.213 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042f73d0]
    17:55:30.228 3 CLASSPNP.SYS[fffff880019ac43f] -> nt!IofCallDriver -> [0xfffffa8004289340]
    17:55:30.228 5 amd_xata.sys[fffff880011417a8] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8004285200]
    17:55:32.787 AVAST engine scan C:\Windows
    17:55:37.304 AVAST engine scan C:\Windows\system32
    18:01:00.214 AVAST engine scan C:\Windows\system32\drivers
    18:01:32.074 AVAST engine scan C:\Users\Sara
    18:08:10.492 AVAST engine scan C:\ProgramData
    18:11:53.176 Scan finished successfully
    18:13:21.753 Disk 0 MBR has been saved successfully to "C:\Users\Sara\Desktop\MBR.dat"
    18:13:21.753 The log file has been saved successfully to "C:\Users\Sara\Desktop\aswMBR.txt"
     
  10. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That looks good.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Well that took awhile. So I'm hoping it completed correctly. Unfortunately, it took longer than the disable for AVG lasted. Thus, AVG turned itself back on a brought up an alert about combofix before it could finish. I hit allow and immediately re-disabled, so I hope it is okay. Please let me know if I need to re-run combofix and also how to permanently disable AVG if possible (I could only find instructions to temporarily disable for 15 minutes).

    Combofix caused my computer to restart and completed a log, so I'm hoping it worked properly.

    combfix log:

    ComboFix 12-08-09.01 - Sara 08/10/2012 19:07:40.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1961 [GMT -4:00]
    Running from: c:\users\Sara\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{00CC3543-A316-429A-8665-679ED8A687BF}.xps
    c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A37C9DCB-3E59-4B6A-A15D-2EDB16D977FA}.xps
    c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B4260E8B-AEEF-496C-B3DA-CFA77B6271D6}.xps
    c:\users\Sara\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F66FCDD0-833F-4FA1-ABAF-C9B427D8CD02}.xps
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-10 23:20 . 2012-08-10 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-10 19:46 . 2012-08-10 19:46 -------- d-----w- c:\users\Sara\AppData\Roaming\Malwarebytes
    2012-08-10 19:46 . 2012-08-10 19:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-10 19:46 . 2012-08-10 19:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-10 19:46 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 01:49 . 2012-08-03 01:49 9827016 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-07-12 05:42 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 01:49 . 2012-05-17 20:56 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-03 01:49 . 2011-05-31 23:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 05:37 . 2011-06-01 03:31 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-09 05:43 . 2012-07-11 17:10 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 17:10 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 17:10 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 17:10 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 17:10 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 17:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 17:10 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-19 15:38 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-19 15:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-19 15:39 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-19 15:39 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-19 15:38 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-19 15:39 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-19 15:38 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-19 15:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-19 15:38 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 05:50 . 2012-07-11 17:10 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 17:10 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:48 . 2012-07-11 17:10 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:45 . 2012-07-11 17:10 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 17:10 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 17:10 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 17:10 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 17:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 17:10 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-05-17 18:23 . 2012-05-17 18:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-05-17 18:23 . 2012-05-17 18:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-09 16:29 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-10 336384]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
    "ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-17 296056]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    .
    c:\users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-01 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-05-15 73856]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-05-15 28800]
    S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-05 377936]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-24 203776]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-10 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-11 2413056]
    S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-24 9079296]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-24 299520]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-01-11 338536]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-21 452200]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 01:49]
    .
    2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 12:47]
    .
    2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 12:47]
    .
    2012-07-27 c:\windows\Tasks\HPCeeScheduleForQTBUG$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    2012-08-09 c:\windows\Tasks\HPCeeScheduleForSara.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
    "EzPrint"="c:\program files (x86)\Lexmark 5600-6600 Series\ezprint.exe" [2010-02-04 131752]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-11 1128448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\5784bx84.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\MF.exe
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-10 19:41:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-10 23:41
    .
    Pre-Run: 225,046,806,528 bytes free
    Post-Run: 226,661,023,744 bytes free
    .
    - - End Of File - - 9BEE0D106D2408C393DE40A2A4AF8F7D
     
  12. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    If you read my instructions you would know that AVG should be uninstalled in order to run Combofix.
    Too late.

    Combofix log looks good.

    How is computer doing?

    =================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Doh! I'm so sorry. :( I read the instructions 6 times over slowly, then printed them out and followed them step by step (or so I thought).

    I thought it was some special kind of AVG since it had Internet Security after it. I thought I was okay since I had AVG Antivirus and the link with the list for disabling had instructions for shutting it off temporarily. Now I realize they were 2 products and regular AVG was one of them. >_< My apologies.

    The computer seems to be running fine. I haven't received any other virus warnings upon start up. :)

    I will proceed with the additional steps now.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,892   +344

  15. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    No malicious items detected.

    Malwarebytes log 2:

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.10.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Sara :: QTBUG [administrator]

    8/10/2012 11:05:45 PM
    mbam-log-2012-08-10 (23-05-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197236
    Time elapsed: 3 minute(s), 23 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  16. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    OTL.txt:

    OTL logfile created on: 8/10/2012 11:19:52 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Sara\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.17% Memory free
    7.49 Gb Paging File | 5.59 Gb Available in Paging File | 74.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 282.92 Gb Total Space | 210.97 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
    Drive D: | 14.87 Gb Total Space | 1.55 Gb Free Space | 10.40% Space Free | Partition Type: NTFS

    Computer Name: QTBUG | User Name: Sara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012/08/10 23:10:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
    PRC - [2012/07/28 16:44:00 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/09 12:29:20 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/07/09 12:29:18 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/05/17 14:23:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/12/11 02:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    PRC - [2010/11/18 15:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
    PRC - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/02/04 05:10:51 | 000,131,752 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe
    PRC - [2010/02/04 05:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/28 16:43:59 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/07/09 12:29:21 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
    MOD - [2012/07/09 12:29:18 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/11/18 16:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\PictureMover\EN-US\Presentation.dll
    MOD - [2010/11/18 15:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Sara\AppData\Roaming\PictureMover\Bin\Core.dll
    MOD - [2010/02/04 05:10:44 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
    MOD - [2010/02/04 04:28:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
    MOD - [2010/02/04 04:28:27 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
    MOD - [2010/02/04 04:28:26 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudrs.dll
    MOD - [2010/02/04 04:27:21 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\iptk.dll
    MOD - [2010/02/04 04:17:11 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
    MOD - [2010/02/04 04:17:07 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
    MOD - [2009/07/13 21:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
    MOD - [2007/09/06 05:11:34 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduptp.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/01/11 18:03:19 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/04/24 02:03:32 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/12/10 02:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/05 23:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/07/21 18:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/06/17 08:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
    SRV:64bit: - [2009/10/16 11:06:39 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/08/02 21:49:59 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/28 16:44:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/09 12:29:20 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2012/01/11 18:02:16 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/09/11 05:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/06/18 21:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/16 11:06:30 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/11 18:07:20 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2012/01/11 18:03:19 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2012/01/11 18:02:17 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/11/02 22:14:13 | 004,729,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/04/24 03:56:42 | 009,079,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/24 01:27:28 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2011/03/21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2010/12/11 02:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/06/17 09:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
    DRV:64bit: - [2010/05/15 14:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/05/15 14:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/05/06 09:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV:64bit: - [2010/04/29 08:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={...29834cf6709&lang=us&ds=AVG&pr=fr&d=2011-12-13 11:39:15&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/04/20 06:05:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/20 06:06:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 12:48:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 12:29:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 16:44:00 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 11:42:05 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/28 16:44:00 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/22 11:42:05 | 000,000,000 | ---D | M]

    [2012/03/19 15:18:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\Mozilla\Extensions
    [2012/08/05 01:40:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\5784bx84.default\extensions
    [2012/04/24 19:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/07/09 12:29:28 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
    [2012/07/28 16:44:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/04/08 14:23:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2012/05/17 14:23:47 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2012/07/09 12:29:18 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/02/04 15:01:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/02/04 15:01:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.202\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

    O1 HOSTS File: ([2012/08/10 19:24:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 5600-6600 Series\ezprint.exe (Lexmark International Inc.)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [lxdumon.exe] C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC6006A7-89E4-4561-86E9-80D5FB4A3D39}: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/10 23:10:25 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
    [2012/08/10 19:47:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/10 19:42:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/08/10 19:06:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/10 19:06:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/10 19:06:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/10 19:06:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/10 19:05:45 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/10 18:28:13 | 004,728,003 | R--- | C] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe
    [2012/08/10 17:52:20 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe
    [2012/08/10 17:50:34 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\rkill-backup
    [2012/08/10 17:50:23 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Sara\Desktop\rkill.exe
    [2012/08/10 17:39:57 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\tdsskiller
    [2012/08/10 15:46:58 | 000,000,000 | ---D | C] -- C:\Users\Sara\AppData\Roaming\Malwarebytes
    [2012/08/10 15:46:40 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/08/10 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/10 15:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/08/10 15:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/10 15:41:57 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sara\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/17 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Sara\Desktop\Becker Promise

    ========== Files - Modified Within 30 Days ==========

    [2012/08/10 23:15:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/10 23:10:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
    [2012/08/10 22:54:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/10 22:54:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/10 22:47:17 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/10 22:46:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/10 22:46:55 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/10 21:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/08/10 19:24:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/08/10 18:34:07 | 103,556,711 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/10 18:28:15 | 004,728,003 | R--- | M] (Swearware) -- C:\Users\Sara\Desktop\ComboFix.exe
    [2012/08/10 18:13:21 | 000,000,512 | ---- | M] () -- C:\Users\Sara\Desktop\MBR.dat
    [2012/08/10 17:52:50 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Sara\Desktop\aswMBR.exe
    [2012/08/10 17:50:23 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Sara\Desktop\rkill.exe
    [2012/08/10 17:39:17 | 002,117,108 | ---- | M] () -- C:\Users\Sara\Desktop\tdsskiller.zip
    [2012/08/10 16:00:23 | 000,302,592 | ---- | M] () -- C:\Users\Sara\Desktop\x5xqskuc.exe
    [2012/08/10 15:46:42 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/10 15:41:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sara\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/08/10 15:36:28 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/08/10 15:36:28 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/08/10 15:36:28 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/08/10 03:06:45 | 000,449,254 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2012/08/09 15:17:03 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/08/09 14:17:10 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSara.job
    [2012/08/04 16:59:50 | 000,014,265 | ---- | M] () -- C:\Users\Sara\Desktop\0804121652.jpg
    [2012/07/27 16:26:25 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForQTBUG$.job
    [2012/07/26 00:30:21 | 001,005,392 | ---- | M] () -- C:\Users\Sara\Desktop\bcar_monthly(1).pdf
    [2012/07/26 00:30:09 | 000,381,825 | ---- | M] () -- C:\Users\Sara\Desktop\direct_debit.pdf
    [2012/07/26 00:30:09 | 000,240,833 | ---- | M] () -- C:\Users\Sara\Desktop\cc_auth.pdf
    [2012/07/18 19:52:02 | 000,097,789 | ---- | M] () -- C:\Users\Sara\Desktop\Insanity-Workout-Calendar.jpg
    [2012/07/12 12:07:41 | 000,419,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/08/10 19:06:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/10 19:06:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/10 19:06:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/10 19:06:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/10 19:06:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/10 18:13:21 | 000,000,512 | ---- | C] () -- C:\Users\Sara\Desktop\MBR.dat
    [2012/08/10 17:39:16 | 002,117,108 | ---- | C] () -- C:\Users\Sara\Desktop\tdsskiller.zip
    [2012/08/10 16:00:22 | 000,302,592 | ---- | C] () -- C:\Users\Sara\Desktop\x5xqskuc.exe
    [2012/08/10 15:46:42 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/04 16:59:49 | 000,014,265 | ---- | C] () -- C:\Users\Sara\Desktop\0804121652.jpg
    [2012/07/26 00:30:21 | 001,005,392 | ---- | C] () -- C:\Users\Sara\Desktop\bcar_monthly(1).pdf
    [2012/07/26 00:30:08 | 000,381,825 | ---- | C] () -- C:\Users\Sara\Desktop\direct_debit.pdf
    [2012/07/26 00:30:03 | 000,240,833 | ---- | C] () -- C:\Users\Sara\Desktop\cc_auth.pdf
    [2012/07/18 19:52:02 | 000,097,789 | ---- | C] () -- C:\Users\Sara\Desktop\Insanity-Workout-Calendar.jpg
    [2012/01/11 18:07:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/05/31 19:15:08 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
    [2011/05/31 19:15:08 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
    [2011/05/31 19:15:08 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
    [2011/05/31 19:15:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
    [2011/05/31 19:15:08 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
    [2011/05/31 19:15:08 | 000,589,824 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducoms.exe
    [2011/05/31 19:15:08 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
    [2011/05/31 19:15:08 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
    [2011/05/31 19:15:08 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
    [2011/05/31 19:15:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
    [2011/05/31 19:15:08 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducfg.exe
    [2011/05/31 19:15:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
    [2011/05/31 19:15:08 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
    [2011/05/31 19:15:08 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduih.exe
    [2011/04/20 05:56:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/02/16 20:57:18 | 000,003,883 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2011/01/05 20:15:11 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/09/24 18:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

    ========== LOP Check ==========

    [2011/05/31 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\AVG10
    [2011/06/05 00:30:22 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\LolClient
    [2012/03/18 20:12:36 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Media Finder
    [2011/05/31 19:08:57 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\PictureMover
    [2011/05/31 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Synaptics
    [2011/07/11 20:01:09 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Windows Live Writer
    [2012/03/27 07:54:55 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:502D809E

    < End of report >
     
  17. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    OTL Extras:

    OTL Extras logfile created on: 8/10/2012 11:19:52 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Sara\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.17% Memory free
    7.49 Gb Paging File | 5.59 Gb Available in Paging File | 74.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 282.92 Gb Total Space | 210.97 Gb Free Space | 74.57% Space Free | Partition Type: NTFS
    Drive D: | 14.87 Gb Total Space | 1.55 Gb Free Space | 10.40% Space Free | Partition Type: NTFS

    Computer Name: QTBUG | User Name: Sara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3935661792-1202293638-2811855829-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03EC3D00-A1E4-468C-991E-B796D72A4E44}" = rport=137 | protocol=17 | dir=out | app=system |
    "{0BB0F248-7F1C-40EE-953D-65231642106A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{0D50D8CD-EA73-4DBD-B305-5390DD7374B7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
    "{15F0234B-76FA-4CC2-ADEE-4EBC1A4385B3}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{16D5B728-EA78-408A-845A-13A31CC9C7F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{218BCB7F-1202-4D3A-A194-81D61E5E60BB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{25DBD427-776C-4D66-AE75-CB437268B433}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{2AF74E5A-1262-49A2-8D12-DCC6FE342066}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{30F6EB25-9A13-42FB-890B-18D3201679C6}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{5977E532-6CC4-4D68-94B8-47A05F66E9C9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5D16EE66-27E6-49E6-8503-5E8C43508711}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{683F8139-F37E-40E4-92A9-C853224CDE0D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{68AE325D-8323-483B-ABCF-63A47A875627}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{79A6C394-DED4-4A81-943E-C842BF40F4B6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{81FEC455-C813-458A-B6BE-62F811DFF506}" = lport=138 | protocol=17 | dir=in | app=system |
    "{860F05F3-44CC-46D4-B0CA-45D9AF585857}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{875C3D65-1136-4736-96E0-014D2293B8E5}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8B91DD2B-DDF5-4206-8EAB-5E51AB4EA0B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B1A83009-A401-45F3-9789-2B656BCDBD7D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C927D811-96A3-4CCC-930A-1A1518A61D01}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CA8A13AD-47A1-41E2-B259-A0054B8F13C7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D77EF9EA-4237-462B-B983-F866200FC028}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DD5B5CF3-4606-49BB-AD03-592CBF63D898}" = rport=139 | protocol=6 | dir=out | app=system |
    "{EFF77F89-5D0B-484C-B0C9-9C155336BA10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FDD16093-54E3-4052-8B67-EEADCAB07757}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FE8C6D45-F18E-4F61-BD68-A88C8E5B0CF0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0043A266-E898-4F92-90DD-1566ADD703CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{00F87F56-FEBF-4DEB-841A-E2CE5E076BE2}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{06396F8D-E30D-4CA7-991C-5642B337508A}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe |
    "{0DBFD0BD-CAB4-4298-8DB9-6E6BC707BC23}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{14C7338E-AF27-4A2F-82A6-982DFA8C8216}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{161AAB8E-A198-43E6-8DAD-F8CE050EEDB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{19E18041-3B36-4025-A913-D9665A0BE0A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
    "{1A601857-9CD9-4672-A5F9-2D1E2D685998}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1B7A4636-86F2-4409-AA59-1A14E0CF9B97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1DAAE2F4-2AE7-4527-AEC8-D7285AA1BAF8}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe |
    "{208DF756-52EF-4291-88C1-B7853644FB10}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{25ADC5D3-A39F-4041-9A70-C2390CDA1D5F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{261BB965-A689-4061-84C2-1A0537DD94F0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{2C2A9ABA-4643-4AAC-A12A-0C10A167B423}" = protocol=6 | dir=out | app=system |
    "{2F81B6E0-0E4E-4042-BD24-74DB97A62CE7}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{35AD29B5-2396-4EB5-9C56-FB866E30FCDA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3E49D743-3D07-43EB-A38A-86829B162280}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{4C07EFDE-9A10-42DD-A346-E3412505BFB5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{4CA65C1C-B5EA-48F5-935B-6653D2FD9A49}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{4E5737BC-BDB8-42E6-9C6A-6EB049CC2EC7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{5025F15F-A38E-428C-BDC8-BF652FA4F5A6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5E13FC1A-972D-42F3-9654-FE1E781B50CD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{5F6174C7-D84A-4BAF-A7CF-74DFBB8E3E30}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{6230BE78-4FCE-48B7-B285-C14B0EF3A4F8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{6666E847-781F-4CAD-A46D-31F4EF16A3CF}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{6FDF2DDC-0D33-4392-B17D-C4638B6D86E4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{711106DC-4FB1-49D1-9DA9-6BA638F056A6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{7240C2CC-674D-42C5-B06F-D363F6C02B9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{74714D71-16D8-4D7E-B5AD-6BE89190BCDF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{771AD7B1-71B5-4791-B5E0-1A83A452DDDF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
    "{795FABD1-1DC8-4EE8-B685-2076388AC478}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{7D383426-9ADB-454F-89C6-FACBF2395AE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{850138DC-7775-4705-946A-A023F04C9467}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{87A01BA5-4C25-455C-BBF7-472CADBCC951}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{887C90B4-995B-400D-BD42-1991960B98B3}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
    "{8FE76D57-A8BB-4454-BA6E-2E97C216A7A9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8FFFED37-CB9B-4021-A15A-0286FA838FC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
    "{935FC995-6E82-41A2-B439-288A4A916D96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{970A0EA8-48DC-4640-8D4D-F92EB4DA9E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{99B30912-C371-4295-ABBD-6D0C9E1FF851}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{A3AD3A7A-029D-4CCD-AA8E-209F64559FBA}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
    "{A6D9B494-2F6D-4CF6-ACAC-8BB823D8968F}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe |
    "{AE872C72-AF04-4BA5-A9C0-8D9FF1EEA0FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{B1CD53E6-7968-4A7D-9A22-0D447505A3AE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{B4F6E45E-1E4F-47FB-9E12-4EA706F671C1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{B511BC50-72DE-408B-BB0C-F85288E8068B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C2006CAF-995D-48CD-A905-63D75CC25813}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{C461769F-C875-4808-AFE8-F88A7E47E232}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{C76C80F8-35D4-4254-9FF3-4A70625315E8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgemca.exe |
    "{D1F646EE-A40A-4960-AFB0-37120C46BB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{D442ADD2-2485-4324-A839-432EF55CE093}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{D7BE6AAD-4E32-4F56-A451-6BE0F6D427E4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
    "{D97E48E1-6D5C-48BD-B9F1-E29B1E11F4BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E0097D79-5A60-447A-8E4F-53413F3F50F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{E9964336-4F75-4D28-A6B0-DB7294D1C3FE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EF36204D-D8A0-4AD6-8458-C6639F03CC3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{EF6FA3AF-8B7E-4C86-AEBC-1EE6307F9F39}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgnsa.exe |
    "{F97EFCC2-A328-49C7-8393-33102ACF4B51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgdiagex.exe |
    "{FA85EC31-63EF-4F56-9C73-EDCBD0A66223}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{FF9592AA-2653-4C63-A19A-179BBB27C548}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "TCP Query User{2F9E031C-6B3D-4D5E-A1D0-335C0FEAB557}F:\uniserver\usr\local\apache2\bin\apache.exe" = protocol=6 | dir=in | app=f:\uniserver\usr\local\apache2\bin\apache.exe |
    "TCP Query User{65631D61-1022-4821-975C-9EA1527C2BF5}F:\uniserver\usr\local\mysql\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=f:\uniserver\usr\local\mysql\bin\mysqld-opt.exe |
    "TCP Query User{D038BD97-260E-4128-8823-05D7CF58305F}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "TCP Query User{DC1BD63A-03DA-4F33-AC83-6FC7BC193704}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{1F32680A-BF81-4CEB-AE19-23DA6F3EF257}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
    "UDP Query User{46F973CB-8BF9-4413-92B3-43B42176CE58}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
    "UDP Query User{A8D4F101-C432-49FA-8ABA-91FB07EC9B32}F:\uniserver\usr\local\mysql\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=f:\uniserver\usr\local\mysql\bin\mysqld-opt.exe |
    "UDP Query User{F3ACABAA-B063-4B52-98FA-CBB863F47B4E}F:\uniserver\usr\local\apache2\bin\apache.exe" = protocol=17 | dir=in | app=f:\uniserver\usr\local\apache2\bin\apache.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
    "{1B6E46D9-BD48-F831-D337-64397E7EA1DB}" = ccc-utility64
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{224EC8DF-BC76-4CE4-32B8-4D174318F7ED}" = WMV9/VC-1 Video Playback
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{7D4CEDA5-DF94-45A1-A893-C8779C781236}" = AVG 2011
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D82AB0F7-69B0-4D8B-8BD6-6FC1BAB10010}" =
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E18E155E-73A9-0CCA-B796-05B09A1B5D97}" = ATI Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FE87BA4F-9866-8332-0A4F-59864BE2196A}" = AMD Fuel
    "AVG" = AVG 2011
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0A9A553D-A324-4C3C-B6E9-2464480BAE50}" = Catalyst Control Center - Branding
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{0F7254A8-4D75-979A-4445-EBC2EE90B6D2}" = CCC Help English
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{14D9E133-37C6-B9CB-36C5-EB76DBE80F5C}" = Catalyst Control Center Graphics Previews Common
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{30C2AFD7-C3CB-42D5-BF4D-26AA5B8104F8}" = Becker's Final Review - 2012 Edition
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{431D963B-16AA-FAB8-3E72-82CDB466FDD8}" = CCC Help Swedish
    "{4913D614-14AA-4728-B32C-678467E5AD58}" = HP Documentation
    "{49F633C6-1247-3052-F1F1-C3DC271A6E92}" = CCC Help Danish
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
    "{54C024E2-4761-EB23-88C5-77EE8977B854}" = CCC Help Polish
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A018BC8-CEC4-C0E2-5EB1-4DFF3CD5E052}" = CCC Help Japanese
    "{5FE4D5BB-0B56-DC7D-E5A4-49DB989983CC}" = CCC Help French
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F388ED3-8C2B-222D-9CA6-38C44A3F4569}" = CCC Help Italian
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70E09E33-5C83-F272-17D5-93858F2063F2}" = CCC Help Dutch
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
    "{7D12AB72-6A28-A280-0637-485760AFDBDC}" = ccc-core-static
    "{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{81BAE41F-EF43-4902-773E-64B105245EE0}" = CCC Help Chinese Standard
    "{82F6A47B-6651-0044-F871-AF99C15E4871}" = CCC Help German
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{962CB079-85E6-405F-8704-1C62365AE46F}" = HP Software Framework
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{98218567-28F7-0D1F-BD48-3041677E5CD4}" = CCC Help Hungarian
    "{994406A3-EA5C-B7C9-B0C0-E9019ADD3521}" = CCC Help Korean
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}" = Dungeons and Dragons Anthology: The Master Collection
    "{A671E7CA-23EA-A86E-A61F-E518143670C0}" = CCC Help Thai
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9AED85D-2194-F13C-EE99-F013DB2BD44F}" = CCC Help Russian
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
     
  18. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    "{AB32E35A-3CBE-6747-06A9-453469EF9CD2}" = CCC Help Chinese Traditional
    "{ABAF4569-6EDD-EA43-1574-EBA8911859BE}" = CCC Help Greek
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
    "{B21629A9-15DE-4E59-8242-D27DFF2E5F62}" = Becker's CPA Exam Review - 2012 Edition
    "{B949352B-D05B-5670-836E-430CCAAE28FA}" = CCC Help Spanish
    "{BC08BEE3-1503-0173-B7A5-8765AA20C08A}" = CCC Help Portuguese
    "{BCB2219D-A452-80E9-5C27-F497128DE10A}" = CCC Help Norwegian
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{BD302920-E48F-EE44-4DBF-F58994C8BDF3}" = CCC Help Finnish
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D2AC41BC-CA8B-846C-A711-42A2C8BC05BB}" = Catalyst Control Center InstallProxy
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}" = HP Power Manager
    "{D902BADB-499C-EF9E-B5D3-48B36566C3A6}" = Catalyst Control Center Localization All
    "{DA7B4F2B-0099-EEB6-6FB8-8F794248E982}" = CCC Help Czech
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Google Chrome" = Google Chrome
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "My HP Game Console" = HP Game Console
    "RealPlayer 15.0" = RealPlayer
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089299" = Mystery P.I. - The London Caper
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "YTdetect" = Yahoo! Detect
    "ZumoDrive" = HP CloudDrive

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3935661792-1202293638-2811855829-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 5/11/2012 7:03:15 AM | Computer Name = QTBug | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 5/11/2012 7:14:35 AM | Computer Name = QTBug | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 5/11/2012 7:14:46 AM | Computer Name = QTBug | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: The data is invalid. .

    Error - 5/17/2012 4:45:12 PM | Computer Name = QTBug | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Application or service 'hpCaslNotification' could not be shut down.

    Error - 5/17/2012 4:46:15 PM | Computer Name = QTBug | Source = Microsoft-Windows-RestartManager | ID = 10007
    Description = Application or service 'HPWMISVC' could not be restarted.

    Error - 6/2/2012 2:53:17 PM | Computer Name = QTBug | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe_stisvc, version: 6.1.7600.16385,
    time stamp: 0x4a5bc3c1 Faulting module name: wiaservc.dll, version: 6.1.7601.17514,
    time stamp: 0x4ce7ca0f Exception code: 0xc0000005 Fault offset: 0x000000000006b67f
    Faulting
    process id: 0x4d0 Faulting application start time: 0x01cd40d417458755 Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: c:\windows\system32\wiaservc.dll
    Report
    Id: 36a5d9c8-ace4-11e1-ac9d-2c27d7c7a713

    Error - 6/23/2012 2:34:05 AM | Computer Name = QTBug | Source = Application Hang | ID = 1002
    Description = The program plugin-container.exe version 13.0.1.4548 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 19f4 Start
    Time: 01cd5109b6044418 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\plugin-container.exe Report Id:

    Error - 6/30/2012 12:32:37 AM | Computer Name = QTBug | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1274 Start
    Time: 01cd567948e5e7b4 Termination Time: 19 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 6/30/2012 12:32:47 AM | Computer Name = QTBug | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 152c Start
    Time: 01cd56796078f2e2 Termination Time: 32 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id:

    Error - 7/15/2012 11:20:32 PM | Computer Name = QTBug | Source = Windows Backup | ID = 4100
    Description =

    [ Hewlett-Packard Events ]
    Error - 12/7/2011 3:54:08 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description =

    Error - 12/22/2011 8:46:30 PM | Computer Name = QTBug | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The communication object, System.ServiceModel.Channels.ServiceChannel,
    cannot be used for communication because it has been Aborted. StackTrace: Server
    stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicatorCallback.PostponeInstall(PostponeTime
    time) at HPSA_Messenger.MessengerPopUpWindow.btnStackRemindMeLater_Click(Object
    sender, RoutedEventArgs e) Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    Format:
    en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 3/7/2012 5:58:58 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The server did not provide a meaningful
    reply; this might be caused by a contract mismatch, a premature session shutdown
    or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
    action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
    outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

    at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

    Name:
    HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
    Framework\HPSF.exe Format: en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 4/12/2012 7:14:19 PM | Computer Name = QTBug | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The communication object, System.ServiceModel.Channels.ServiceChannel,
    cannot be used for communication because it has been Aborted. StackTrace: Server
    stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicatorCallback.PostponeInstall(PostponeTime
    time) at HPSA_Messenger.MessengerPopUpWindow.btnStackRemindMeLater_Click(Object
    sender, RoutedEventArgs e) Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    Format:
    en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 5/17/2012 4:21:15 PM | Computer Name = QTBug | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0] Message: The communication object, System.ServiceModel.Channels.ServiceChannel,
    cannot be used for communication because it has been Aborted. StackTrace: Server
    stack trace: at System.ServiceModel.Channels.CommunicationObject.ThrowIfDisposedOrNotOpen()

    at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway,
    ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)

    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
    methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
    message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
    reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
    msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicatorCallback.PostponeInstall(PostponeTime
    time) at HPSA_Messenger.MessengerPopUpWindow.btnStackRemindMeLater_Click(Object
    sender, RoutedEventArgs e) Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00
    Path:
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
    Format:
    en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    Error - 5/17/2012 4:38:32 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/17/2012 4:38:32 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/17/2012 4:38:40 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/27/2012 3:51:23 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description =

    Error - 6/27/2012 3:51:30 PM | Computer Name = QTBug | Source = HPSF.exe | ID = 4000
    Description =

    [ HP Software Framework Events ]
    Error - 5/9/2012 4:04:49 PM | Computer Name = QTBug | Source = CaslWmi | ID = 5
    Description = 2012/05/09 16:04:49.485|00001D64|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/9/2012 4:04:55 PM | Computer Name = QTBug | Source = CaslWmi | ID = 5
    Description = 2012/05/09 16:04:55.204|000014EC|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/16/2012 4:08:09 PM | Computer Name = QTBug | Source = CaslWmi | ID = 5
    Description = 2012/05/16 16:08:09.177|000015F8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/16/2012 4:08:11 PM | Computer Name = QTBug | Source = CaslWmi | ID = 5
    Description = 2012/05/16 16:08:11.664|00001608|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/17/2012 4:38:20 PM | Computer Name = QTBug | Source = CaslWmi | ID = 5
    Description = 2012/05/17 16:38:20.808|00001A80|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 5/17/2012 4:38:27 PM | Computer Name = QTBug | Source = CaslWmi | ID = 5
    Description = 2012/05/17 16:38:27.566|00001A08|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
    0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

    Error - 6/13/2012 7:04:46 PM | Computer Name = QTBug | Source = CaslSmBios | ID = 5
    Description = 2012/06/13 19:04:45.691|00001F94|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
    occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

    Error - 6/13/2012 7:04:48 PM | Computer Name = QTBug | Source = CaslSmBios | ID = 5
    Description = 2012/06/13 19:04:48.148|00001BEC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
    occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

    Error - 6/16/2012 3:05:55 AM | Computer Name = QTBug | Source = CaslSmBios | ID = 5
    Description = 2012/06/16 03:05:55.651|0000204C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
    occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

    Error - 6/16/2012 3:05:58 AM | Computer Name = QTBug | Source = CaslSmBios | ID = 5
    Description = 2012/06/16 03:05:58.491|000020FC|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
    occurred in querying WMI for WmiMonitorBrightness: 'Not supported '

    [ HP Wireless Assistant Events ]
    Error - 5/31/2011 7:14:29 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:15:39 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:16:46 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:17:54 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:19:02 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:20:09 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:21:17 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 5/31/2011 7:22:25 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
    (Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    Error - 7/3/2011 4:28:02 PM | Computer Name = QTBug | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException Call was canceled by the
    message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
    System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
    IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
    o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()

    at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
    hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
    radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()

    at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 7/3/2012 12:08:50 PM | Computer Name = QTBug | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    [ Media Center Events ]
    Error - 3/29/2012 3:28:31 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 3:28:31 AM - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 3/29/2012 3:29:34 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 3:29:13 AM - Failed to retrieve NetTV (Error: Unable to connect to
    the remote server)

    Error - 3/29/2012 3:30:17 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 3:29:55 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    Error - 3/29/2012 3:30:59 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 3:30:38 AM - Failed to retrieve SportsSchedule (Error: Unable to connect
    to the remote server)

    Error - 3/29/2012 3:31:41 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 3:31:20 AM - Failed to retrieve SportsV2 (Error: Unable to connect
    to the remote server)

    Error - 3/29/2012 3:32:09 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 3:32:02 AM - Failed to retrieve Broadband (Error: Unable to connect
    to the remote server)

    Error - 5/8/2012 5:55:24 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 5:55:24 AM - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    Error - 5/8/2012 5:56:27 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 5:56:06 AM - Failed to retrieve NetTV (Error: Unable to connect to
    the remote server)

    Error - 5/8/2012 5:57:10 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 5:56:48 AM - Failed to retrieve MCESpotlight (Error: Unable to connect
    to the remote server)

    Error - 5/8/2012 5:57:36 AM | Computer Name = QTBug | Source = MCUpdate | ID = 0
    Description = 5:57:31 AM - Failed to retrieve MCEClientUX (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 8/10/2012 7:11:26 PM | Computer Name = QTBug | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/10/2012 7:15:02 PM | Computer Name = QTBug | Source = Application Popup | ID = 1060
    Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
    with this system. Please contact your software vendor for a compatible version
    of the driver.

    Error - 8/10/2012 7:22:02 PM | Computer Name = QTBug | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 8/10/2012 7:23:35 PM | Computer Name = QTBug | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 8/10/2012 7:24:47 PM | Computer Name = QTBug | Source = DCOM | ID = 10016
    Description =

    Error - 8/10/2012 7:25:59 PM | Computer Name = QTBug | Source = Service Control Manager | ID = 7000
    Description = The HP Support Assistant Service service failed to start due to the
    following error: %%31

    Error - 8/10/2012 7:25:59 PM | Computer Name = QTBug | Source = Service Control Manager | ID = 7000
    Description = The HP Wireless Assistant Service service failed to start due to the
    following error: %%31

    Error - 8/10/2012 7:48:19 PM | Computer Name = QTBug | Source = DCOM | ID = 10016
    Description =

    Error - 8/10/2012 9:39:16 PM | Computer Name = QTBug | Source = DCOM | ID = 10016
    Description =

    Error - 8/10/2012 10:48:18 PM | Computer Name = QTBug | Source = DCOM | ID = 10016
    Description =


    < End of report >
     
  19. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Duplicate. My apologies. I thought they didn't post at first. :p
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O4 - HKU\S-1-5-21-3935661792-1202293638-2811855829-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
      O4 - Startup: C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
      O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
      O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
      @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:502D809E
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    OTL fix results:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3935661792-1202293638-2811855829-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3935661792-1202293638-2811855829-1001\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
    C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk moved successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder\ not found.
    ADS C:\ProgramData\Temp:502D809E deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sara
    ->Temp folder emptied: 288838 bytes
    ->Temporary Internet Files folder emptied: 122355645 bytes
    ->Java cache emptied: 1168369 bytes
    ->FireFox cache emptied: 60959426 bytes
    ->Google Chrome cache emptied: 17712172 bytes
    ->Flash cache emptied: 4835 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3524534 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 197.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Sara
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Sara
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.56.0 log created on 08102012_234707

    Files\Folders moved on Reboot...
    C:\Users\Sara\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...
    File C:\Users\Sara\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

    Registry entries deleted on Reboot...
     
  22. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    checkup.txt:

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG Anti-Virus Free Edition 2011
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader X (10.1.3)
    Mozilla Firefox (14.0.1)
    Google Chrome 21.0.1180.60
    Google Chrome 21.0.1180.75
    Google Chrome VisualElementsManifest.xml..
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
  23. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    FSS:

    Farbar Service Scanner Version: 06-08-2012
    Ran by Sara (administrator) on 11-08-2012 at 00:05:02
    Running from "C:\Users\Sara\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  24. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    ESET found threats :(

    Again, thanks for all your help. It is much appreciated. <3

    ESET log:

    C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Default\aadddjdbgcdgdadcdagbdfgededcdadc\background.html Win32/BHO.OEI trojan cleaned by deleting - quarantined
    C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\5784bx84.default\extensions\ltqbdfcpur@ltqbdfcpur.org.xpi JS/Redirector.NCA trojan deleted - quarantined
     
  25. morkiemama

    morkiemama TS Rookie Topic Starter Posts: 21

    Dear Broni,

    Thank you again for all your help and patience. :) If you happen to respond again today, I just wanted to let you know that I will most likely be unavailable to respond as quickly as I have been. However, I will immediately implement any further steps you post as soon as I access them.

    Thanks again,

    Sara
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...