# "Windows could not automatically detect this network's proxy settings."



## dcarson108 (Jan 5, 2013)

I'm using my old laptop now. On my regular laptop, my internet icon has the yellow triangle and when I trouble shoot it, the message says "Windows could not automatically detect this network's proxy settings". 

Any idea what the problem? I googled it and none of the solutions seem to help. I think my computer is infected with malware right now. It is heating up quickly and I'm seeing ads in text in websites that don't do that (cbc, reddit, wikipedia). I had this issue a couple of months ago but Spybot seemed to fix the issue. 

Recently I noticed my computer was heating faster (and hotter) than usual so I ran a search again and it said no threats were found. Not too long after I start noticing the ads again so I know there is a problem. I have ran the search twice since then and still nothing. I was advised to use ccleaner, malwarebytes, and Super Anti-Spyware. It removed one other threat but the problem was still there. I then started using combofix, but I did not like the look of it so I stopped that scan. It seemed a little sketchy. 


As of this morning, I'm having the internet problem. My old laptop (the one I'm on now) and my girlfriend's laptop work fine. I connected it with the Ethernet cord and that didn't change anything. 

I have Windows 7. It's on a 2010 Samsung (I'm not very tech savvy so I'm not sure about all the other details). I primarily used Firefox, but I just switched to Googlechrome this week (well after the problems began). 


Anyone have some solutions? Should I post this in the virus section? Thanks a lot to anyone that can help.


----------



## kevinf80 (Mar 21, 2006)

Use your spare computer to d/l the following and save to a USB, transfer and run on the sick one. Transfer logs and post in next reply....

download Farbar Service Scanner and run it on the computer with the issue.
*Make sure the following options are checked:*


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center/Action Center*
*Windows Update*
*Windows Defender*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Also this one....

Download and save DDS to your USB stick, transfer to Desktop of sick PC from either of the following links:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://compendiate.net/sUBs/dds/dds.scr

*Note:* You must use Internet Explorer to download dds.scr, other browsers will open the file in the browser and not save it. Or if you must use Firefox, or Chrome, then right click the link and select "save link as" and save the file to your USB stick.

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created on your Desktop"

The logs will be named dds.txt and attach.txt".

Wait until the logs appear and then copy and paste their contents in your post.

Transfer logs and post in next reply...

Kevin


----------



## dcarson108 (Jan 5, 2013)

Thanks for the response.

The internet is working on my computer now, but I'm pretty sure the virus is still around. So I'm assuming I just skip the transfer with the USB and move right to the next few steps? I unfortunely don't have time tonight, but I will post all that tomorrow. Again, thanks for the response. I appreciate any hep I can get.


----------



## kevinf80 (Mar 21, 2006)

If the internet is now OK just run and post logs from DDS...:up:


----------



## dcarson108 (Jan 5, 2013)

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17153
Run by Dannnn at 21:18:03 on 2013-01-07
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.1737 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\runservice.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxpers.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
uSearch Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://websearch.mocaflix.com/
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: SaveAs Class: {1696D05C-C6CC-B007-08CD-818A6174ED1E} - C:\ProgramData\SaveAs\509f2a99e4a83.ocx
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: SaveAs Class: {C3F654DF-AAC2-1193-6F47-C58D29820BCD} - C:\ProgramData\SaveAs\509f29e091586.ocx
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - 
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: SMART Sync: {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
mRun: [SMART Board Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
mRun: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe"
mRun: [Response Desktop Menu] "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"
mRun: [SMARTClassroomCoordinator.exe] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9} : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\354555D275962756C6563737 : DHCPNameServer = 138.73.2.253 192.197.143.16 198.164.30.2
TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\56C6563647279636 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E917552B-B4F9-4B6D-BB82-EACBCDAF3A0F} : DHCPNameServer = 204.81.0.10 204.81.0.99
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
AppInit_DLLs= c:\progra~2\mocaflix\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B36405247-abbe-46bd-a5b2-eb7869a196fc%7D&mid=2a6c3a23be1c47d0aa7cd16d123da097-e7015f33aa7d2cccaf2bfc9911bbcc2ab3c5b0c5&ds=AVG&v=13.2.0.5&lang=en&pr=fr&d=2012-09-27%2009%3A18%3A53&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF - ExtSQL: 2012-11-26 23:16; [email protected]; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - c27331fe-7fb3-405b-ac64-b063e19ea68e
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3e06039800000000000018f46a3f6714
FF - user.js: extensions.incredibar_i.instlDay - 15655
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:27:45
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyTQ4yX7V
FF - user.js: extensions.incredibar_i.upn2n - 92262431172737351
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd - 
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 30568]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-8-28 13824]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2012-4-17 2560]
R2 Response Hardware;Response Hardware;C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-3-2 19312]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-11-16 1153368]
R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-3-21 580976]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-28 111616]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-8 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-15 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-4-15 166704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
.
=============== Created Last 30 ================
.
2013-01-04 20:24:02 -------- d-----w- C:\ComboFix
2013-01-04 15:04:09 -------- d-----w- C:\Users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 03:32:26 -------- d-----w- C:\Users\Dannnn\AppData\Roaming\Malwarebytes
2013-01-04 03:31:38 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-04 03:31:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-01-04 03:31:26 -------- d-----w- C:\Users\Dannnn\AppData\Local\Programs
2012-12-22 09:25:03 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 09:25:03 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 09:25:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 09:25:02 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-12 10:37:17 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-12 10:37:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-12 10:37:11 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-12-12 10:37:00 860672 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2012-12-12 10:37:00 696400 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-12-12 10:37:00 672832 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
==================== Find3M ====================
.
2013-01-06 12:51:53 857 --sha-w- C:\Windows\SysWow64\mmf.sys
2012-12-12 21:22:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:22:18 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 02:22:31 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec
2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-10-22 17:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 07:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 21:18:59.09 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 15/04/2012 9:03:26 PM
System Uptime: 07/01/2013 9:13:12 AM (12 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510 
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 181 GiB total, 125.263 GiB free.
D: is FIXED (NTFS) - 269 GiB total, 250.664 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 29/12/2012 10:34:01 AM - Scheduled Checkpoint
RP74: 04/01/2013 4:24:31 PM - ComboFix created restore point
RP75: 05/01/2013 12:46:07 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Audacity 2.0.2
AVG 2013
AVG Security Toolbar
BatteryLifeExtender
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Bonjour
Broadcom 802.11 Network Adapter
Build-a-lot
Chuzzle Deluxe
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
ETDWare PS/2-X64 8.0.7.0_WHQL
Farm Frenzy
Google Drive
Google Update Helper
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
John Deere Drive Green
Junk Mail filter update
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Optimizer Pro v3.0
OptimizerPro1 Updater
Peggle
Penguins!
Plants vs. Zombies
Polar Golfer
Realtek High Definition Audio Driver
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Update Plus
SaveAs
Search Assistant MocaFlix 1.66
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype 5.10
SMART Common Files
SMART English (United Kingdom) Language Pack
SMART Ink
SMART Notebook
SMART Product Drivers
SMART Response Software
SMART Sync Teacher
sprotector 1.62
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Vuze
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Yontoo 1.10.03
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
07/01/2013 8:29:19 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DANNN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{414029DD-4B3C-4920-83E1-004C64775EB9}. The master browser is stopping or an election is being forced.
06/01/2013 8:51:55 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
06/01/2013 8:45:07 AM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
06/01/2013 8:44:10 AM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
06/01/2013 8:43:40 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
06/01/2013 8:40:36 AM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: Afd. This service might not be installed.
06/01/2013 8:40:36 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
06/01/2013 8:40:23 AM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
06/01/2013 8:40:23 AM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
06/01/2013 8:38:23 AM, Error: Service Control Manager [7034] - The Response Hardware service terminated unexpectedly. It has done this 1 time(s).
06/01/2013 8:38:00 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
06/01/2013 8:37:54 AM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
06/01/2013 8:37:53 AM, Error: Service Control Manager [7003] - The TCP/IP NetBIOS Helper service depends the following service: Afd. This service might not be installed.
06/01/2013 8:26:16 AM, Error: Service Control Manager [7001] - The SSDP Discovery service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
04/01/2013 4:32:39 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
04/01/2013 4:27:13 PM, Error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
04/01/2013 11:33:54 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
01/01/2013 1:19:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
01/01/2013 1:18:04 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
01/01/2013 1:17:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

And in case you want it, here's the gmer log:

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-07 21:35:06
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465.76GB
Running: b0v48qmf.exe; Driver: C:\Users\Dannnn\AppData\Local\Temp\axdirpog.sys

---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[4068] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007738f9a0 5 bytes JMP 000000016cc09c40
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007738fa38 5 bytes JMP 000000016cc02730
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007738fbc8 5 bytes JMP 000000016cc09ba0
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007738fdec 5 bytes JMP 000000016cc09cd0
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey  0000000077390154 5 bytes JMP 000000016cc027c0
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 00000000773912cc 5 bytes JMP 000000016cc09e10
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\syswow64\kernel32.dll!InterlockedIncrement + 11 00000000757d13cb 7 bytes JMP 000000016cc09ad0
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 372 00000000757d22f6 7 bytes JMP 000000016cc099b0
.text C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe[3356] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW + 8 00000000757dca69 7 bytes JMP 000000016cc09890
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000757dd03c 5 bytes JMP 000000015d7f50b8
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075473e59 5 bytes JMP 000000015d821b8f
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075473eae 5 bytes JMP 000000015d82c68a
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075474731 5 bytes JMP 000000015d82fac2
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075475dee 5 bytes JMP 000000015d82ff84
? C:\Windows\system32\mssprxy.dll [644] entry point in ".rdata" section 0000000063e071e6
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ... * 9
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[644] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ...  * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[3540] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007738f941 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007738f94b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007738f9bd 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text  C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007738f9c7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007738fad5 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007738fadf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007738fb85 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007738fb8f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007738fbb5 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007738fbbf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007738fbcd 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007738fbd7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007738fbe5 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007738fbef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007738fc15 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007738fc1f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007738fc95 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007738fc9f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007738fcad 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007738fcb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007738fcf9 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007738fd03 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007738fd5d 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007738fd67 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007738fdf1 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007738fdfb 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007738ff39 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007738ff43 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077390049 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 0000000077390053 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077390731 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007739073b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077390fad 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077390fb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007739100d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077391017 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077391055 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 000000007739105f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000773910cd 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 00000000773910d7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000773912d1 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 00000000773912db 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000757d102d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000757d1062 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007561119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000756111cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 0000000076af4df0 5 bytes JMP 00000001000b03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SelectObject 0000000076af4eb0 5 bytes JMP 00000001000b05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetBkMode 0000000076af50eb 5 bytes JMP 00000001000b08f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetTextColor 0000000076af5176 5 bytes JMP 00000001000b0a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!DeleteObject 0000000076af5689 5 bytes JMP 00000001000b01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000076af5876 5 bytes JMP 00000001000b0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 0000000076af6abf 5 bytes JMP 00000001000b0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SaveDC 0000000076af6e3b 5 bytes JMP 00000001000b0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!RestoreDC 0000000076af6ee3 5 bytes JMP 00000001000b0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 0000000076af6fb9 5 bytes JMP 00000001000b06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StretchDIBits 0000000076af726e 5 bytes JMP 00000001000b0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 0000000076af7a94 5 bytes JMP 00000001000b03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextAlign 0000000076af7ca5 5 bytes JMP 00000001000b0d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 0000000076af7e47 5 bytes JMP 00000001000b0e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetTextAlign 0000000076af8080 5 bytes JMP 00000001000b09f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 0000000076af834a 5 bytes JMP 00000001000b0970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!MoveToEx 0000000076af86b6 5 bytes JMP 00000001000b0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 0000000076af89e9 5 bytes JMP 00000001000b02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 0000000076af8c0d 5 bytes JMP 00000001000b05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000076af95f4 5 bytes JMP 00000001000b00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetClipBox 0000000076af988e 5 bytes JMP 00000001000b0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 0000000076afac0a 5 bytes JMP 00000001000b0d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetFontData 0000000076afaf37 5 bytes JMP 00000001000b0c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!Rectangle 0000000076afb7c5 5 bytes JMP 00000001000b09b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!LineTo 0000000076afbba5 5 bytes JMP 00000001000b0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetICMMode 0000000076afbf60 5 bytes JMP 00000001000b0db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateICW 0000000076afc208 5 bytes JMP 00000001000b0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 0000000076afc4db 5 bytes JMP 00000001000b0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 0000000076afc6f6 5 bytes JMP 00000001000b06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 0000000076afcfb9 5 bytes JMP 00000001000b0df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 0000000076afd0d5 5 bytes JMP 00000001000b0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 0000000076afd8bf 5 bytes JMP 00000001000b0930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000076afe45d 5 bytes JMP 00000001000b00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ExtEscape 0000000076affd24 5 bytes JMP 00000001000b02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!Escape 0000000076b013bd 5 bytes JMP 00000001000b0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 0000000076b018d0 5 bytes JMP 00000001000b0cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode  0000000076b04bd0 5 bytes JMP 00000001000b0b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 0000000076b04d07 5 bytes JMP 00000001000b0b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!EndPage 0000000076b06665 5 bytes JMP 00000001000b0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!ResetDCW 0000000076b0e135 5 bytes JMP 00000001000b0ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 0000000076b193cd 5 bytes JMP 00000001000b0cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 0000000076b1c5d9 5 bytes JMP 00000001000b0bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 0000000076b1d26a 5 bytes JMP 00000001000b0bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 0000000076b1d8d1 5 bytes JMP 00000001000b0c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!AbortDoc 0000000076b23acc 5 bytes JMP 00000001000b0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!EndDoc 0000000076b23f19 5 bytes JMP 00000001000b01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StartPage 0000000076b2400a 5 bytes JMP 00000001000b0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StartDocW 0000000076b24c41 5 bytes JMP 00000001000b07f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!BeginPath 0000000076b253ed 5 bytes JMP 00000001000b0830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!SelectClipPath 0000000076b25444 5 bytes JMP 00000001000b0af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!CloseFigure 0000000076b2549f 5 bytes JMP 00000001000b0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!EndPath 0000000076b254f6 5 bytes JMP 00000001000b0a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!StrokePath 0000000076b2572f 5 bytes JMP 00000001000b07b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!FillPath 0000000076b257c2 5 bytes JMP 00000001000b0870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!PolylineTo 0000000076b25c34 5 bytes JMP 00000001000b04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 0000000076b25cc5 5 bytes JMP 00000001000b04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\GDI32.dll!PolyDraw 0000000076b25d77 5 bytes JMP 00000001000b08b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!MapWindowPoints 00000000758f819d 5 bytes JMP 00000001000c0570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 00000000758fc55d 5 bytes JMP 00000001000c02b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA  00000000759005ff 5 bytes JMP 00000001000c02f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClientRect 00000000759008e5 7 bytes JMP 00000001000c05b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetParent 0000000075900b0e 7 bytes JMP 00000001000c06f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000075900cd5 7 bytes JMP 00000001000c06b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000075900f14 5 bytes JMP 00000001000c05f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 00000000759027db 7 bytes JMP 00000001000c0630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!ScreenToClient 000000007590361b 7 bytes JMP 00000001000c0670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetCursor 0000000075904076 5 bytes JMP 00000001000c0530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000075907a54 7 bytes JMP 00000001000c0730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 00000000759087c9 5 bytes JMP 00000001000c00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 00000000759087e9 5 bytes JMP 00000001000c0330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!CloseClipboard 00000000759091f4 5 bytes JMP 00000001000c00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000075909232 5 bytes JMP 00000001000c0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000075909485 5 bytes JMP 00000001000c04f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 000000007590b779 5 bytes JMP 00000001000c01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 000000007590b798 5 bytes JMP 00000001000c03f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 000000007590b7b6 5 bytes JMP 00000001000c01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007590b7e6 5 bytes JMP 00000001000c04b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 000000007590cee9 5 bytes JMP 00000001000c0370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000075910880 5 bytes JMP 00000001000c0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 000000007591ec67 5 bytes JMP 00000001000c0430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 000000007591f66f 5 bytes JMP 00000001000c0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000075938de7 5 bytes JMP 00000001000c0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075939c8d 5 bytes JMP 00000001000c0770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000075939f3b 5 bytes JMP 00000001000c0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000075957e49 5 bytes JMP 00000001000c0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 00000000759582a1 5 bytes JMP 00000001000c0470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 00000000759584bf 5 bytes JMP 00000001000c03b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074ee9556 5 bytes JMP 00000001000d00f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074ef04d3 5 bytes JMP 00000001000d0130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074ef0b0b 5 bytes JMP 00000001000d0270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074ef0b80 5 bytes JMP 00000001000d01b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074ef0e80 5 bytes JMP 00000001000d0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074ef0fe8 5 bytes JMP 00000001000d00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074ef11a0 5 bytes JMP 00000001000d01f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074ef11ef 5 bytes JMP 00000001000d0230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074ef1479 5 bytes JMP 00000001000d0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074ef14e2 5 bytes JMP 00000001000d0170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\ole32.dll!OleSetClipboard 00000000756af2fe 5 bytes JMP 00000001000e0030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 00000000756b2489 5 bytes JMP 00000001000e0070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\ole32.dll!OleGetClipboard 00000000756df825 5 bytes JMP 00000001000e00b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe[5108] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007738f9a0 5 bytes JMP 000000016cc09c40
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007738fa38 5 bytes JMP 000000016cc02730
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007738fbc8 5 bytes JMP 000000016cc09ba0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007738fdec 5 bytes JMP 000000016cc09cd0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077390154 5 bytes JMP 000000016cc027c0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile  00000000773912cc 5 bytes JMP 000000016cc09e10
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\kernel32.dll!InterlockedIncrement + 11 00000000757d13cb 7 bytes JMP 000000016cc09ad0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW + 372 00000000757d22f6 7 bytes JMP 000000016cc099b0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\kernel32.dll!GetVolumeInformationW + 8 00000000757dca69 7 bytes JMP 000000016cc09890
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758f8b9a 5 bytes JMP 00000001657f8177
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075912a3e 5 bytes JMP 00000001659220e0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075912a62 5 bytes JMP 0000000165714b97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007593cc1a 5 bytes JMP 000000016592207d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007593cf72 5 bytes JMP 0000000165922143
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007594fd61 5 bytes JMP 0000000165922012
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007594fe2d 5 bytes JMP 0000000165921fa7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007594fe66 5 bytes JMP 0000000165921f45
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007594fe8a 5 bytes JMP 0000000165921ee3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000754d9404 5 bytes JMP 0000000165922c49
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 000000006f737c30 5 bytes JMP 0000000165923606
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 000000006f7d7bb2 5 bytes JMP 00000001659236a7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[728] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074f49a4c 5 bytes JMP 0000000165922d7b
? C:\Windows\system32\mssprxy.dll [728] entry point in ".rdata" section 0000000063e071e6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000758f8b9a 5 bytes JMP 00000001657f8177
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075902902 5 bytes JMP 000000016574d79a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075903f54 5 bytes JMP 000000016574c523
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075904858 5 bytes JMP 000000016570d6d9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 00000000759095fa 5 bytes JMP 0000000165922d44
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 000000007590b1dd 5 bytes JMP 0000000165922d0d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!EndDialog 000000007590c184 5 bytes JMP 0000000165715ad9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000759106b3 5 bytes JMP 00000001657a464b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075910a8f 5 bytes JMP 000000016574c5a8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075912174 5 bytes JMP 0000000165714274
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075912a3e 5 bytes JMP 00000001659220e0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075912a62 5 bytes JMP 0000000165714b97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075917051 5 bytes JMP 0000000165922577
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 000000007591711b 5 bytes JMP 0000000165922cd6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!CallNextHookEx 000000007591f006 5 bytes JMP 00000001657e9d5c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075920efc 5 bytes JMP 00000001658083a2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SendInput 000000007592195e 3 bytes JMP 00000001659234a0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SendInput + 4 0000000075921962 1 byte [F0]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetKeyboardState 00000000759224db 3 bytes JMP 00000001659228dc
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetKeyboardState + 4 00000000759224df 1 byte [F0]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075939c8d 5 bytes JMP 00000001659234f8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 000000007593cc1a 5 bytes JMP 000000016592207d
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 000000007593cf72 5 bytes JMP 0000000165922143
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 000000007594fd61 5 bytes JMP 0000000165922012
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 000000007594fe2d 5 bytes JMP 0000000165921fa7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxExA 000000007594fe66 5 bytes JMP 0000000165921f45
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!MessageBoxExW 000000007594fe8a 5 bytes JMP 0000000165921ee3
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\USER32.dll!keybd_event 000000007595044f 5 bytes JMP 000000016592382b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\ole32.dll!OleLoadFromStream  0000000075655bf6 5 bytes JMP 0000000165922433
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000756a590c 5 bytes JMP 00000001657f8c65
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075473e59 5 bytes JMP 000000016592249b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075473eae 5 bytes JMP 0000000165923015
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075474731 5 bytes JMP 0000000165922f7b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075475dee 5 bytes JMP 0000000165922fc6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000754d9404 5 bytes JMP 0000000165922c49
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ... * 9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheetW 000000006f737c30 5 bytes JMP 0000000165923606
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll!PropertySheet 000000006f7d7bb2 5 bytes JMP 00000001659236a7
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 0000000074f49a4c 5 bytes JMP 0000000165922d7b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[5940] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 0000000074f540fc 5 bytes JMP 0000000165922e15
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076811401 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076811419 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076811431 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007681144a 2 bytes [81, 76]
.text ...  * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000768114dd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000768114f5 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007681150d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076811525 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007681153d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076811555 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007681156d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076811585 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007681159d 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000768115b5 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000768115cd 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000768116b2 2 bytes [81, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe[5772] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000768116bd 2 bytes [81, 76]

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef648741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef6485f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef6485674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef6485e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef6487f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef6486a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef6486ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef6487b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef6487ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef64878b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef6484fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef6485d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[888] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef6487584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\spoolsv.exe [1556:1408] 000007fef91e10c8
Thread C:\Windows\System32\spoolsv.exe [1556:1396] 000007fef6db6144
Thread C:\Windows\System32\spoolsv.exe [1556:1400] 000007fef6d65fd0
Thread C:\Windows\System32\spoolsv.exe [1556:1404] 000007fef6d53438
Thread C:\Windows\System32\spoolsv.exe [1556:1204] 000007fef6d663ec
Thread C:\Windows\System32\spoolsv.exe [1556:2236] 000007fef9215e5c
Thread C:\Windows\System32\spoolsv.exe [1556:2300] 000007fef6ec484c
Thread C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1804:2376]  000000006f8c7620
Thread C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1804:2380] 000000006f8d9100
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1328:3020] 000007fefaac2a88
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3696:3792] 000007fefaac2a88
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3696:3956] 000007fefac76204
Thread C:\Program Files (x86)\AVG\AVG2013\avgui.exe [684:1420] 000000006f4c32fb
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:3756] 000000007247c724
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:3896] 000000007247c724
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:3392] 000000007247c724
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232:2296] 000000007247c724
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:688] 0000000066ea91c4
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:5084] 00000000743f879c
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4496] 0000000072cac59c
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4700] 0000000072cac59c
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4732] 0000000072cac59c
Thread C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384:4668] 0000000072cac59c
Thread C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [3356:4180] 000000006cc28c80
Thread C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [3356:4184] 000000006cc2fce0
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:3272] 00000000735229e1
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:4200] 00000000735229e1
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:4204] 00000000735229e1
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332:4208] 000000006a54a2c0
Thread C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [4916:4152] 000000006d177861
Thread C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [4916:4932] 000000006dc22f69
Thread C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [4916:3804] 0000000073352733
Thread C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe [5676:5684] 000000006d177861
Thread C:\Windows\system32\svchost.exe [6000:2860] 000007fef6d65fd0
Thread C:\Windows\system32\svchost.exe [6000:4084] 000007fef6d53438
Thread C:\Windows\system32\svchost.exe [6000:4908] 000007fef6d663ec
Thread C:\Windows\system32\DllHost.exe [3380:3040] 0000000063c0e320
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6796] 000000006cc28c80
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5324] 000000006cc2fce0
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:3924] 00000000616dfee5
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5440] 00000000616d8f6c
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6152] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5152]  000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1784] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5448] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5436] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6664] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2612] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6512] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6780] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6060] 00000000773c2e3e
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6528] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6884] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5236] 000000006dc22f69
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1136] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6540] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6292] 00000000773c3e59
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5792] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5424] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5432] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6184]  000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6668] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2588] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6812] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5524] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:5192] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2704] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1592] 0000000073352733
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7016] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:2064] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:3420] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6088] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7988] 00000000755b45e9
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7908] 0000000072ff6f14
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7440] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6548] 00000000773c3e59
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:6240] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7260] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7244] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:1176] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7580] 000000006654c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7364] 00000000773c3e59
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7656] 0000000076c2939b
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4048:7608] 000000006f4c32fb
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5484:4472] 00000000616d8f6c
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5484:2576] 000000006dc22f69
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [5484:7272] 00000000773c3e59
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:3568] 00000000616d8f6c
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:6368] 0000000057fbea20
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:6716] 0000000057fbea20
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:7064] 00000000773c2e3e
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:6920] 00000000773c3e59
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:1216] 0000000057fbea20
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:2000] 0000000057fbea20
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:4620] 000000006dc22f69
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [2544:7024] 00000000773c3e59
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\csrss.exe [676] 000007fefc3e0000
Library ? (*** suspicious ***) @ C:\Windows\SYSTEM32\WISPTIS.EXE [1276] 000007fefbd70000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1556] 000007fefa180000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1668] 00000000751f0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1728] 00000000768c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [1804] 0000000072d10000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [1916] 0000000072360000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2040] 000000006fe30000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe [2196] 000007fefbb90000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgemca.exe [2208] 000007fefdc70000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2240] 000000006f380000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [888] 000007fefc480000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [1328] 000007fef4430000
Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [3696] 000007fefc810000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [3784] 0000000076dd0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe [3916] 000000006e290000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\AVG\AVG2013\avgui.exe [684] 000000006a7e0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe [3232] 0000000073350000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe [3216] 0000000070930000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe [3384] 0000000073980000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe [3356] 000000006b7f0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [3592] 000000006aa60000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [3332] 00000000733e0000
Library ? (*** suspicious ***) @ C:\Program Files\iPod\bin\iPodService.exe [4252] 000007fefa6e0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [4868] 000007fefc3d0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe [2868] 0000000066730000
Library ? (*** suspicious ***) @ C:\Windows\system32\wuauclt.exe [5536] 000007fefb120000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [6000] 000007fefddb0000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4804] 000007fefdff0000
Library ? (*** suspicious ***) @ C:\Windows\system32\DllHost.exe [3380] 000007fefc3d0000

---- Disk sectors - GMER 2.0 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.0 ----


----------



## kevinf80 (Mar 21, 2006)

Run the following and post both logs:

*Step 1*

Please download the latest version of TDSSKiller from *Here* and save it to your Desktop.


 Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.










 Put a checkmark beside loaded modules.










 A *reboot* will be needed to apply the changes. *Do it.*
 TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
 Then click on Change parameters in TDSSKiller.
 Check all boxes then click OK.










 Click the Start Scan button.










 The scan will be quick.
 If a *suspicious* object is detected, the default action will be *Skip,* click on *Continue.*










 If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
 Ensure *Cure (default)* is selected, then click *Continue* > *Reboot* now to finish the cleaning process.










 Note: If *Cure* is not available, please choose *Skip* instead, do not choose *Delete* unless instructed.
 A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

*Step 2*

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post logs in next reply..

Kevin


----------



## dcarson108 (Jan 5, 2013)

06:46:17.0435 6856 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:46:17.0947 6856 ============================================================
06:46:17.0947 6856 Current date / time: 2013/01/08 06:46:17.0947
06:46:17.0947 6856 SystemInfo:
06:46:17.0947 6856 
06:46:17.0947 6856 OS Version: 6.1.7600 ServicePack: 0.0
06:46:17.0947 6856 Product type: Workstation
06:46:17.0947 6856 ComputerName: DANNNN-PC
06:46:17.0948 6856 UserName: Dannnn
06:46:17.0948 6856 Windows directory: C:\Windows
06:46:17.0948 6856 System windows directory: C:\Windows
06:46:17.0948 6856 Running under WOW64
06:46:17.0948 6856 Processor architecture: Intel x64
06:46:17.0948 6856 Number of processors: 2
06:46:17.0949 6856 Page size: 0x1000
06:46:17.0949 6856 Boot type: Normal boot
06:46:17.0949 6856 ============================================================
06:46:18.0407 6856 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:46:18.0412 6856 ============================================================
06:46:18.0412 6856 \Device\Harddisk0\DR0:
06:46:18.0415 6856 MBR partitions:
06:46:18.0415 6856 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:46:18.0415 6856 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16A00000
06:46:18.0439 6856 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16A33000, BlocksNum 0x21A52000
06:46:18.0439 6856 ============================================================
06:46:18.0467 6856 C: <-> \Device\Harddisk0\DR0\Partition2
06:46:18.0502 6856 D: <-> \Device\Harddisk0\DR0\Partition3
06:46:18.0502 6856 ============================================================
06:46:18.0502 6856 Initialize success
06:46:18.0502 6856 ============================================================
06:46:19.0353 7240 ============================================================
06:46:19.0354 7240 Scan started
06:46:19.0354 7240 Mode: Manual; 
06:46:19.0354 7240 ============================================================
06:46:21.0082 7240 ================ Scan system memory ========================
06:46:21.0082 7240 System memory - ok
06:46:21.0084 7240 ================ Scan services =============================
06:46:21.0393 7240 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
06:46:21.0449 7240 1394ohci - ok
06:46:21.0489 7240 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
06:46:21.0494 7240 ACPI - ok
06:46:21.0534 7240 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
06:46:21.0547 7240 AcpiPmi - ok
06:46:21.0671 7240 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:46:21.0674 7240 AdobeARMservice - ok
06:46:21.0807 7240 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:46:21.0811 7240 AdobeFlashPlayerUpdateSvc - ok
06:46:21.0855 7240 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:46:21.0865 7240 adp94xx - ok
06:46:21.0911 7240 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:46:21.0922 7240 adpahci - ok
06:46:21.0958 7240 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:46:21.0962 7240 adpu320 - ok
06:46:22.0009 7240 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:46:22.0011 7240 AeLookupSvc - ok
06:46:22.0063 7240 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
06:46:22.0070 7240 AFD - ok
06:46:22.0249 7240 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
06:46:22.0253 7240 agp440 - ok
06:46:22.0286 7240 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:46:22.0290 7240 ALG - ok
06:46:22.0334 7240 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
06:46:22.0337 7240 aliide - ok
06:46:22.0359 7240 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
06:46:22.0362 7240 amdide - ok
06:46:22.0395 7240 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:46:22.0399 7240 AmdK8 - ok
06:46:22.0411 7240 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:46:22.0416 7240 AmdPPM - ok
06:46:22.0469 7240 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:46:22.0474 7240 amdsata - ok
06:46:22.0507 7240 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:46:22.0519 7240 amdsbs - ok
06:46:22.0559 7240 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:46:22.0561 7240 amdxata - ok
06:46:22.0595 7240 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
06:46:22.0601 7240 AppID - ok
06:46:22.0644 7240 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:46:22.0647 7240 AppIDSvc - ok
06:46:22.0685 7240 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
06:46:22.0687 7240 Appinfo - ok
06:46:22.0786 7240 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:46:22.0788 7240 Apple Mobile Device - ok
06:46:22.0831 7240 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
06:46:22.0835 7240 arc - ok
06:46:22.0854 7240 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:46:22.0867 7240 arcsas - ok
06:46:22.0920 7240 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:46:22.0922 7240 AsyncMac - ok
06:46:22.0956 7240 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
06:46:22.0957 7240 atapi - ok
06:46:23.0022 7240 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
06:46:23.0082 7240 athr - ok
06:46:23.0146 7240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:46:23.0155 7240 AudioEndpointBuilder - ok
06:46:23.0171 7240 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:46:23.0181 7240 AudioSrv - ok
06:46:23.0367 7240 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
06:46:23.0483 7240 AVGIDSAgent - ok
06:46:23.0539 7240 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
06:46:23.0541 7240 AVGIDSDriver - ok
06:46:23.0625 7240 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
06:46:23.0626 7240 AVGIDSHA - ok
06:46:23.0665 7240 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
06:46:23.0668 7240 Avgldx64 - ok
06:46:23.0720 7240 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
06:46:23.0725 7240 Avgloga - ok
06:46:23.0760 7240 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
06:46:23.0762 7240 Avgmfx64 - ok
06:46:23.0814 7240 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
06:46:23.0816 7240 Avgrkx64 - ok
06:46:23.0853 7240 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
06:46:23.0856 7240 Avgtdia - ok
06:46:23.0909 7240 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
06:46:23.0911 7240 avgtp - ok
06:46:23.0959 7240 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
06:46:23.0962 7240 avgwd - ok
06:46:24.0014 7240 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:46:24.0024 7240 AxInstSV - ok
06:46:24.0074 7240 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:46:24.0082 7240 b06bdrv - ok
06:46:24.0117 7240 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:46:24.0122 7240 b57nd60a - ok
06:46:24.0169 7240 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:46:24.0172 7240 BDESVC - ok
06:46:24.0202 7240 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:46:24.0206 7240 Beep - ok
06:46:24.0268 7240 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
06:46:24.0277 7240 BFE - ok
06:46:24.0365 7240 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
06:46:24.0380 7240 BITS - ok
06:46:24.0424 7240 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:46:24.0426 7240 blbdrive - ok
06:46:24.0521 7240 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:46:24.0528 7240 Bonjour Service - ok
06:46:24.0573 7240 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:46:24.0575 7240 bowser - ok
06:46:24.0592 7240 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:46:24.0594 7240 BrFiltLo - ok
06:46:24.0608 7240 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:46:24.0620 7240 BrFiltUp - ok
06:46:24.0664 7240 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
06:46:24.0667 7240 Browser - ok
06:46:24.0703 7240 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:46:24.0709 7240 Brserid - ok
06:46:24.0719 7240 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:46:24.0723 7240 BrSerWdm - ok
06:46:24.0733 7240 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:46:24.0738 7240 BrUsbMdm - ok
06:46:24.0749 7240 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:46:24.0765 7240 BrUsbSer - ok
06:46:24.0781 7240 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:46:24.0783 7240 BTHMODEM - ok
06:46:24.0835 7240 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:46:24.0838 7240 bthserv - ok
06:46:24.0861 7240 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:46:24.0867 7240 cdfs - ok
06:46:24.0903 7240 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:46:24.0906 7240 cdrom - ok
06:46:24.0957 7240 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
06:46:24.0961 7240 CertPropSvc - ok
06:46:25.0000 7240 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:46:25.0004 7240 circlass - ok
06:46:25.0056 7240 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:46:25.0062 7240 CLFS - ok
06:46:25.0150 7240 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:46:25.0153 7240 clr_optimization_v2.0.50727_32 - ok
06:46:25.0218 7240 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:46:25.0220 7240 clr_optimization_v2.0.50727_64 - ok
06:46:25.0308 7240 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:46:25.0311 7240 clr_optimization_v4.0.30319_32 - ok
06:46:25.0402 7240 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:46:25.0405 7240 clr_optimization_v4.0.30319_64 - ok
06:46:25.0439 7240 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:46:25.0441 7240 CmBatt - ok
06:46:25.0464 7240 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
06:46:25.0485 7240 cmdide - ok
06:46:25.0539 7240 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
06:46:25.0545 7240 CNG - ok
06:46:25.0611 7240 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:46:25.0613 7240 Compbatt - ok
06:46:25.0640 7240 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
06:46:25.0642 7240 CompositeBus - ok
06:46:25.0661 7240 COMSysApp - ok
06:46:25.0695 7240 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:46:25.0700 7240 crcdisk - ok
06:46:25.0742 7240 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:46:25.0745 7240 CryptSvc - ok
06:46:25.0799 7240 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:46:25.0808 7240 DcomLaunch - ok
06:46:25.0861 7240 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:46:25.0866 7240 defragsvc - ok
06:46:25.0914 7240 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:46:25.0916 7240 DfsC - ok
06:46:25.0941 7240 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
06:46:25.0946 7240 Dhcp - ok
06:46:25.0998 7240 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:46:25.0999 7240 discache - ok
06:46:26.0029 7240 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:46:26.0031 7240 Disk - ok
06:46:26.0087 7240 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:46:26.0091 7240 Dnscache - ok
06:46:26.0143 7240 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
06:46:26.0148 7240 dot3svc - ok
06:46:26.0166 7240 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
06:46:26.0169 7240 DPS - ok
06:46:26.0205 7240 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:46:26.0209 7240 drmkaud - ok
06:46:26.0252 7240 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:46:26.0269 7240 DXGKrnl - ok
06:46:26.0309 7240 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:46:26.0312 7240 EapHost - ok
06:46:26.0411 7240 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:46:26.0510 7240 ebdrv - ok
06:46:26.0651 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
06:46:26.0656 7240 EFS - ok
06:46:26.0763 7240 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:46:26.0773 7240 ehRecvr - ok
06:46:26.0813 7240 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:46:26.0816 7240 ehSched - ok
06:46:26.0913 7240 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:46:26.0936 7240 elxstor - ok
06:46:26.0992 7240 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
06:46:26.0995 7240 ErrDev - ok
06:46:27.0088 7240 [ B73181411523D264AD7BEC35B84716AB ] ETD C:\Windows\system32\DRIVERS\ETD.sys
06:46:27.0094 7240 ETD - ok
06:46:27.0151 7240 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:46:27.0158 7240 EventSystem - ok
06:46:27.0206 7240 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:46:27.0211 7240 exfat - ok
06:46:27.0250 7240 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:46:27.0256 7240 fastfat - ok
06:46:27.0298 7240 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
06:46:27.0308 7240 Fax - ok
06:46:27.0321 7240 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:46:27.0327 7240 fdc - ok
06:46:27.0373 7240 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:46:27.0375 7240 fdPHost - ok
06:46:27.0393 7240 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:46:27.0395 7240 FDResPub - ok
06:46:27.0423 7240 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:46:27.0426 7240 FileInfo - ok
06:46:27.0445 7240 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:46:27.0446 7240 Filetrace - ok
06:46:27.0530 7240 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:46:27.0560 7240 FLEXnet Licensing Service - ok
06:46:27.0573 7240 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:46:27.0575 7240 flpydisk - ok
06:46:27.0620 7240 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:46:27.0625 7240 FltMgr - ok
06:46:27.0693 7240 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
06:46:27.0728 7240 FontCache - ok
06:46:27.0789 7240 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:46:27.0790 7240 FontCache3.0.0.0 - ok
06:46:27.0813 7240 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:46:27.0815 7240 FsDepends - ok
06:46:27.0874 7240 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
06:46:27.0895 7240 fssfltr - ok
06:46:27.0983 7240 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
06:46:27.0994 7240 fsssvc - ok
06:46:28.0029 7240 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:46:28.0032 7240 Fs_Rec - ok
06:46:28.0092 7240 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:46:28.0096 7240 fvevol - ok
06:46:28.0131 7240 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:46:28.0133 7240 gagp30kx - ok
06:46:28.0189 7240 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
06:46:28.0193 7240 GameConsoleService - ok
06:46:28.0229 7240 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:46:28.0231 7240 GEARAspiWDM - ok
06:46:28.0277 7240 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
06:46:28.0305 7240 gpsvc - ok
06:46:28.0404 7240 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:46:28.0410 7240 gupdate - ok
06:46:28.0443 7240 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:46:28.0445 7240 gupdatem - ok
06:46:28.0505 7240 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:46:28.0511 7240 hcw85cir - ok
06:46:28.0548 7240 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:46:28.0558 7240 HdAudAddService - ok
06:46:28.0594 7240 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:46:28.0597 7240 HDAudBus - ok
06:46:28.0615 7240 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:46:28.0623 7240 HidBatt - ok
06:46:28.0667 7240 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:46:28.0671 7240 HidBth - ok
06:46:28.0685 7240 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:46:28.0688 7240 HidIr - ok
06:46:28.0736 7240 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
06:46:28.0741 7240 hidserv - ok
06:46:28.0798 7240 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:46:28.0801 7240 HidUsb - ok
06:46:28.0855 7240 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:46:28.0860 7240 hkmsvc - ok
06:46:28.0904 7240 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:46:28.0911 7240 HomeGroupListener - ok
06:46:28.0962 7240 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:46:28.0967 7240 HomeGroupProvider - ok
06:46:28.0991 7240 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
06:46:28.0996 7240 HpSAMD - ok
06:46:29.0044 7240 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:46:29.0063 7240 HTTP - ok
06:46:29.0107 7240 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:46:29.0108 7240 hwpolicy - ok
06:46:29.0138 7240 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:46:29.0141 7240 i8042prt - ok
06:46:29.0217 7240 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
06:46:29.0221 7240 iaStor - ok
06:46:29.0267 7240 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:46:29.0279 7240 iaStorV - ok
06:46:29.0341 7240 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:46:29.0355 7240 idsvc - ok
06:46:29.0567 7240 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
06:46:29.0726 7240 igfx - ok
06:46:29.0760 7240 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:46:29.0763 7240 iirsp - ok
06:46:29.0803 7240 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
06:46:29.0818 7240 IKEEXT - ok
06:46:29.0927 7240 [ BBDA43F02A2C642A2DF191FA8C0B0052 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:46:29.0998 7240 IntcAzAudAddService - ok
06:46:30.0026 7240 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
06:46:30.0029 7240 intelide - ok
06:46:30.0066 7240 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:46:30.0068 7240 intelppm - ok
06:46:30.0135 7240 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:46:30.0145 7240 IPBusEnum - ok
06:46:30.0180 7240 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:46:30.0182 7240 IpFilterDriver - ok
06:46:30.0216 7240 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:46:30.0224 7240 iphlpsvc - ok
06:46:30.0290 7240 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:46:30.0294 7240 IPMIDRV - ok
06:46:30.0320 7240 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:46:30.0328 7240 IPNAT - ok
06:46:30.0466 7240 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:46:30.0496 7240 iPod Service - ok
06:46:30.0539 7240 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:46:30.0540 7240 IRENUM - ok
06:46:30.0561 7240 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
06:46:30.0567 7240 isapnp - ok
06:46:30.0596 7240 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:46:30.0608 7240 iScsiPrt - ok
06:46:30.0646 7240 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:46:30.0648 7240 kbdclass - ok
06:46:30.0673 7240 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:46:30.0675 7240 kbdhid - ok
06:46:30.0701 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
06:46:30.0703 7240 KeyIso - ok
06:46:30.0737 7240 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:46:30.0739 7240 KSecDD - ok
06:46:30.0755 7240 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:46:30.0759 7240 KSecPkg - ok
06:46:30.0795 7240 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:46:30.0796 7240 ksthunk - ok
06:46:30.0835 7240 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:46:30.0845 7240 KtmRm - ok
06:46:30.0921 7240 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:46:30.0927 7240 LanmanServer - ok
06:46:30.0973 7240 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:46:30.0978 7240 LanmanWorkstation - ok
06:46:31.0069 7240 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
06:46:31.0070 7240 LicCtrlService - ok
06:46:31.0122 7240 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:46:31.0124 7240 lltdio - ok
06:46:31.0166 7240 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:46:31.0172 7240 lltdsvc - ok
06:46:31.0197 7240 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:46:31.0199 7240 lmhosts - ok
06:46:31.0251 7240 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:46:31.0254 7240 LSI_FC - ok
06:46:31.0271 7240 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:46:31.0277 7240 LSI_SAS - ok
06:46:31.0302 7240 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:46:31.0305 7240 LSI_SAS2 - ok
06:46:31.0323 7240 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:46:31.0327 7240 LSI_SCSI - ok
06:46:31.0348 7240 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:46:31.0351 7240 luafv - ok
06:46:31.0382 7240 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:46:31.0389 7240 Mcx2Svc - ok
06:46:31.0413 7240 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:46:31.0416 7240 megasas - ok
06:46:31.0448 7240 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:46:31.0454 7240 MegaSR - ok
06:46:31.0558 7240 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:46:31.0561 7240 Microsoft Office Groove Audit Service - ok
06:46:31.0622 7240 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:46:31.0629 7240 MMCSS - ok
06:46:31.0659 7240 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:46:31.0666 7240 Modem - ok
06:46:31.0718 7240 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:46:31.0720 7240 monitor - ok
06:46:31.0760 7240 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:46:31.0762 7240 mouclass - ok
06:46:31.0786 7240 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:46:31.0788 7240 mouhid - ok
06:46:31.0813 7240 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:46:31.0815 7240 mountmgr - ok
06:46:31.0926 7240 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:46:31.0931 7240 MozillaMaintenance - ok
06:46:31.0984 7240 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
06:46:31.0993 7240 mpio - ok
06:46:32.0028 7240 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:46:32.0031 7240 mpsdrv - ok
06:46:32.0075 7240 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:46:32.0089 7240 MpsSvc - ok
06:46:32.0120 7240 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:46:32.0123 7240 MRxDAV - ok
06:46:32.0168 7240 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:46:32.0171 7240 mrxsmb - ok
06:46:32.0193 7240 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:46:32.0198 7240 mrxsmb10 - ok
06:46:32.0219 7240 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:46:32.0222 7240 mrxsmb20 - ok
06:46:32.0250 7240 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
06:46:32.0252 7240 msahci - ok
06:46:32.0273 7240 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
06:46:32.0278 7240 msdsm - ok
06:46:32.0319 7240 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:46:32.0323 7240 MSDTC - ok
06:46:32.0357 7240 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:46:32.0359 7240 Msfs - ok
06:46:32.0411 7240 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:46:32.0419 7240 mshidkmdf - ok
06:46:32.0460 7240 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
06:46:32.0462 7240 msisadrv - ok
06:46:32.0527 7240 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:46:32.0532 7240 MSiSCSI - ok
06:46:32.0552 7240 msiserver - ok
06:46:32.0619 7240 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:46:32.0628 7240 MSKSSRV - ok
06:46:32.0687 7240 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:46:32.0689 7240 MSPCLOCK - ok
06:46:32.0706 7240 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:46:32.0708 7240 MSPQM - ok
06:46:32.0741 7240 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:46:32.0747 7240 MsRPC - ok
06:46:32.0782 7240 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:46:32.0784 7240 mssmbios - ok
06:46:32.0821 7240 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:46:32.0846 7240 MSTEE - ok
06:46:32.0870 7240 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:46:32.0872 7240 MTConfig - ok
06:46:32.0903 7240 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:46:32.0905 7240 Mup - ok
06:46:32.0959 7240 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
06:46:32.0968 7240 napagent - ok
06:46:33.0020 7240 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:46:33.0025 7240 NativeWifiP - ok
06:46:33.0075 7240 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
06:46:33.0089 7240 NDIS - ok
06:46:33.0118 7240 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:46:33.0120 7240 NdisCap - ok
06:46:33.0156 7240 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:46:33.0158 7240 NdisTapi - ok
06:46:33.0193 7240 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:46:33.0195 7240 Ndisuio - ok
06:46:33.0218 7240 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:46:33.0221 7240 NdisWan - ok
06:46:33.0241 7240 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:46:33.0242 7240 NDProxy - ok
06:46:33.0283 7240 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:46:33.0285 7240 NetBIOS - ok
06:46:33.0348 7240 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:46:33.0352 7240 NetBT - ok
06:46:33.0379 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
06:46:33.0380 7240 Netlogon - ok
06:46:33.0446 7240 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:46:33.0454 7240 Netman - ok
06:46:33.0496 7240 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:46:33.0504 7240 netprofm - ok
06:46:33.0555 7240 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:46:33.0560 7240 NetTcpPortSharing - ok
06:46:33.0606 7240 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:46:33.0611 7240 nfrd960 - ok
06:46:33.0676 7240 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:46:33.0689 7240 NlaSvc - ok
06:46:33.0733 7240 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:46:33.0734 7240 Npfs - ok
06:46:33.0755 7240 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:46:33.0758 7240 nsi - ok
06:46:33.0779 7240 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:46:33.0780 7240 nsiproxy - ok
06:46:33.0859 7240 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:46:33.0910 7240 Ntfs - ok
06:46:33.0949 7240 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:46:33.0951 7240 Null - ok
06:46:33.0997 7240 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:46:34.0005 7240 nvraid - ok
06:46:34.0064 7240 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:46:34.0068 7240 nvstor - ok
06:46:34.0092 7240 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
06:46:34.0094 7240 nv_agp - ok
06:46:34.0204 7240 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:46:34.0211 7240 odserv - ok
06:46:34.0223 7240 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:46:34.0228 7240 ohci1394 - ok
06:46:34.0293 7240 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:46:34.0297 7240 ose - ok
06:46:34.0398 7240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:46:34.0407 7240 p2pimsvc - ok
06:46:34.0441 7240 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:46:34.0449 7240 p2psvc - ok
06:46:34.0514 7240 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:46:34.0524 7240 Parport - ok
06:46:34.0590 7240 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:46:34.0594 7240 partmgr - ok
06:46:34.0623 7240 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:46:34.0627 7240 PcaSvc - ok
06:46:34.0646 7240 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
06:46:34.0650 7240 pci - ok
06:46:34.0669 7240 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
06:46:34.0672 7240 pciide - ok
06:46:34.0694 7240 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:46:34.0699 7240 pcmcia - ok
06:46:34.0723 7240 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:46:34.0753 7240 pcw - ok
06:46:34.0788 7240 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:46:34.0796 7240 PEAUTH - ok
06:46:34.0903 7240 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:46:34.0905 7240 PerfHost - ok
06:46:34.0998 7240 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
06:46:35.0041 7240 pla - ok
06:46:35.0082 7240 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:46:35.0090 7240 PlugPlay - ok
06:46:35.0109 7240 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:46:35.0113 7240 PNRPAutoReg - ok
06:46:35.0142 7240 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:46:35.0147 7240 PNRPsvc - ok
06:46:35.0191 7240 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:46:35.0209 7240 PolicyAgent - ok
06:46:35.0247 7240 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:46:35.0251 7240 Power - ok
06:46:35.0292 7240 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:46:35.0295 7240 PptpMiniport - ok
06:46:35.0319 7240 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:46:35.0325 7240 Processor - ok
06:46:35.0380 7240 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
06:46:35.0390 7240 ProfSvc - ok
06:46:35.0434 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:46:35.0439 7240 ProtectedStorage - ok
06:46:35.0463 7240 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:46:35.0466 7240 Psched - ok
06:46:35.0538 7240 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:46:35.0590 7240 ql2300 - ok
06:46:35.0612 7240 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:46:35.0616 7240 ql40xx - ok
06:46:35.0651 7240 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:46:35.0658 7240 QWAVE - ok
06:46:35.0682 7240 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:46:35.0685 7240 QWAVEdrv - ok
06:46:35.0693 7240 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:46:35.0700 7240 RasAcd - ok
06:46:35.0745 7240 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:46:35.0747 7240 RasAgileVpn - ok
06:46:35.0777 7240 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:46:35.0782 7240 RasAuto - ok
06:46:35.0803 7240 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:46:35.0806 7240 Rasl2tp - ok
06:46:35.0853 7240 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
06:46:35.0886 7240 RasMan - ok
06:46:35.0926 7240 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:46:35.0928 7240 RasPppoe - ok
06:46:35.0958 7240 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:46:35.0960 7240 RasSstp - ok
06:46:35.0999 7240 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:46:36.0004 7240 rdbss - ok
06:46:36.0032 7240 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:46:36.0034 7240 rdpbus - ok
06:46:36.0053 7240 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:46:36.0054 7240 RDPCDD - ok
06:46:36.0122 7240 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:46:36.0124 7240 RDPENCDD - ok
06:46:36.0170 7240 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:46:36.0171 7240 RDPREFMP - ok
06:46:36.0217 7240 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:46:36.0221 7240 RDPWD - ok
06:46:36.0272 7240 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:46:36.0276 7240 rdyboost - ok
06:46:36.0304 7240 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:46:36.0310 7240 RemoteAccess - ok
06:46:36.0350 7240 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:46:36.0357 7240 RemoteRegistry - ok
06:46:36.0435 7240 [ 82FC38FE6B5AE9223EF28C02A123D1DF ] Response Hardware C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
06:46:36.0437 7240 Response Hardware - ok
06:46:36.0488 7240 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:46:36.0491 7240 RpcEptMapper - ok
06:46:36.0545 7240 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:46:36.0550 7240 RpcLocator - ok
06:46:36.0590 7240 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
06:46:36.0595 7240 RpcSs - ok
06:46:36.0641 7240 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:46:36.0644 7240 rspndr - ok
06:46:36.0669 7240 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
06:46:36.0673 7240 RTL8167 - ok
06:46:36.0710 7240 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
06:46:36.0712 7240 SABI - ok
06:46:36.0734 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
06:46:36.0736 7240 SamSs - ok
06:46:36.0771 7240 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
06:46:36.0776 7240 Samsung UPD Service - ok
06:46:36.0796 7240 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
06:46:36.0799 7240 sbp2port - ok
06:46:36.0880 7240 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
06:46:36.0912 7240 SBSDWSCService - ok
06:46:36.0963 7240 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:46:36.0970 7240 SCardSvr - ok
06:46:36.0990 7240 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:46:36.0994 7240 scfilter - ok
06:46:37.0049 7240 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
06:46:37.0085 7240 Schedule - ok
06:46:37.0136 7240 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:46:37.0137 7240 SCPolicySvc - ok
06:46:37.0162 7240 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:46:37.0176 7240 SDRSVC - ok
06:46:37.0220 7240 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:46:37.0221 7240 secdrv - ok
06:46:37.0275 7240 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
06:46:37.0295 7240 seclogon - ok
06:46:37.0356 7240 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
06:46:37.0362 7240 SENS - ok
06:46:37.0393 7240 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:46:37.0397 7240 SensrSvc - ok
06:46:37.0445 7240 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:46:37.0447 7240 Serenum - ok
06:46:37.0476 7240 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:46:37.0480 7240 Serial - ok
06:46:37.0496 7240 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:46:37.0498 7240 sermouse - ok
06:46:37.0566 7240 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
06:46:37.0571 7240 SessionEnv - ok
06:46:37.0605 7240 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
06:46:37.0609 7240 sffdisk - ok
06:46:37.0618 7240 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:46:37.0622 7240 sffp_mmc - ok
06:46:37.0629 7240 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
06:46:37.0637 7240 sffp_sd - ok
06:46:37.0660 7240 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:46:37.0667 7240 sfloppy - ok
06:46:37.0711 7240 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:46:37.0719 7240 SharedAccess - ok
06:46:37.0755 7240 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:46:37.0762 7240 ShellHWDetection - ok
06:46:37.0785 7240 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:46:37.0787 7240 SiSRaid2 - ok
06:46:37.0822 7240 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:46:37.0828 7240 SiSRaid4 - ok
06:46:37.0887 7240 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
06:46:37.0891 7240 SkypeUpdate - ok
06:46:37.0929 7240 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
06:46:37.0935 7240 SMARTHelperService - ok
06:46:37.0976 7240 [ 2F1EE31050D12D1064F305CC6E413C81 ] SMARTMouseFilterx64 C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
06:46:37.0977 7240 SMARTMouseFilterx64 - ok
06:46:38.0025 7240 [ C3B071E62C72DCB6E0D332F44F39DE0E ] SMARTVHidMiniVistaAmd64 C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
06:46:38.0027 7240 SMARTVHidMiniVistaAmd64 - ok
06:46:38.0069 7240 [ 5D15E5751F9C324E2D44723F65692D03 ] SMARTVTabletPCx64 C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
06:46:38.0070 7240 SMARTVTabletPCx64 - ok
06:46:38.0110 7240 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:46:38.0112 7240 Smb - ok
06:46:38.0160 7240 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:46:38.0164 7240 SNMPTRAP - ok
06:46:38.0185 7240 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:46:38.0186 7240 spldr - ok
06:46:38.0233 7240 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
06:46:38.0242 7240 Spooler - ok
06:46:38.0361 7240 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
06:46:38.0453 7240 sppsvc - ok
06:46:38.0480 7240 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:46:38.0483 7240 sppuinotify - ok
06:46:38.0539 7240 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:46:38.0546 7240 srv - ok
06:46:38.0591 7240 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:46:38.0598 7240 srv2 - ok
06:46:38.0644 7240 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:46:38.0647 7240 srvnet - ok
06:46:38.0690 7240 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:46:38.0695 7240 SSDPSRV - ok
06:46:38.0740 7240 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc  C:\Windows\system32\sstpsvc.dll
06:46:38.0751 7240 SstpSvc - ok
06:46:38.0795 7240 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:46:38.0798 7240 stexstor - ok
06:46:38.0858 7240 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
06:46:38.0867 7240 stisvc - ok
06:46:38.0902 7240 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:46:38.0903 7240 swenum - ok
06:46:38.0934 7240 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:46:38.0947 7240 swprv - ok
06:46:39.0023 7240 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
06:46:39.0069 7240 SysMain - ok
06:46:39.0097 7240 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:46:39.0100 7240 TabletInputService - ok
06:46:39.0133 7240 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
06:46:39.0199 7240 TapiSrv - ok
06:46:39.0239 7240 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:46:39.0242 7240 TBS - ok
06:46:39.0318 7240 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:46:39.0377 7240 Tcpip - ok
06:46:39.0440 7240 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:46:39.0452 7240 TCPIP6 - ok
06:46:39.0486 7240 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:46:39.0489 7240 tcpipreg - ok
06:46:39.0515 7240 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:46:39.0518 7240 TDPIPE - ok
06:46:39.0544 7240 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:46:39.0548 7240 TDTCP - ok
06:46:39.0584 7240 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:46:39.0588 7240 tdx - ok
06:46:39.0599 7240 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:46:39.0603 7240 TermDD - ok
06:46:39.0643 7240 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
06:46:39.0659 7240 TermService - ok
06:46:39.0694 7240 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:46:39.0699 7240 Themes - ok
06:46:39.0712 7240 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:46:39.0714 7240 THREADORDER - ok
06:46:39.0741 7240 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:46:39.0745 7240 TrkWks - ok
06:46:39.0818 7240 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:46:39.0822 7240 TrustedInstaller - ok
06:46:39.0844 7240 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:46:39.0849 7240 tssecsrv - ok
06:46:39.0886 7240 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:46:39.0889 7240 tunnel - ok
06:46:39.0903 7240 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:46:39.0906 7240 uagp35 - ok
06:46:39.0938 7240 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:46:39.0945 7240 udfs - ok
06:46:39.0990 7240 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:46:39.0994 7240 UI0Detect - ok
06:46:40.0013 7240 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
06:46:40.0015 7240 uliagpkx - ok
06:46:40.0056 7240 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:46:40.0058 7240 umbus - ok
06:46:40.0066 7240 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:46:40.0068 7240 UmPass - ok
06:46:40.0122 7240 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:46:40.0128 7240 upnphost - ok
06:46:40.0169 7240 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
06:46:40.0171 7240 USBAAPL64 - ok
06:46:40.0201 7240 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:46:40.0204 7240 usbccgp - ok
06:46:40.0241 7240 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
06:46:40.0243 7240 usbcir - ok
06:46:40.0278 7240 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:46:40.0279 7240 usbehci - ok
06:46:40.0327 7240 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:46:40.0332 7240 usbhub - ok
06:46:40.0380 7240 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:46:40.0382 7240 usbohci - ok
06:46:40.0404 7240 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:46:40.0406 7240 usbprint - ok
06:46:40.0434 7240 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:46:40.0437 7240 USBSTOR - ok
06:46:40.0472 7240 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:46:40.0474 7240 usbuhci - ok
06:46:40.0533 7240 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
06:46:40.0536 7240 usbvideo - ok
06:46:40.0563 7240 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:46:40.0567 7240 UxSms - ok
06:46:40.0624 7240 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
06:46:40.0625 7240 VaultSvc - ok
06:46:40.0674 7240 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
06:46:40.0676 7240 vdrvroot - ok
06:46:40.0700 7240 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
06:46:40.0708 7240 vds - ok
06:46:40.0728 7240 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:46:40.0730 7240 vga - ok
06:46:40.0755 7240 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:46:40.0757 7240 VgaSave - ok
06:46:40.0780 7240 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
06:46:40.0789 7240 vhdmp - ok
06:46:40.0802 7240 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
06:46:40.0805 7240 viaide - ok
06:46:40.0825 7240 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
06:46:40.0827 7240 volmgr - ok
06:46:40.0851 7240 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:46:40.0859 7240 volmgrx - ok
06:46:40.0906 7240 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:46:40.0911 7240 volsnap - ok
06:46:40.0966 7240 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:46:40.0970 7240 vsmraid - ok
06:46:41.0032 7240 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
06:46:41.0067 7240 VSS - ok
06:46:41.0201 7240 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
06:46:41.0210 7240 vToolbarUpdater13.2.0 - ok
06:46:41.0223 7240 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:46:41.0237 7240 vwifibus - ok
06:46:41.0266 7240 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:46:41.0268 7240 vwififlt - ok
06:46:41.0304 7240 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:46:41.0310 7240 W32Time - ok
06:46:41.0330 7240 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:46:41.0332 7240 WacomPen - ok
06:46:41.0371 7240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:46:41.0375 7240 WANARP - ok
06:46:41.0385 7240 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:46:41.0386 7240 Wanarpv6 - ok
06:46:41.0488 7240 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:46:41.0533 7240 WatAdminSvc - ok
06:46:41.0587 7240 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
06:46:41.0624 7240 wbengine - ok
06:46:41.0654 7240 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:46:41.0659 7240 WbioSrvc - ok
06:46:41.0704 7240 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:46:41.0711 7240 wcncsvc - ok
06:46:41.0745 7240 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:46:41.0750 7240 WcsPlugInService - ok
06:46:41.0785 7240 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:46:41.0787 7240 Wd - ok
06:46:41.0839 7240 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:46:41.0850 7240 Wdf01000 - ok
06:46:41.0881 7240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:46:41.0884 7240 WdiServiceHost - ok
06:46:41.0890 7240 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:46:41.0893 7240 WdiSystemHost - ok
06:46:41.0944 7240 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
06:46:41.0950 7240 WebClient - ok
06:46:41.0987 7240 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:46:41.0993 7240 Wecsvc - ok
06:46:42.0023 7240 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:46:42.0027 7240 wercplsupport - ok
06:46:42.0058 7240 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:46:42.0062 7240 WerSvc - ok
06:46:42.0100 7240 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:46:42.0102 7240 WfpLwf - ok
06:46:42.0123 7240 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:46:42.0125 7240 WIMMount - ok
06:46:42.0148 7240 WinDefend - ok
06:46:42.0163 7240 WinHttpAutoProxySvc - ok
06:46:42.0224 7240 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:46:42.0228 7240 Winmgmt - ok
06:46:42.0300 7240 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
06:46:42.0361 7240 WinRM - ok
06:46:42.0445 7240 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:46:42.0448 7240 WinUsb - ok
06:46:42.0497 7240 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:46:42.0537 7240 Wlansvc - ok
06:46:42.0673 7240 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:46:42.0721 7240 wlidsvc - ok
06:46:42.0754 7240 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:46:42.0755 7240 WmiAcpi - ok
06:46:42.0797 7240 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:46:42.0801 7240 wmiApSrv - ok
06:46:42.0837 7240 WMPNetworkSvc - ok
06:46:42.0868 7240 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:46:42.0873 7240 WPCSvc - ok
06:46:42.0907 7240 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:46:42.0915 7240 WPDBusEnum - ok
06:46:42.0951 7240 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:46:42.0952 7240 ws2ifsl - ok
06:46:42.0978 7240 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
06:46:42.0982 7240 wscsvc - ok
06:46:42.0990 7240 WSearch - ok
06:46:43.0083 7240 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:46:43.0139 7240 wuauserv - ok
06:46:43.0179 7240 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:46:43.0180 7240 WudfPf - ok
06:46:43.0216 7240 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:46:43.0220 7240 WUDFRd - ok
06:46:43.0256 7240 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:46:43.0259 7240 wudfsvc - ok
06:46:43.0285 7240 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:46:43.0293 7240 WwanSvc - ok
06:46:43.0349 7240 [ 4647FDA6E21B18824D6073801177F4F7 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
06:46:43.0355 7240 yukonw7 - ok
06:46:43.0373 7240 ================ Scan global ===============================
06:46:43.0406 7240 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:46:43.0435 7240 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
06:46:43.0445 7240 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
06:46:43.0473 7240 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:46:43.0508 7240 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:46:43.0514 7240 [Global] - ok
06:46:43.0515 7240 ================ Scan MBR ==================================
06:46:43.0530 7240 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
06:46:43.0951 7240 \Device\Harddisk0\DR0 - ok
06:46:43.0955 7240 ================ Scan VBR ==================================
06:46:43.0962 7240 [ AC6EC3A8D5AF6684BE59BE4017ECB7DA ] \Device\Harddisk0\DR0\Partition1
06:46:43.0970 7240 \Device\Harddisk0\DR0\Partition1 - ok
06:46:43.0990 7240 [ D1586B3A651D870FD1876A0FF5447088 ] \Device\Harddisk0\DR0\Partition2
06:46:43.0991 7240 \Device\Harddisk0\DR0\Partition2 - ok
06:46:44.0020 7240 [ 2EC4D98D723D1052B102C861DA93E8E9 ] \Device\Harddisk0\DR0\Partition3
06:46:44.0022 7240 \Device\Harddisk0\DR0\Partition3 - ok
06:46:44.0023 7240 ============================================================
06:46:44.0023 7240 Scan finished
06:46:44.0023 7240 ============================================================
06:46:44.0049 1932 Detected object count: 0
06:46:44.0049 1932 Actual detected object count: 0
06:47:22.0857 7448 ============================================================
06:47:22.0857 7448 Scan started
06:47:22.0857 7448 Mode: Manual; 
06:47:22.0857 7448 ============================================================
06:47:23.0162 7448 ================ Scan system memory ========================
06:47:23.0163 7448 System memory - ok
06:47:23.0170 7448 ================ Scan services =============================
06:47:23.0338 7448 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
06:47:23.0341 7448 1394ohci - ok
06:47:23.0370 7448 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
06:47:23.0374 7448 ACPI - ok
06:47:23.0384 7448 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
06:47:23.0387 7448 AcpiPmi - ok
06:47:23.0483 7448 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:47:23.0485 7448 AdobeARMservice - ok
06:47:23.0616 7448 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:47:23.0620 7448 AdobeFlashPlayerUpdateSvc - ok
06:47:23.0666 7448 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:47:23.0673 7448 adp94xx - ok
06:47:23.0705 7448 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:47:23.0710 7448 adpahci - ok
06:47:23.0748 7448 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:47:23.0751 7448 adpu320 - ok
06:47:23.0799 7448 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:47:23.0801 7448 AeLookupSvc - ok
06:47:23.0843 7448 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
06:47:23.0854 7448 AFD - ok
06:47:23.0894 7448 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
06:47:23.0896 7448 agp440 - ok
06:47:23.0943 7448 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:47:23.0944 7448 ALG - ok
06:47:23.0979 7448 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
06:47:23.0986 7448 aliide - ok
06:47:24.0000 7448 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
06:47:24.0001 7448 amdide - ok
06:47:24.0018 7448 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:47:24.0020 7448 AmdK8 - ok
06:47:24.0040 7448 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:47:24.0042 7448 AmdPPM - ok
06:47:24.0081 7448 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:47:24.0083 7448 amdsata - ok
06:47:24.0108 7448 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:47:24.0112 7448 amdsbs - ok
06:47:24.0160 7448 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:47:24.0161 7448 amdxata - ok
06:47:24.0187 7448 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
06:47:24.0189 7448 AppID - ok
06:47:24.0244 7448 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:47:24.0247 7448 AppIDSvc - ok
06:47:24.0297 7448 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
06:47:24.0299 7448 Appinfo - ok
06:47:24.0376 7448 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:47:24.0378 7448 Apple Mobile Device - ok
06:47:24.0409 7448 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
06:47:24.0411 7448 arc - ok
06:47:24.0455 7448 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:47:24.0457 7448 arcsas - ok
06:47:24.0498 7448 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:47:24.0499 7448 AsyncMac - ok
06:47:24.0556 7448 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
06:47:24.0558 7448 atapi - ok
06:47:24.0637 7448 [ 2C0BB386E86670BB1B1A57CAAEF3E50D ] athr C:\Windows\system32\DRIVERS\athrx.sys
06:47:24.0656 7448 athr - ok
06:47:24.0716 7448 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:47:24.0724 7448 AudioEndpointBuilder - ok
06:47:24.0771 7448 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:47:24.0779 7448 AudioSrv - ok
06:47:24.0990 7448 [ 56C73C5BC1656656CAC38A23B4310466 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
06:47:25.0057 7448 AVGIDSAgent - ok
06:47:25.0108 7448 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
06:47:25.0111 7448 AVGIDSDriver - ok
06:47:25.0147 7448 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
06:47:25.0149 7448 AVGIDSHA - ok
06:47:25.0188 7448 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
06:47:25.0191 7448 Avgldx64 - ok
06:47:25.0244 7448 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
06:47:25.0247 7448 Avgloga - ok
06:47:25.0284 7448 [ 767B4A485FB22AA0FC0BF5EEF00572B9 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
06:47:25.0288 7448 Avgmfx64 - ok
06:47:25.0326 7448 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
06:47:25.0328 7448 Avgrkx64 - ok
06:47:25.0381 7448 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
06:47:25.0384 7448 Avgtdia - ok
06:47:25.0432 7448 [ 371428CF0F71934CB0F2344823ADFA32 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
06:47:25.0434 7448 avgtp - ok
06:47:25.0493 7448 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
06:47:25.0496 7448 avgwd - ok
06:47:25.0526 7448 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:47:25.0528 7448 AxInstSV - ok
06:47:25.0566 7448 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:47:25.0570 7448 b06bdrv - ok
06:47:25.0617 7448 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:47:25.0620 7448 b57nd60a - ok
06:47:25.0653 7448 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:47:25.0655 7448 BDESVC - ok
06:47:25.0681 7448 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:47:25.0682 7448 Beep - ok
06:47:25.0714 7448 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
06:47:25.0722 7448 BFE - ok
06:47:25.0789 7448 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
06:47:25.0800 7448 BITS - ok
06:47:25.0826 7448 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:47:25.0827 7448 blbdrive - ok
06:47:25.0922 7448 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:47:25.0933 7448 Bonjour Service - ok
06:47:25.0974 7448 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:47:25.0976 7448 bowser - ok
06:47:25.0995 7448 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:47:25.0996 7448 BrFiltLo - ok
06:47:26.0005 7448 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:47:26.0006 7448 BrFiltUp - ok
06:47:26.0042 7448 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
06:47:26.0045 7448 Browser - ok
06:47:26.0057 7448 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:47:26.0061 7448 Brserid - ok
06:47:26.0074 7448 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:47:26.0075 7448 BrSerWdm - ok
06:47:26.0086 7448 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:47:26.0088 7448 BrUsbMdm - ok
06:47:26.0102 7448 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:47:26.0103 7448 BrUsbSer - ok
06:47:26.0128 7448 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:47:26.0130 7448 BTHMODEM - ok
06:47:26.0180 7448 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:47:26.0182 7448 bthserv - ok
06:47:26.0206 7448 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:47:26.0208 7448 cdfs - ok
06:47:26.0248 7448 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:47:26.0251 7448 cdrom - ok
06:47:26.0280 7448 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
06:47:26.0282 7448 CertPropSvc - ok
06:47:26.0337 7448 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:47:26.0338 7448 circlass - ok
06:47:26.0369 7448 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:47:26.0373 7448 CLFS - ok
06:47:26.0451 7448 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:47:26.0452 7448 clr_optimization_v2.0.50727_32 - ok
06:47:26.0540 7448 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:47:26.0542 7448 clr_optimization_v2.0.50727_64 - ok
06:47:26.0597 7448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:47:26.0600 7448 clr_optimization_v4.0.30319_32 - ok
06:47:26.0636 7448 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:47:26.0639 7448 clr_optimization_v4.0.30319_64 - ok
06:47:26.0673 7448 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:47:26.0674 7448 CmBatt - ok
06:47:26.0701 7448 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
06:47:26.0702 7448 cmdide - ok
06:47:26.0774 7448 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
06:47:26.0778 7448 CNG - ok
06:47:26.0801 7448 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:47:26.0802 7448 Compbatt - ok
06:47:26.0820 7448 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
06:47:26.0821 7448 CompositeBus - ok
06:47:26.0836 7448 COMSysApp - ok
06:47:26.0851 7448 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:47:26.0853 7448 crcdisk - ok
06:47:26.0899 7448 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:47:26.0902 7448 CryptSvc - ok
06:47:26.0946 7448 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:47:26.0953 7448 DcomLaunch - ok
06:47:26.0995 7448 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:47:26.0999 7448 defragsvc - ok
06:47:27.0037 7448 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:47:27.0039 7448 DfsC - ok
06:47:27.0065 7448 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
06:47:27.0069 7448 Dhcp - ok
06:47:27.0100 7448 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:47:27.0101 7448 discache - ok
06:47:27.0121 7448 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:47:27.0124 7448 Disk - ok
06:47:27.0174 7448 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:47:27.0177 7448 Dnscache - ok
06:47:27.0211 7448 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
06:47:27.0218 7448 dot3svc - ok
06:47:27.0244 7448 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
06:47:27.0251 7448 DPS - ok
06:47:27.0283 7448 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:47:27.0285 7448 drmkaud - ok
06:47:27.0344 7448 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:47:27.0354 7448 DXGKrnl - ok
06:47:27.0376 7448 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:47:27.0379 7448 EapHost - ok
06:47:27.0474 7448 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:47:27.0498 7448 ebdrv - ok
06:47:27.0536 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
06:47:27.0537 7448 EFS - ok
06:47:27.0628 7448 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:47:27.0633 7448 ehRecvr - ok
06:47:27.0658 7448 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:47:27.0660 7448 ehSched - ok
06:47:27.0702 7448 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:47:27.0707 7448 elxstor - ok
06:47:27.0725 7448 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
06:47:27.0726 7448 ErrDev - ok
06:47:27.0766 7448 [ B73181411523D264AD7BEC35B84716AB ] ETD C:\Windows\system32\DRIVERS\ETD.sys
06:47:27.0770 7448 ETD - ok
06:47:27.0829 7448 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:47:27.0833 7448 EventSystem - ok
06:47:27.0849 7448 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:47:27.0853 7448 exfat - ok
06:47:27.0893 7448 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:47:27.0896 7448 fastfat - ok
06:47:27.0931 7448 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
06:47:27.0940 7448 Fax - ok
06:47:27.0965 7448 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:47:27.0966 7448 fdc - ok
06:47:27.0996 7448 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:47:27.0997 7448 fdPHost - ok
06:47:28.0015 7448 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:47:28.0017 7448 FDResPub - ok
06:47:28.0046 7448 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:47:28.0047 7448 FileInfo - ok
06:47:28.0058 7448 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:47:28.0060 7448 Filetrace - ok
06:47:28.0137 7448 [ ACEFEEA621DCA62EFB7A7EEA59F5E91B ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:47:28.0144 7448 FLEXnet Licensing Service - ok
06:47:28.0152 7448 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:47:28.0153 7448 flpydisk - ok
06:47:28.0186 7448 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:47:28.0189 7448 FltMgr - ok
06:47:28.0237 7448 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
06:47:28.0246 7448 FontCache - ok
06:47:28.0300 7448 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:47:28.0301 7448 FontCache3.0.0.0 - ok
06:47:28.0324 7448 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:47:28.0326 7448 FsDepends - ok
06:47:28.0361 7448 [ 2BF3B36B96D015AF666B6AA63AE2E38F ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
06:47:28.0362 7448 fssfltr - ok
06:47:28.0449 7448 [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
06:47:28.0456 7448 fsssvc - ok
06:47:28.0485 7448 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:47:28.0486 7448 Fs_Rec - ok
06:47:28.0525 7448 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:47:28.0527 7448 fvevol - ok
06:47:28.0553 7448 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:47:28.0555 7448 gagp30kx - ok
06:47:28.0599 7448 [ 521A469CAF61F00E1DE081CC2099C1D6 ] GameConsoleService C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
06:47:28.0602 7448 GameConsoleService - ok
06:47:28.0641 7448 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:47:28.0641 7448 GEARAspiWDM - ok
06:47:28.0687 7448 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
06:47:28.0692 7448 gpsvc - ok
06:47:28.0748 7448 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:47:28.0749 7448 gupdate - ok
06:47:28.0755 7448 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:47:28.0757 7448 gupdatem - ok
06:47:28.0790 7448 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:47:28.0791 7448 hcw85cir - ok
06:47:28.0828 7448 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:47:28.0832 7448 HdAudAddService - ok
06:47:28.0850 7448 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
06:47:28.0851 7448 HDAudBus - ok
06:47:28.0861 7448 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:47:28.0862 7448 HidBatt - ok
06:47:28.0905 7448 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:47:28.0906 7448 HidBth - ok
06:47:28.0914 7448 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:47:28.0917 7448 HidIr - ok
06:47:28.0970 7448 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
06:47:28.0971 7448 hidserv - ok
06:47:28.0994 7448 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:47:28.0995 7448 HidUsb - ok
06:47:29.0022 7448 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:47:29.0024 7448 hkmsvc - ok
06:47:29.0049 7448 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:47:29.0051 7448 HomeGroupListener - ok
06:47:29.0084 7448 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:47:29.0087 7448 HomeGroupProvider - ok
06:47:29.0112 7448 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
06:47:29.0113 7448 HpSAMD - ok
06:47:29.0140 7448 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:47:29.0146 7448 HTTP - ok
06:47:29.0174 7448 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:47:29.0175 7448 hwpolicy - ok
06:47:29.0194 7448 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
06:47:29.0196 7448 i8042prt - ok
06:47:29.0260 7448 [ BE7D72FCF442C26975942007E0831241 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
06:47:29.0263 7448 iaStor - ok
06:47:29.0289 7448 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:47:29.0293 7448 iaStorV - ok
06:47:29.0341 7448 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:47:29.0348 7448 idsvc - ok
06:47:29.0514 7448 [ 2D18C9E1F23970DE32D78D3B1CDDA0A7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
06:47:29.0565 7448 igfx - ok
06:47:29.0598 7448 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:47:29.0599 7448 iirsp - ok
06:47:29.0649 7448 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
06:47:29.0656 7448 IKEEXT - ok
06:47:29.0749 7448 [ BBDA43F02A2C642A2DF191FA8C0B0052 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:47:29.0765 7448 IntcAzAudAddService - ok
06:47:29.0783 7448 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
06:47:29.0784 7448 intelide - ok
06:47:29.0809 7448 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:47:29.0810 7448 intelppm - ok
06:47:29.0843 7448 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:47:29.0844 7448 IPBusEnum - ok
06:47:29.0870 7448 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:47:29.0871 7448 IpFilterDriver - ok
06:47:29.0907 7448 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
06:47:29.0911 7448 iphlpsvc - ok
06:47:29.0925 7448 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
06:47:29.0927 7448 IPMIDRV - ok
06:47:29.0955 7448 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:47:29.0957 7448 IPNAT - ok
06:47:30.0042 7448 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:47:30.0050 7448 iPod Service - ok
06:47:30.0085 7448 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:47:30.0086 7448 IRENUM - ok
06:47:30.0107 7448 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
06:47:30.0108 7448 isapnp - ok
06:47:30.0130 7448 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
06:47:30.0133 7448 iScsiPrt - ok
06:47:30.0159 7448 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:47:30.0160 7448 kbdclass - ok
06:47:30.0186 7448 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:47:30.0187 7448 kbdhid - ok
06:47:30.0202 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
06:47:30.0204 7448 KeyIso - ok
06:47:30.0239 7448 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:47:30.0240 7448 KSecDD - ok
06:47:30.0257 7448 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:47:30.0259 7448 KSecPkg - ok
06:47:30.0285 7448 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:47:30.0286 7448 ksthunk - ok
06:47:30.0327 7448 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:47:30.0332 7448 KtmRm - ok
06:47:30.0402 7448 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:47:30.0405 7448 LanmanServer - ok
06:47:30.0463 7448 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:47:30.0473 7448 LanmanWorkstation - ok
06:47:30.0526 7448 [ 29FAB5363138F6E322F4CD780ED9D337 ] LicCtrlService C:\Windows\runservice.exe
06:47:30.0527 7448 LicCtrlService - ok
06:47:30.0545 7448 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:47:30.0548 7448 lltdio - ok
06:47:30.0591 7448 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:47:30.0595 7448 lltdsvc - ok
06:47:30.0619 7448 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:47:30.0621 7448 lmhosts - ok
06:47:30.0675 7448 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:47:30.0676 7448 LSI_FC - ok
06:47:30.0689 7448 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:47:30.0691 7448 LSI_SAS - ok
06:47:30.0715 7448 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:47:30.0716 7448 LSI_SAS2 - ok
06:47:30.0732 7448 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:47:30.0737 7448 LSI_SCSI - ok
06:47:30.0761 7448 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:47:30.0763 7448 luafv - ok
06:47:30.0794 7448 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:47:30.0797 7448 Mcx2Svc - ok
06:47:30.0814 7448 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:47:30.0815 7448 megasas - ok
06:47:30.0858 7448 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:47:30.0862 7448 MegaSR - ok
06:47:30.0959 7448 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
06:47:30.0961 7448 Microsoft Office Groove Audit Service - ok
06:47:31.0004 7448 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:47:31.0007 7448 MMCSS - ok
06:47:31.0025 7448 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:47:31.0027 7448 Modem - ok
06:47:31.0051 7448 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:47:31.0054 7448 monitor - ok
06:47:31.0073 7448 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:47:31.0074 7448 mouclass - ok
06:47:31.0099 7448 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:47:31.0100 7448 mouhid - ok
06:47:31.0127 7448 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:47:31.0128 7448 mountmgr - ok
06:47:31.0179 7448 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:47:31.0181 7448 MozillaMaintenance - ok
06:47:31.0212 7448 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
06:47:31.0214 7448 mpio - ok
06:47:31.0241 7448 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:47:31.0243 7448 mpsdrv - ok
06:47:31.0296 7448 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
06:47:31.0304 7448 MpsSvc - ok
06:47:31.0333 7448 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:47:31.0335 7448 MRxDAV - ok
06:47:31.0381 7448 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:47:31.0383 7448 mrxsmb - ok
06:47:31.0404 7448 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:47:31.0407 7448 mrxsmb10 - ok
06:47:31.0421 7448 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:47:31.0423 7448 mrxsmb20 - ok
06:47:31.0441 7448 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
06:47:31.0442 7448 msahci - ok
06:47:31.0463 7448 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
06:47:31.0465 7448 msdsm - ok
06:47:31.0487 7448 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:47:31.0490 7448 MSDTC - ok
06:47:31.0514 7448 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:47:31.0515 7448 Msfs - ok
06:47:31.0535 7448 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:47:31.0537 7448 mshidkmdf - ok
06:47:31.0564 7448 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
06:47:31.0565 7448 msisadrv - ok
06:47:31.0607 7448 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:47:31.0609 7448 MSiSCSI - ok
06:47:31.0615 7448 msiserver - ok
06:47:31.0643 7448 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:47:31.0644 7448 MSKSSRV - ok
06:47:31.0678 7448 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:47:31.0679 7448 MSPCLOCK - ok
06:47:31.0696 7448 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:47:31.0697 7448 MSPQM - ok
06:47:31.0720 7448 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:47:31.0724 7448 MsRPC - ok
06:47:31.0750 7448 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
06:47:31.0751 7448 mssmbios - ok
06:47:31.0778 7448 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:47:31.0779 7448 MSTEE - ok
06:47:31.0794 7448 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:47:31.0795 7448 MTConfig - ok
06:47:31.0838 7448 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:47:31.0839 7448 Mup - ok
06:47:31.0882 7448 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
06:47:31.0887 7448 napagent - ok
06:47:31.0910 7448 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:47:31.0913 7448 NativeWifiP - ok
06:47:31.0943 7448 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
06:47:31.0951 7448 NDIS - ok
06:47:31.0996 7448 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:47:31.0998 7448 NdisCap - ok
06:47:32.0013 7448 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:47:32.0015 7448 NdisTapi - ok
06:47:32.0028 7448 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:47:32.0029 7448 Ndisuio - ok
06:47:32.0051 7448 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:47:32.0053 7448 NdisWan - ok
06:47:32.0076 7448 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:47:32.0077 7448 NDProxy - ok
06:47:32.0095 7448 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:47:32.0097 7448 NetBIOS - ok
06:47:32.0116 7448 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:47:32.0119 7448 NetBT - ok
06:47:32.0136 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
06:47:32.0138 7448 Netlogon - ok
06:47:32.0170 7448 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:47:32.0174 7448 Netman - ok
06:47:32.0198 7448 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:47:32.0206 7448 netprofm - ok
06:47:32.0256 7448 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:47:32.0258 7448 NetTcpPortSharing - ok
06:47:32.0285 7448 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:47:32.0287 7448 nfrd960 - ok
06:47:32.0344 7448 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:47:32.0348 7448 NlaSvc - ok
06:47:32.0395 7448 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:47:32.0396 7448 Npfs - ok
06:47:32.0412 7448 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:47:32.0416 7448 nsi - ok
06:47:32.0436 7448 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:47:32.0437 7448 nsiproxy - ok
06:47:32.0506 7448 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:47:32.0518 7448 Ntfs - ok
06:47:32.0551 7448 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:47:32.0552 7448 Null - ok
06:47:32.0588 7448 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:47:32.0589 7448 nvraid - ok
06:47:32.0633 7448 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:47:32.0634 7448 nvstor - ok
06:47:32.0661 7448 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
06:47:32.0663 7448 nv_agp - ok
06:47:32.0762 7448 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
06:47:32.0769 7448 odserv - ok
06:47:32.0781 7448 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
06:47:32.0783 7448 ohci1394 - ok
06:47:32.0832 7448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:47:32.0835 7448 ose - ok
06:47:32.0890 7448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:47:32.0897 7448 p2pimsvc - ok
06:47:32.0944 7448 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:47:32.0953 7448 p2psvc - ok
06:47:33.0004 7448 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:47:33.0008 7448 Parport - ok
06:47:33.0059 7448 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:47:33.0061 7448 partmgr - ok
06:47:33.0103 7448 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:47:33.0107 7448 PcaSvc - ok
06:47:33.0125 7448 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
06:47:33.0128 7448 pci - ok
06:47:33.0160 7448 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
06:47:33.0161 7448 pciide - ok
06:47:33.0196 7448 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:47:33.0200 7448 pcmcia - ok
06:47:33.0225 7448 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:47:33.0228 7448 pcw - ok
06:47:33.0280 7448 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:47:33.0287 7448 PEAUTH - ok
06:47:33.0393 7448 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:47:33.0395 7448 PerfHost - ok
06:47:33.0480 7448 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
06:47:33.0494 7448 pla - ok
06:47:33.0529 7448 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:47:33.0541 7448 PlugPlay - ok
06:47:33.0569 7448 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:47:33.0572 7448 PNRPAutoReg - ok
06:47:33.0600 7448 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:47:33.0605 7448 PNRPsvc - ok
06:47:33.0649 7448 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:47:33.0654 7448 PolicyAgent - ok
06:47:33.0693 7448 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:47:33.0697 7448 Power - ok
06:47:33.0727 7448 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:47:33.0729 7448 PptpMiniport - ok
06:47:33.0754 7448 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:47:33.0756 7448 Processor - ok
06:47:33.0782 7448 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
06:47:33.0786 7448 ProfSvc - ok
06:47:33.0802 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:47:33.0805 7448 ProtectedStorage - ok
06:47:33.0820 7448 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:47:33.0823 7448 Psched - ok
06:47:33.0872 7448 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:47:33.0888 7448 ql2300 - ok
06:47:33.0907 7448 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:47:33.0909 7448 ql40xx - ok
06:47:33.0941 7448 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:47:33.0945 7448 QWAVE - ok
06:47:33.0975 7448 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:47:33.0977 7448 QWAVEdrv - ok
06:47:33.0993 7448 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:47:33.0994 7448 RasAcd - ok
06:47:34.0040 7448 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:47:34.0041 7448 RasAgileVpn - ok
06:47:34.0078 7448 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto  C:\Windows\System32\rasauto.dll
06:47:34.0081 7448 RasAuto - ok
06:47:34.0116 7448 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:47:34.0118 7448 Rasl2tp - ok
06:47:34.0167 7448 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
06:47:34.0174 7448 RasMan - ok
06:47:34.0194 7448 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:47:34.0195 7448 RasPppoe - ok
06:47:34.0216 7448 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:47:34.0217 7448 RasSstp - ok
06:47:34.0245 7448 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:47:34.0249 7448 rdbss - ok
06:47:34.0266 7448 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:47:34.0267 7448 rdpbus - ok
06:47:34.0287 7448 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:47:34.0288 7448 RDPCDD - ok
06:47:34.0302 7448 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:47:34.0306 7448 RDPENCDD - ok
06:47:34.0325 7448 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:47:34.0326 7448 RDPREFMP - ok
06:47:34.0362 7448 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:47:34.0365 7448 RDPWD - ok
06:47:34.0396 7448 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:47:34.0399 7448 rdyboost - ok
06:47:34.0427 7448 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:47:34.0429 7448 RemoteAccess - ok
06:47:34.0462 7448 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:47:34.0465 7448 RemoteRegistry - ok
06:47:34.0559 7448 [ 82FC38FE6B5AE9223EF28C02A123D1DF ] Response Hardware C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
06:47:34.0560 7448 Response Hardware - ok
06:47:34.0578 7448 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:47:34.0580 7448 RpcEptMapper - ok
06:47:34.0613 7448 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:47:34.0615 7448 RpcLocator - ok
06:47:34.0645 7448 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
06:47:34.0650 7448 RpcSs - ok
06:47:34.0676 7448 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:47:34.0678 7448 rspndr - ok
06:47:34.0693 7448 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
06:47:34.0695 7448 RTL8167 - ok
06:47:34.0723 7448 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
06:47:34.0724 7448 SABI - ok
06:47:34.0736 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
06:47:34.0737 7448 SamSs - ok
06:47:34.0772 7448 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
06:47:34.0775 7448 Samsung UPD Service - ok
06:47:34.0798 7448 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
06:47:34.0799 7448 sbp2port - ok
06:47:34.0870 7448 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
06:47:34.0882 7448 SBSDWSCService - ok
06:47:34.0944 7448 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:47:34.0949 7448 SCardSvr - ok
06:47:34.0969 7448 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:47:34.0970 7448 scfilter - ok
06:47:35.0038 7448 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
06:47:35.0048 7448 Schedule - ok
06:47:35.0102 7448 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:47:35.0103 7448 SCPolicySvc - ok
06:47:35.0129 7448 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:47:35.0132 7448 SDRSVC - ok
06:47:35.0165 7448 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:47:35.0167 7448 secdrv - ok
06:47:35.0231 7448 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
06:47:35.0234 7448 seclogon - ok
06:47:35.0257 7448 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
06:47:35.0262 7448 SENS - ok
06:47:35.0316 7448 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:47:35.0321 7448 SensrSvc - ok
06:47:35.0401 7448 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:47:35.0402 7448 Serenum - ok
06:47:35.0432 7448 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:47:35.0433 7448 Serial - ok
06:47:35.0488 7448 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:47:35.0489 7448 sermouse - ok
06:47:35.0578 7448 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
06:47:35.0581 7448 SessionEnv - ok
06:47:35.0629 7448 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
06:47:35.0630 7448 sffdisk - ok
06:47:35.0656 7448 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
06:47:35.0657 7448 sffp_mmc - ok
06:47:35.0669 7448 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
06:47:35.0670 7448 sffp_sd - ok
06:47:35.0705 7448 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:47:35.0706 7448 sfloppy - ok
06:47:35.0756 7448 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
06:47:35.0763 7448 SharedAccess - ok
06:47:35.0801 7448 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:47:35.0807 7448 ShellHWDetection - ok
06:47:35.0852 7448 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:47:35.0853 7448 SiSRaid2 - ok
06:47:35.0888 7448 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:47:35.0889 7448 SiSRaid4 - ok
06:47:35.0921 7448 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
06:47:35.0923 7448 SkypeUpdate - ok
06:47:35.0973 7448 [ 59306BC2D442B28416E466411F506641 ] SMARTHelperService C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
06:47:35.0979 7448 SMARTHelperService - ok
06:47:36.0010 7448 [ 2F1EE31050D12D1064F305CC6E413C81 ] SMARTMouseFilterx64 C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
06:47:36.0011 7448 SMARTMouseFilterx64 - ok
06:47:36.0059 7448 [ C3B071E62C72DCB6E0D332F44F39DE0E ] SMARTVHidMiniVistaAmd64 C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
06:47:36.0060 7448 SMARTVHidMiniVistaAmd64 - ok
06:47:36.0125 7448 [ 5D15E5751F9C324E2D44723F65692D03 ] SMARTVTabletPCx64 C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
06:47:36.0126 7448 SMARTVTabletPCx64 - ok
06:47:36.0167 7448 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:47:36.0168 7448 Smb - ok
06:47:36.0216 7448 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:47:36.0219 7448 SNMPTRAP - ok
06:47:36.0265 7448 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:47:36.0267 7448 spldr - ok
06:47:36.0311 7448 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
06:47:36.0322 7448 Spooler - ok
06:47:36.0450 7448 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
06:47:36.0481 7448 sppsvc - ok
06:47:36.0502 7448 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:47:36.0505 7448 sppuinotify - ok
06:47:36.0565 7448 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
06:47:36.0570 7448 srv - ok
06:47:36.0614 7448 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:47:36.0618 7448 srv2 - ok
06:47:36.0656 7448 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:47:36.0657 7448 srvnet - ok
06:47:36.0691 7448 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:47:36.0694 7448 SSDPSRV - ok
06:47:36.0740 7448 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:47:36.0742 7448 SstpSvc - ok
06:47:36.0785 7448 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:47:36.0786 7448 stexstor - ok
06:47:36.0831 7448 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
06:47:36.0841 7448 stisvc - ok
06:47:36.0851 7448 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
06:47:36.0851 7448 swenum - ok
06:47:36.0911 7448 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:47:36.0921 7448 swprv - ok
06:47:37.0052 7448 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
06:47:37.0074 7448 SysMain - ok
06:47:37.0110 7448 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:47:37.0114 7448 TabletInputService - ok
06:47:37.0173 7448 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
06:47:37.0183 7448 TapiSrv - ok
06:47:37.0203 7448 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:47:37.0203 7448 TBS - ok
06:47:37.0303 7448 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:47:37.0323 7448 Tcpip - ok
06:47:37.0415 7448 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:47:37.0453 7448 TCPIP6 - ok
06:47:37.0500 7448 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:47:37.0502 7448 tcpipreg - ok
06:47:37.0549 7448 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:47:37.0551 7448 TDPIPE - ok
06:47:37.0578 7448 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:47:37.0580 7448 TDTCP - ok
06:47:37.0625 7448 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:47:37.0625 7448 tdx - ok
06:47:37.0655 7448 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
06:47:37.0655 7448 TermDD - ok
06:47:37.0717 7448 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
06:47:37.0727 7448 TermService - ok
06:47:37.0774 7448 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:47:37.0778 7448 Themes - ok
06:47:37.0813 7448 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:47:37.0815 7448 THREADORDER - ok
06:47:37.0859 7448 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:47:37.0863 7448 TrkWks - ok
06:47:37.0952 7448 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:47:37.0954 7448 TrustedInstaller - ok
06:47:38.0012 7448 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:47:38.0014 7448 tssecsrv - ok
06:47:38.0098 7448 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:47:38.0099 7448 tunnel - ok
06:47:38.0121 7448 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:47:38.0121 7448 uagp35 - ok
06:47:38.0171 7448 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:47:38.0171 7448 udfs - ok
06:47:38.0224 7448 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:47:38.0227 7448 UI0Detect - ok
06:47:38.0263 7448 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
06:47:38.0263 7448 uliagpkx - ok
06:47:38.0293 7448 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:47:38.0294 7448 umbus - ok
06:47:38.0330 7448 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:47:38.0332 7448 UmPass - ok
06:47:38.0367 7448 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:47:38.0372 7448 upnphost - ok
06:47:38.0439 7448 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
06:47:38.0440 7448 USBAAPL64 - ok
06:47:38.0475 7448 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:47:38.0475 7448 usbccgp - ok
06:47:38.0505 7448 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
06:47:38.0505 7448 usbcir - ok
06:47:38.0556 7448 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:47:38.0557 7448 usbehci - ok
06:47:38.0600 7448 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:47:38.0603 7448 usbhub - ok
06:47:38.0659 7448 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:47:38.0660 7448 usbohci - ok
06:47:38.0697 7448 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:47:38.0707 7448 usbprint - ok
06:47:38.0747 7448 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:47:38.0747 7448 USBSTOR - ok
06:47:38.0806 7448 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
06:47:38.0807 7448 usbuhci - ok
06:47:38.0839 7448 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
06:47:38.0850 7448 usbvideo - ok
06:47:38.0871 7448 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:47:38.0873 7448 UxSms - ok
06:47:38.0891 7448 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
06:47:38.0892 7448 VaultSvc - ok
06:47:38.0918 7448 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
06:47:38.0920 7448 vdrvroot - ok
06:47:38.0969 7448 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
06:47:38.0971 7448 vds - ok
06:47:39.0018 7448 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:47:39.0019 7448 vga - ok
06:47:39.0043 7448 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:47:39.0043 7448 VgaSave - ok
06:47:39.0073 7448 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
06:47:39.0073 7448 vhdmp - ok
06:47:39.0115 7448 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
06:47:39.0117 7448 viaide - ok
06:47:39.0149 7448 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
06:47:39.0150 7448 volmgr - ok
06:47:39.0186 7448 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:47:39.0189 7448 volmgrx - ok
06:47:39.0235 7448 [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:47:39.0235 7448 volsnap - ok
06:47:39.0265 7448 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:47:39.0265 7448 vsmraid - ok
06:47:39.0405 7448 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
06:47:39.0425 7448 VSS - ok
06:47:39.0546 7448 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
06:47:39.0551 7448 vToolbarUpdater13.2.0 - ok
06:47:39.0568 7448 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:47:39.0570 7448 vwifibus - ok
06:47:39.0609 7448 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:47:39.0609 7448 vwififlt - ok
06:47:39.0652 7448 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:47:39.0657 7448 W32Time - ok
06:47:39.0686 7448 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:47:39.0687 7448 WacomPen - ok
06:47:39.0727 7448 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:47:39.0729 7448 WANARP - ok
06:47:39.0740 7448 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:47:39.0742 7448 Wanarpv6 - ok
06:47:39.0821 7448 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:47:39.0831 7448 WatAdminSvc - ok
06:47:39.0903 7448 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
06:47:39.0913 7448 wbengine - ok
06:47:39.0985 7448 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:47:39.0985 7448 WbioSrvc - ok
06:47:40.0050 7448 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:47:40.0055 7448 wcncsvc - ok
06:47:40.0103 7448 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:47:40.0106 7448 WcsPlugInService - ok
06:47:40.0152 7448 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:47:40.0154 7448 Wd - ok
06:47:40.0234 7448 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:47:40.0242 7448 Wdf01000 - ok
06:47:40.0272 7448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:47:40.0275 7448 WdiServiceHost - ok
06:47:40.0291 7448 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:47:40.0291 7448 WdiSystemHost - ok
06:47:40.0345 7448 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
06:47:40.0349 7448 WebClient - ok
06:47:40.0378 7448 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:47:40.0381 7448 Wecsvc - ok
06:47:40.0423 7448 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:47:40.0423 7448 wercplsupport - ok
06:47:40.0443 7448 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:47:40.0443 7448 WerSvc - ok
06:47:40.0473 7448 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:47:40.0473 7448 WfpLwf - ok
06:47:40.0524 7448 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:47:40.0526 7448 WIMMount - ok
06:47:40.0549 7448 WinDefend - ok
06:47:40.0560 7448 WinHttpAutoProxySvc - ok
06:47:40.0635 7448 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:47:40.0635 7448 Winmgmt - ok
06:47:40.0726 7448 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
06:47:40.0737 7448 WinRM - ok
06:47:40.0824 7448 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
06:47:40.0825 7448 WinUsb - ok
06:47:40.0879 7448 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:47:40.0889 7448 Wlansvc - ok
06:47:41.0081 7448 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
06:47:41.0091 7448 wlidsvc - ok
06:47:41.0169 7448 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
06:47:41.0170 7448 WmiAcpi - ok
06:47:41.0220 7448 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:47:41.0222 7448 wmiApSrv - ok
06:47:41.0260 7448 WMPNetworkSvc - ok
06:47:41.0302 7448 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:47:41.0304 7448 WPCSvc - ok
06:47:41.0341 7448 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:47:41.0347 7448 WPDBusEnum - ok
06:47:41.0397 7448 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:47:41.0399 7448 ws2ifsl - ok
06:47:41.0446 7448 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
06:47:41.0449 7448 wscsvc - ok
06:47:41.0468 7448 WSearch - ok
06:47:41.0565 7448 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:47:41.0586 7448 wuauserv - ok
06:47:41.0647 7448 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:47:41.0649 7448 WudfPf - ok
06:47:41.0673 7448 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:47:41.0673 7448 WUDFRd - ok
06:47:41.0723 7448 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:47:41.0725 7448 wudfsvc - ok
06:47:41.0755 7448 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:47:41.0765 7448 WwanSvc - ok
06:47:41.0827 7448 [ 4647FDA6E21B18824D6073801177F4F7 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
06:47:41.0827 7448 yukonw7 - ok
06:47:41.0847 7448 ================ Scan global ===============================
06:47:41.0887 7448 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:47:41.0929 7448 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
06:47:41.0949 7448 [ 4343295C52C8B1ADD906F1A37B940AA1 ] C:\Windows\system32\winsrv.dll
06:47:41.0979 7448 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:47:42.0009 7448 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:47:42.0009 7448 [Global] - ok
06:47:42.0029 7448 ================ Scan MBR ==================================
06:47:42.0053 7448 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
06:47:42.0403 7448 \Device\Harddisk0\DR0 - ok
06:47:42.0413 7448 ================ Scan VBR ==================================
06:47:42.0413 7448 [ AC6EC3A8D5AF6684BE59BE4017ECB7DA ] \Device\Harddisk0\DR0\Partition1
06:47:42.0413 7448 \Device\Harddisk0\DR0\Partition1 - ok
06:47:42.0433 7448 [ D1586B3A651D870FD1876A0FF5447088 ] \Device\Harddisk0\DR0\Partition2
06:47:42.0433 7448 \Device\Harddisk0\DR0\Partition2 - ok
06:47:42.0463 7448 [ 2EC4D98D723D1052B102C861DA93E8E9 ] \Device\Harddisk0\DR0\Partition3
06:47:42.0463 7448 \Device\Harddisk0\DR0\Partition3 - ok
06:47:42.0463 7448 ============================================================
06:47:42.0463 7448 Scan finished
06:47:42.0463 7448 ============================================================
06:47:42.0483 6428 Detected object count: 0
06:47:42.0483 6428 Actual detected object count: 0
06:49:49.0723 7300 Deinitialize success

*Combfixlog*

ComboFix 12-03-31.03 - Dannnnnnnn 31/03/2012 16:15:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4029.2665 [GMT -7:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~pV6TA5bL3suGKr
c:\programdata\~pV6TA5bL3suGKrr
c:\programdata\pV6TA5bL3suGKr
c:\users\Dannnnnnnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Dannnnnnnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Dannnnnnnn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\windows\system\msvbvm60.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
.
.
2012-03-31 23:28 . 2012-03-31 23:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 20:44 . 2012-03-31 20:44 -------- d-----w- c:\programdata\Panda Security
2012-03-31 20:44 . 2012-03-31 20:44 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2012-03-31 20:43 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5564AF7D-19B9-4197-BBCF-37B26B68DE9D}\mpengine.dll
2012-03-30 05:12 . 2012-03-30 05:12 -------- d-----w- c:\windows\SysWow64\wbem\fr-FR
2012-03-30 05:11 . 2012-03-30 05:11 -------- d-----w- c:\windows\system32\wbem\fr-FR
2012-03-29 17:19 . 2012-03-29 17:19 -------- d-----w- c:\users\Dannnnnnnn\AppData\Roaming\Malwarebytes
2012-03-29 17:18 . 2012-03-29 17:18 -------- d-----w- c:\programdata\Malwarebytes
2012-03-29 17:18 . 2012-03-29 17:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-29 17:18 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 16:26 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-29 16:26 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-03-29 16:26 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-29 16:26 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-29 16:26 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-29 16:26 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-29 16:26 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-29 16:26 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-03-29 16:26 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-03-29 16:26 . 2012-03-29 16:26 -------- d-----w- c:\programdata\AVAST Software
2012-03-29 16:26 . 2012-03-29 16:26 -------- d-----w- c:\program files\AVAST Software
2012-03-18 16:08 . 2012-03-18 16:08 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-18 16:08 . 2012-03-18 16:08 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-03-18 01:59 . 2012-03-18 01:59 -------- d-----w- c:\program files\iTunes
2012-03-18 01:59 . 2012-03-18 01:59 -------- d-----w- c:\program files (x86)\iTunes
2012-03-18 01:59 . 2012-03-18 01:59 -------- d-----w- c:\program files\iPod
2012-03-17 14:28 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-17 14:28 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-17 14:28 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 01:12 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 01:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 01:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 01:10 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 01:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 01:10 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 01:10 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 01:10 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 01:10 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 01:10 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 16:18 . 2011-01-16 12:34 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 17:18 . 2011-05-24 23:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-01-04 10:44 . 2012-02-16 00:23 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-16 00:23 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 135664]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120113.002\IDSvia64.sys [2011-08-18 488568]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 14:16]
.
2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-15 14:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\Samsung AnyWeb Print\W2PBrowser.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Dannnnnnnn\AppData\Roaming\Mozilla\Firefox\Profiles\a2cchyej.default\
FF - prefs.js: keyword.URL - hxxp://www.questscan.com/?tmp=nemo_results_removelink&prt=QstscanPB&keywords=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4271745193-2774163658-938709683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4271745193-2774163658-938709683-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
c:\program files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
.
**************************************************************************
.
Completion time: 2012-03-31 16:52:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-31 23:52
.
Pre-Run: 141,151,989,760 bytes free
Post-Run: 141,507,268,608 bytes free
.
- - End Of File - - 9EB1D853E906E1EA0D6BD3821FBD218E


----------



## kevinf80 (Mar 21, 2006)

Why is Combofix running from F:\ drive and not the Desktop? Do the following:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.


 Turn off the real time scanner of any existing antivirus program while performing the online scan
 click on the Run ESET Online Scanner button
 Tick the box next to YES, I accept the Terms of Use.
*Click Start*
 When asked, allow the add/on to be installed
*Click Start*
 Make sure that the option Remove found threats is unticked
 Click on Advanced Settings, ensure the options
 Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
*Click Scan*
 wait for the virus definitions to be downloaded
 Wait for the scan to finish
*When the scan is complete*


 If no threats were found
 put a checkmark in "Uninstall application on close"
 close program
 report to me that nothing was found
*If threats were found*


 click on "list of threats found"
 click on "export to text file" and save it as ESET SCAN and save to the desktop
 Click on back
 put a checkmark in "Uninstall application on close"
 click on finish
*close program*
*copy and paste the report here*

Next,

Download Security Check by screen317 from either of the following: 
http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Post those two logs..


----------



## dcarson108 (Jan 5, 2013)

*ESET Online Scanner Log:*

C:\Program Files (x86)\MocaFlix\sprotector.dll Win32/SProtector application
C:\Program Files (x86)\Optimizer Pro\OptimizerPro.exe a variant of Win32/SpeedingUpMyPC application
C:\ProgramData\OptimizerPro1\OptimizerPro1.exe Win32/GenUpdater application
C:\ProgramData\OptimizerPro1\runtime.dll Win32/GenUpdater application
C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED.dll Win32/GenUpdater application
C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED_1.dll Win32/GenUpdater application
C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED_2.dll Win32/GenUpdater application
C:\ProgramData\OptimizerPro1\runtime_AVG_RESTORED_3.dll Win32/GenUpdater application
C:\ProgramData\SaveAs\509f29e091586.ocx Win32/Adware.MultiPlug.D application
C:\ProgramData\SaveAs\509f29e0915be.html Win32/Adware.MultiPlug.H application
C:\ProgramData\SaveAs\509f2a99e4a83.ocx Win32/Adware.MultiPlug.D application
C:\ProgramData\SaveAs\509f2a99e4abb.html Win32/Adware.MultiPlug.H application
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar145.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar250.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar26.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar36.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\IncrediBar9.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\OptimizerPro1\OptimizerPro1.exe Win32/GenUpdater application
C:\Users\All Users\OptimizerPro1\runtime.dll Win32/GenUpdater application
C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED.dll Win32/GenUpdater application
C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED_1.dll Win32/GenUpdater application
C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED_2.dll Win32/GenUpdater application
C:\Users\All Users\OptimizerPro1\runtime_AVG_RESTORED_3.dll Win32/GenUpdater application
C:\Users\All Users\SaveAs\509f29e091586.ocx Win32/Adware.MultiPlug.D application
C:\Users\All Users\SaveAs\509f29e0915be.html Win32/Adware.MultiPlug.H application
C:\Users\All Users\SaveAs\509f2a99e4a83.ocx Win32/Adware.MultiPlug.D application
C:\Users\All Users\SaveAs\509f2a99e4abb.html Win32/Adware.MultiPlug.H application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar145.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar250.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar26.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar36.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\IncrediBar9.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Dannnn\Downloads\DownloadSetup.exe Win32/InstallMate application
C:\Users\Dannnn\Downloads\DTLite4454-0316.exe Win32/OpenCandy application
C:\Users\Dannnn\Downloads\SaveAs(1).exe Win32/InstalleRex.C.Gen application
C:\Users\Dannnn\Downloads\SaveAs.exe Win32/InstalleRex.C.Gen application
C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe multiple threats
Operating memory multiple threats

*Security Check log.*

Results of screen317's Security Check version 0.99.56 
Windows 7 x64 (UAC is enabled) 
*Out of date service pack!!* 
Internet Explorer 8 *Out of date!* 
*``````````````Antivirus/Firewall Check:``````````````* 
*Windows Security Center service is not running! This report may not be accurate!* 
Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2013 
Antivirus up to date! 
*`````````Anti-malware/Other Utilities Check:`````````* 
Spybot - Search & Destroy 
Adobe Flash Player 11.5.502.135 
Adobe Reader 10.1.4 *Adobe Reader out of Date!* 
Mozilla Firefox (17.0.1) 
Google Chrome 23.0.1271.97 
*````````Process Check: objlist.exe by Laurent````````* 
AVG avgwdsvc.exe 
*`````````````````System Health check`````````````````* 
Total Fragmentation on Drive C: 1% 
*````````````````````End of Log``````````````````````*


----------



## kevinf80 (Mar 21, 2006)

Run the following:

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....


*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
C:\Program Files (x86)\MocaFlix\sprotector.dll
C:\Program Files (x86)\Optimizer Pro
C:\ProgramData\OptimizerPro1
C:\ProgramData\SaveAs
C:\ProgramData\Tarma Installer
C:\Users\All Users\OptimizerPro1
C:\Users\All Users\SaveAs
C:\Users\All Users\Tarma Installer
C:\Users\Dannnn\Downloads\DownloadSetup.exe
C:\Users\Dannnn\Downloads\DTLite4454-0316.exe
C:\Users\Dannnn\Downloads\SaveAs(1).exe
C:\Users\Dannnn\Downloads\SaveAs.exe
C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Next,

Run the MGA Diagnostic Tool and post back the report it creates:


Download *MGADiag* to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.


----------



## dcarson108 (Jan 5, 2013)

I'm having the internet connection problem again. I should be able to fix that when I'm home (I'm on a campus computer now) but I have to restore older settings so some of the programs I downloaded may be removed. The logs should stay saved though. Will that be a problem at all? Can I just restore old settings and do the step you posted?


----------



## kevinf80 (Mar 21, 2006)

Yep, should be ok...


----------



## dcarson108 (Jan 5, 2013)

Hmm, didn't seem to work this time. I still can't access internet (limited connection only).


----------



## kevinf80 (Mar 21, 2006)

Can you run FSS, you will need another system to d/l to USB and transfer over..

download Farbar Service Scanner and run it on the computer with the issue.
*Make sure the following options are checked:*


*Internet Services*
*Windows Firewall*
*System Restore*
*Security Center/Action Center*
*Windows Update*
*Windows Defender*


Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## dcarson108 (Jan 5, 2013)

Farbar Service Scanner Version: 05-01-2013
Ran by Dannnn (administrator) on 09-01-2013 at 21:28:24
Running from "F:\"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-16 09:24] - [2013-01-04 16:39] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Ok i`ve attached two zip files to this reply, *afd.zip* and *wscsvc.zip* Unzip each file to the Desktop of the sick PC. Run each unzipped file in turn, agree the merge when alerted.

When those two files are successfully merged re-run Combofix again as before and post the new log...

If there are still issues with the internet connection run FSS again and post a fresh log from that too..

Kevin


----------



## dcarson108 (Jan 5, 2013)

How do I run these unzipped files? When I double click them, it just says they were added to the registry. When I right click it, there are no options to "run" either of them. Did I unzip then incorrectly?


----------



## kevinf80 (Mar 21, 2006)

When you double click the unzipped file and you are told the merge was successful, thats all you need to do. The zipped and unzipped files can then be deleted.
Continue with the rest of the steps..


----------



## dcarson108 (Jan 5, 2013)

Internet still isn't working. Here are the updated logs:

ComboFix 13-01-08.01 - Dannnn 10/01/2013 12:09:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.2818 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dannnn\AppData\Local\assembly\tmp
.
---- Previous Run -------
.
c:\users\Dannnn\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))))
.
.
2013-01-04 15:04 . 2013-01-04 15:04 -------- d-----w- c:\users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 03:32 . 2013-01-09 21:59 -------- d-----w- c:\users\Dannnn\AppData\Roaming\Malwarebytes
2013-01-04 03:31 . 2013-01-09 21:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 03:31 . 2013-01-09 22:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-04 03:31 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-04 03:31 . 2013-01-04 03:31 -------- d-----w- c:\users\Dannnn\AppData\Local\Programs
2013-01-01 17:19 . 2013-01-09 22:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 09:25 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:25 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-12 10:37 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 10:37 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 10:37 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 10:37 . 2012-11-12 14:11 9375232 ----a-w- c:\windows\system32\mshtml.dll
2012-12-12 10:37 . 2012-10-27 05:37 696400 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-12-12 10:37 . 2012-10-27 05:36 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-12-12 10:37 . 2012-10-27 05:35 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-12-12 10:37 . 2012-10-27 05:02 672832 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2012-12-12 10:37 . 2012-10-27 04:59 860672 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 20:39 . 2012-04-16 13:24 22368 ----a-w- c:\windows\system32\drivers\AFD.SYS
2013-01-04 20:39 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 21:22 . 2012-04-16 02:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:22 . 2012-04-16 02:31 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-09 02:22 . 2012-08-30 21:35 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-22 17:02 . 2012-10-22 17:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 21:20 . 2012-11-28 00:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 00:13 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 00:13 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 07:48 . 2012-10-15 07:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1696D05C-C6CC-B007-08CD-818A6174ED1E}]
2012-11-11 04:33 129024 ----a-w- c:\programdata\SaveAs\509f2a99e4a83.ocx
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 02:22 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C3F654DF-AAC2-1193-6F47-C58D29820BCD}]
2012-11-11 04:30 129024 ----a-w- c:\programdata\SaveAs\509f29e091586.ocx
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-27 856160]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Board Tools"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files (x86)\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\MocaFlix\sprotector.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2012-04-17 2560]
R2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-03-02 19312]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-03-21 580976]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2012-03-21 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2012-03-21 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2012-03-21 24944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:22]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://websearch.mocaflix.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B36405247-abbe-46bd-a5b2-eb7869a196fc%7D&mid=2a6c3a23be1c47d0aa7cd16d123da097-e7015f33aa7d2cccaf2bfc9911bbcc2ab3c5b0c5&ds=AVG&v=13.2.0.5&lang=en&pr=fr&d=2012-09-27%2009%3A18%3A53&sap=ku&q=
FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF - ExtSQL: 2012-11-26 23:16; [email protected]; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
FF - user.js: extentions.y2layers.installId - c27331fe-7fb3-405b-ac64-b063e19ea68e
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3e06039800000000000018f46a3f6714
FF - user.js: extensions.incredibar_i.instlDay - 15655
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:27
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyTQ4yX7V
FF - user.js: extensions.incredibar_i.upn2n - 92262431172737351
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd - 
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,ff,
d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Optimizer Pro\OptProReminder.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2013-01-10 12:46:53 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-10 16:46
.
Pre-Run: 133,803,577,344 bytes free
Post-Run: 133,329,928,192 bytes free
.
- - End Of File - - 37F5A6874DDE91EA943679681EB71E21

Farbar Service Scanner Version: 05-01-2013
Ran by Dannnn (administrator) on 11-01-2013 at 00:18:25
Running from "C:\Users\Dannnn\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-16 09:24] - [2013-01-04 16:39] - 0022368 ____A (AVG Technologies CZ, s.r.o. ) 42B7E1AA0C7EC54652A50585793F1885

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Download *SystemLook* from one of the links below and save it to your Desktop.

*Link 1*
*Link 2*


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
afd.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## dcarson108 (Jan 5, 2013)

It says "The version of this file is compatible with the version of Windows you are running. Check your computer's system information to see whether you need an x86 (32-bit) or x64 (64-bit) version of the program, and then contact the software publisher"

How would I go about checking that if that's what I should do?


----------



## kevinf80 (Mar 21, 2006)

Your system is Windows 7 64 bit, The version of System Look I gave you is for 64 bit version, just run the tool and post the log,


----------



## dcarson108 (Jan 5, 2013)

SystemLook 30.07.11 by jpshortstuff
Log created at 00:19 on 12/01/2013 by Dannnn
Administrator - Elevation successful

========== filefind ==========

Searching for "afd.sys"
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --a---- 499712 bytes [00:03 18/04/2012] [09:23 20/11/2010] D31DC7A16DEA4A9BAF179F3D6FBDB38C
C:\Windows\System32\drivers\AFD.SYS --a---- 22368 bytes [13:24 16/04/2012] [20:39 04/01/2013] 42B7E1AA0C7EC54652A50585793F1885
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys --a---- 500224 bytes [23:21 13/07/2009] [23:21 13/07/2009] B9384E03479D2506BC924C16A3DB87BC
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys --a---- 499200 bytes [13:24 16/04/2012] [03:59 28/12/2011] DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys --a---- 499200 bytes [13:24 16/04/2012] [04:01 28/12/2011] CCA39961E76B491DDF44B1E90FC8971D
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys --a---- 498688 bytes [13:24 16/04/2012] [03:59 28/12/2011] 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys --a---- 498176 bytes [13:24 16/04/2012] [04:01 28/12/2011] 36A14FD1A23F57046361733B792CA8DB

-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
FCopy::
C:\Windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys | C:\Windows\System32\drivers\AFD.SYS
ClearJavaCache::
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Re-Boot the PC, Then run FSS and post a fresh log...

Also does connection work?


----------



## dcarson108 (Jan 5, 2013)

No, the connection still isn't working. I'm still not sure why combofix keeps running from the f drive. I have it saved on my desktop on my infected computer so I'm not running it from the USB, but the reports keep saying it's running from there. Anyways, here are the logs:

ComboFix 13-01-08.01 - Dannnn 12/01/2013 11:35:47.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.2699 [GMT -4:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\users\Dannnn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dannnn\AppData\Local\assembly\tmp
.
.
--------------- FCopy ---------------
.
c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys --> c:\windows\System32\drivers\AFD.SYS
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 15:43 . 2013-01-12 15:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 15:04 . 2013-01-04 15:04 -------- d-----w- c:\users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 03:32 . 2013-01-09 21:59 -------- d-----w- c:\users\Dannnn\AppData\Roaming\Malwarebytes
2013-01-04 03:31 . 2013-01-09 21:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 03:31 . 2013-01-04 03:31 -------- d-----w- c:\users\Dannnn\AppData\Local\Programs
2013-01-01 17:19 . 2013-01-09 22:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 09:25 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:25 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 20:39 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 21:22 . 2012-04-16 02:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:22 . 2012-04-16 02:31 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 08:20 . 2012-12-12 10:37 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 14:11 . 2012-12-12 10:37 9375232 ----a-w- c:\windows\system32\mshtml.dll
2012-11-12 12:18 . 2012-12-12 10:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:51 . 2012-12-12 10:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:34 . 2012-12-12 10:37 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-12 10:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-09 02:22 . 2012-08-30 21:35 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-02 05:27 . 2012-12-12 10:36 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-12 10:36 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-27 05:36 . 2012-12-12 10:37 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-10-27 05:36 . 2012-12-12 10:36 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-10-27 05:36 . 2012-12-12 10:36 134144 ----a-w- c:\windows\system32\url.dll
2012-10-27 05:36 . 2012-12-12 10:36 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-10-27 05:36 . 2012-12-12 10:36 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-10-27 05:36 . 2012-12-12 10:36 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-27 05:36 . 2012-12-12 10:36 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-10-27 05:36 . 2012-12-12 10:36 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-27 05:36 . 2012-12-12 10:36 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-10-27 05:35 . 2012-12-12 10:36 247808 ----a-w- c:\windows\system32\ieui.dll
2012-10-27 05:35 . 2012-12-12 10:36 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-10-27 05:35 . 2012-12-12 10:37 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-10-27 05:35 . 2012-12-12 10:36 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-10-27 05:35 . 2012-12-12 10:36 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-27 05:33 . 2012-12-12 10:36 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-27 05:00 . 2012-12-12 10:36 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-10-27 04:59 . 2012-12-12 10:36 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-27 04:23 . 2012-12-12 10:36 482816 ----a-w- c:\windows\system32\html.iec
2012-10-27 03:52 . 2012-12-12 10:36 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-10-22 17:02 . 2012-10-22 17:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 21:20 . 2012-11-28 00:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 00:13 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 00:13 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 07:48 . 2012-10-15 07:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1696D05C-C6CC-B007-08CD-818A6174ED1E}]
2012-11-11 04:33 129024 ----a-w- c:\programdata\SaveAs\509f2a99e4a83.ocx
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-09 02:22 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C3F654DF-AAC2-1193-6F47-C58D29820BCD}]
2012-11-11 04:30 129024 ----a-w- c:\programdata\SaveAs\509f29e091586.ocx
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
c:\program files (x86)\Yontoo\YontooIEClient.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-09 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-09 997320]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-27 856160]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Board Tools"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files (x86)\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\MocaFlix\sprotector.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-03-02 19312]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2012-04-17 2560]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-03-21 580976]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2012-03-21 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2012-03-21 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2012-03-21 24944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:22]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://websearch.mocaflix.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.mocaflix.com/?l=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B36405247-abbe-46bd-a5b2-eb7869a196fc%7D&mid=2a6c3a23be1c47d0aa7cd16d123da097-e7015f33aa7d2cccaf2bfc9911bbcc2ab3c5b0c5&ds=AVG&v=13.2.0.5&lang=en&pr=fr&d=2012-09-27%2009%3A18%3A53&sap=ku&q=
FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF - ExtSQL: 2012-11-26 23:16; [email protected]; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
FF - user.js: extentions.y2layers.installId - c27331fe-7fb3-405b-ac64-b063e19ea68e
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 3e06039800000000000018f46a3f6714
FF - user.js: extensions.incredibar_i.instlDay - 15655
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.140:27
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyTQ4yX7V
FF - user.js: extensions.incredibar_i.upn2n - 92262431172737351
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,ff,
d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Optimizer Pro\OptProReminder.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2013-01-12 11:55:57 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-12 15:55
ComboFix2.txt 2013-01-10 16:47
.
Pre-Run: 133,217,443,840 bytes free
Post-Run: 133,013,929,984 bytes free
.
- - End Of File - - B3251D1F96533D4EC697317D4F793C59

Farbar Service Scanner Version: 05-01-2013
Ran by Dannnn (administrator) on 12-01-2013 at 12:02:27
Running from "C:\Users\Dannnn\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-16 09:24] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Combofix shows as running from the Desktop.... *Command switches used :: c:\users\Dannnn\Desktop\CFScript.txt*

OK, FSS shows a missing reg key, we`ll have to fix that. As its a legacy key it needs a bit of manipulation as follows...


 Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
 Navigate to *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root*
 Right-Click Root and select Permissions...
 Click Advanced.
 Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
 Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
 Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
 Click Apply and OK.

Now double-click LEGACY_AFD.reg and agree any merge alerts. I`ve attached legacy_afd.zip, you`ll have to unzip that to the Desktop....

*Very important* - Please go back to the the Root key again as above, while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Re-boot and check the connection.. Post fresh FSS log...


----------



## kevinf80 (Mar 21, 2006)

Oooops fogot zip file.. find attached


----------



## dcarson108 (Jan 5, 2013)

Still no connection. Here's the updated FSS log.

Farbar Service Scanner Version: 05-01-2013
Ran by Dannnn (administrator) on 13-01-2013 at 02:02:52
Running from "C:\Users\Dannnn\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

Firewall Disabled Policy: 
==================

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-16 09:24] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, ok still some work to do... Delete Combofix from the Desktop, we will need a fesh copy d/l and tansfer to sick PC..
Also d/l and transfer AdwCleaner to sick PC desktop, run that one first, then CF...

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode and transfer onto your Desktop of sick PC.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on *Delete*.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Delete CF and transfer fresh copy from here:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Make sure all security is off, then run Combofix.....

Post both logs in next reply, also let me know what issues remain..

Thanks,

Kevin


----------



## dcarson108 (Jan 5, 2013)

The internet still will not connect. The computer is not heating up as quickly though. But since I can't get on the internet I'm not sure what issues remain.

I accidentally ran Adw cleaner from the f drive, so I ran it again from the desktop. That is why I have two logs for the Adw cleaner

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 22:54:23
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Dannnn - DANNNN-PC
# Boot Mode : Normal
# Running from : F:\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MocaFlix
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\SaveAs
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Dannnn\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Dannnn\AppData\Local\Conduit
Folder Deleted : C:\Users\Dannnn\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Dannnn\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dannnn\AppData\LocalLow\SaveAs
Folder Deleted : C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\CT2504091
Folder Deleted : C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\Smartbar
Folder Deleted : C:\Users\Dannnn\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SProtector
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.dll.bhoclass.dll.1.0
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstallerStub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{16726771-C380-4280-BAF9-1223B3838786}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SProtector
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17153

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=CA&userid=014ef344-0edf-4d7a-878f-9954e1e729fc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.mocaflix.com/ --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\prefs.js

C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\user.js ... Deleted !

Deleted : user_pref("CT2504091.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT2504091.FirstTime", "true");
Deleted : user_pref("CT2504091.FirstTimeFF3", "true");
Deleted : user_pref("CT2504091.LoginRevertSettingsEnabled", false);
Deleted : user_pref("CT2504091.RevertSettingsEnabled", false);
Deleted : user_pref("CT2504091.UserID", "UN19062682513184537");
Deleted : user_pref("CT2504091.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT2504091.autoDisableScopes", -1);
Deleted : user_pref("CT2504091.cbcountry_001", "CA");
Deleted : user_pref("CT2504091.cbfirsttime", "Sat Sep 08 2012 13:31:42 GMT-0300 (Atlantic Daylight Time)");
Deleted : user_pref("CT2504091.defaultSearch", "false");
Deleted : user_pref("CT2504091.embeddedsData", "[{\"appId\":\"129079840422026594\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT2504091.enableAlerts", "false");
Deleted : user_pref("CT2504091.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT2504091.firstTimeDialogOpened", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundError", "true");
Deleted : user_pref("CT2504091.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT2504091.fixUrls", true);
Deleted : user_pref("CT2504091.installId", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.installType", "ConduitNSISIntegration");
Deleted : user_pref("CT2504091.isCheckedStartAsHidden", true);
Deleted : user_pref("CT2504091.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT2504091.isNewTabEnabled", false);
Deleted : user_pref("CT2504091.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT2504091.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.migrateAppsAndComponents", true);
Deleted : user_pref("CT2504091.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fisearch.avg.com%[...]
Deleted : user_pref("CT2504091.openThankYouPage", "false");
Deleted : user_pref("CT2504091.openUninstallPage", "false");
Deleted : user_pref("CT2504091.search.searchAppId", "129079840422026594");
Deleted : user_pref("CT2504091.search.searchCount", "0");
Deleted : user_pref("CT2504091.searchInNewTabEnabled", "false");
Deleted : user_pref("CT2504091.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT2504091.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT2504091.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT2504091.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT2504091.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT2504091.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352340088716");
Deleted : user_pref("CT2504091.serviceLayer_services_appsMetadata_lastUpdate", "1353108882621");
Deleted : user_pref("CT2504091.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351958967345");
Deleted : user_pref("CT2504091.serviceLayer_services_login_10.10.27.6_lastUpdate", "1352685723847");
Deleted : user_pref("CT2504091.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357402783481");
Deleted : user_pref("CT2504091.serviceLayer_services_optimizer_lastUpdate", "1352694010619");
Deleted : user_pref("CT2504091.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351958966922");
Deleted : user_pref("CT2504091.serviceLayer_services_searchAPI_lastUpdate", "1353064554459");
Deleted : user_pref("CT2504091.serviceLayer_services_serviceMap_lastUpdate", "1357332470923");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351960766016");
Deleted : user_pref("CT2504091.serviceLayer_services_toolbarSettings_lastUpdate", "1357402783357");
Deleted : user_pref("CT2504091.serviceLayer_services_translation_lastUpdate", "1357332471112");
Deleted : user_pref("CT2504091.settingsINI", true);
Deleted : user_pref("CT2504091.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT2504091.smartbar.CTID", "CT2504091");
Deleted : user_pref("CT2504091.smartbar.Uninstall", "0");
Deleted : user_pref("CT2504091.smartbar.toolbarName", "Vuze Remote ");
Deleted : user_pref("CT2504091.startPage", "userChanged");
Deleted : user_pref("CT2504091.toolbarBornServerTime", "8-9-2012");
Deleted : user_pref("CT2504091.toolbarCurrentServerTime", "4-1-2013");
Deleted : user_pref("CT2504091.upgradeFromClearSBVersion", true);
Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");
Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb128?a=6OyTQ4yX7V&i=26");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.mocaflix.com/?l=1&q=");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Deleted : user_pref("extensions.504b5da676a3c.scode", "(function(){try{if('aol.com,mystart.incredibar.com,prem[...]
Deleted : user_pref("extensions.509f29e0914a1.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.509f2a99e499e.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.50b433c701bb5.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1352608077682");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "CA");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10658");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0A3F695708DC90D00FE74369D3337CE7");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "3e06039800000000000018f46a3f6714");
Deleted : user_pref("extensions.incredibar.id", "3e06039800000000000018f46a3f6714");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15655");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15655");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.140:27:45");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyTQ4yX7V");
Deleted : user_pref("extensions.incredibar.upn2n", "92262431172737351");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.140:27:45");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.140:27:45");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10658");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "3e06039800000000000018f46a3f6714");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15655");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyTQ4yX7V&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyTQ4yX7V");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92262431172737351");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.140:27:45");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B36405247-abbe-46bd-a5b2-eb7869a196fc%[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Dannnn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [25028 octets] - [13/01/2013 22:54:23]

########## EOF - C:\AdwCleaner[S1].txt - [25089 octets] ##########

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 23:00:26
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Dannnn - DANNNN-PC
# Boot Mode : Normal
# Running from : C:\Users\Dannnn\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.17153

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Dannnn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [25125 octets] - [13/01/2013 22:54:23]
AdwCleaner[S2].txt - [937 octets] - [13/01/2013 23:00:27]

########## EOF - C:\AdwCleaner[S2].txt - [996 octets] ##########

ComboFix 13-01-13.01 - Dannnn 13/01/2013 23:07:17.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.2257 [GMT -4:00]
Running from: c:\users\Dannnn\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dannnn\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 03:15 . 2013-01-14 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 15:04 . 2013-01-04 15:04 -------- d-----w- c:\users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 03:32 . 2013-01-09 21:59 -------- d-----w- c:\users\Dannnn\AppData\Roaming\Malwarebytes
2013-01-04 03:31 . 2013-01-09 21:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 03:31 . 2013-01-04 03:31 -------- d-----w- c:\users\Dannnn\AppData\Local\Programs
2013-01-01 17:19 . 2013-01-09 22:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 09:25 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:25 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 20:39 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 21:22 . 2012-04-16 02:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:22 . 2012-04-16 02:31 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 08:20 . 2012-12-12 10:37 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 14:11 . 2012-12-12 10:37 9375232 ----a-w- c:\windows\system32\mshtml.dll
2012-11-12 12:18 . 2012-12-12 10:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:51 . 2012-12-12 10:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:34 . 2012-12-12 10:37 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-12 10:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-09 02:22 . 2012-08-30 21:35 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-02 05:27 . 2012-12-12 10:36 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-12 10:36 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-27 05:36 . 2012-12-12 10:37 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-10-27 05:36 . 2012-12-12 10:36 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-10-27 05:36 . 2012-12-12 10:36 134144 ----a-w- c:\windows\system32\url.dll
2012-10-27 05:36 . 2012-12-12 10:36 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-10-27 05:36 . 2012-12-12 10:36 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-10-27 05:36 . 2012-12-12 10:36 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-27 05:36 . 2012-12-12 10:36 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-10-27 05:36 . 2012-12-12 10:36 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-27 05:36 . 2012-12-12 10:36 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-10-27 05:35 . 2012-12-12 10:36 247808 ----a-w- c:\windows\system32\ieui.dll
2012-10-27 05:35 . 2012-12-12 10:36 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-10-27 05:35 . 2012-12-12 10:37 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-10-27 05:35 . 2012-12-12 10:36 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-10-27 05:35 . 2012-12-12 10:36 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-27 05:33 . 2012-12-12 10:36 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-27 05:00 . 2012-12-12 10:36 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-10-27 04:59 . 2012-12-12 10:36 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-27 04:23 . 2012-12-12 10:36 482816 ----a-w- c:\windows\system32\html.iec
2012-10-27 03:52 . 2012-12-12 10:36 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-10-22 17:02 . 2012-10-22 17:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-16 21:20 . 2012-11-28 00:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 00:13 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 00:13 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Board Tools"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files (x86)\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2012-04-17 2560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-03-02 19312]
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-03-21 580976]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2012-03-21 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2012-03-21 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2012-03-21 24944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:22]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF - ExtSQL: 2012-11-26 23:16; [email protected]; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1696D05C-C6CC-B007-08CD-818A6174ED1E} - c:\programdata\SaveAs\509f2a99e4a83.ocx
BHO-{C3F654DF-AAC2-1193-6F47-C58D29820BCD} - c:\programdata\SaveAs\509f29e091586.ocx
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,bd,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,83,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8e,
1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,73,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1,\
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,ff,
d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-13 23:19:56
ComboFix-quarantined-files.txt 2013-01-14 03:19
ComboFix2.txt 2013-01-12 15:55
ComboFix3.txt 2013-01-10 16:47
.
Pre-Run: 131,533,008,896 bytes free
Post-Run: 131,283,390,464 bytes free
.
- - End Of File - - D9E44C8BB704619C7AB22AB22A983D82


----------



## kevinf80 (Mar 21, 2006)

Make sure teatimer is turned off...

Disable teatimer and leave off for now.
1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol ) and choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Next,

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
ClearJavaCache::
FireFox::
FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\e xtensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\e xtensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF - ExtSQL: 2012-11-26 23:16; [email protected]; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\e xtensions\[email protected]
RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkz s$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB]
"1"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,d6,9f,52,ce,23,dc,1 a,
c2
"2"=hex:d1,c8,c3,5e,08,10,b9,8f,1e,fd,a6,7c,f5,6d,b0,f3,a6,71,8f,f8,ab,bd,b d,
76,64,10,04,f0,92,77,f9,20
"3"=hex:47,af,e3,b9,38,4b,f6,e6,cb,8b,59,0c,3a,af,c5,a2,ac,98,11,9b,be,95,8 3,
07,ae,ba,7e,d8,e6,d6,56,50,c4,dc,bb,7b,18,78,a4,de,04,5c,25,4e,9f,d7,39,6d
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkz s$i&#&[email protected]^t! #^$ g9^$&pgb SDB36o \F93383AA3238BCCB\7BF9E831E71B650D9FD9ADA9E13AF2CA]
"1"=hex:47,e4,6c,02,68,b4,3b,2b,30,11,db,3c,35,63,21,d4,11,b1,7e,c5,ed,aa,8 e,
1a,3b,92,af,55,30,f0,da,a7
"2"=hex:03,13,8a,80,bd,85,45,8e
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,5 5,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae, \
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f 4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:3b,e8,2f,01,6c,32,33,d8,e1,d7,f3,f6,0e,0a,fa,46,62,39,09,43,d3,da,7 3,
d4,4e,db,d0,f9,b1,fb,0a,f1,d3,99,57,af,7d,98,93,fd,a5,1e,64,b6,5b,35,28,e1, \
"8"=hex:63,5a,d7,1b,b1,d4,18,46,3c,25,e7,95,a9,cd,5a,04,0a,ef,ab,a3,bc,d5,f f,
d9,5f,e7,cb,5e,09,e4,0e,eb,84,1a,55,8c,ca,0a,7c,04
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,

This will need to be d/l and transferred over:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files
Click *Go* and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Kevin


----------



## dcarson108 (Jan 5, 2013)

I can't find teatimer to disable it. Nothing comes up when I search for it. Any idea where it is?

edit: I found the issue. I disabled Spy Bot when I ran the last couple of logs because I assumed it was in the same category as the other virus protection. When I went to turn it back on, it had a registry and connection error (I assume when you attempt to re-install it, there needs to be an internet connection). I downloaded the program on this laptop and put in my USB, but my sick computer still needs to download some components, which it can't due to the connection problem. Any solution to this?


----------



## kevinf80 (Mar 21, 2006)

Just leave teatimer for now and continue,


----------



## dcarson108 (Jan 5, 2013)

ComboFix 13-01-13.01 - Dannnn 16/01/2013 6:55.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.2603 [GMT -4:00]
Running from: c:\users\Dannnn\Desktop\ComboFix.exe
Command switches used :: c:\users\Dannnn\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dannnn\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-12-16 to 2013-01-16 )))))))))))))))))))))))))))))))
.
.
2013-01-16 11:02 . 2013-01-16 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-04 15:04 . 2013-01-04 15:04 -------- d-----w- c:\users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 03:32 . 2013-01-09 21:59 -------- d-----w- c:\users\Dannnn\AppData\Roaming\Malwarebytes
2013-01-04 03:31 . 2013-01-09 21:59 -------- d-----w- c:\programdata\Malwarebytes
2013-01-04 03:31 . 2013-01-04 03:31 -------- d-----w- c:\users\Dannnn\AppData\Local\Programs
2013-01-01 17:19 . 2013-01-09 22:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 09:25 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 09:25 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 09:25 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-04 20:39 . 2009-07-14 00:10 22368 ----a-w- c:\windows\system32\drivers\WS2IFSL.SYS
2012-12-12 21:22 . 2012-04-16 02:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:22 . 2012-04-16 02:31 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 08:20 . 2012-12-12 10:37 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 14:11 . 2012-12-12 10:37 9375232 ----a-w- c:\windows\system32\mshtml.dll
2012-11-12 12:18 . 2012-12-12 10:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:51 . 2012-12-12 10:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:34 . 2012-12-12 10:37 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:49 . 2012-12-12 10:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-09 02:22 . 2012-08-30 21:35 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-02 05:27 . 2012-12-12 10:36 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 04:48 . 2012-12-12 10:36 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-27 05:36 . 2012-12-12 10:37 1501696 ----a-w- c:\windows\system32\urlmon.dll
2012-10-27 05:36 . 2012-12-12 10:36 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-10-27 05:36 . 2012-12-12 10:36 134144 ----a-w- c:\windows\system32\url.dll
2012-10-27 05:36 . 2012-12-12 10:36 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-10-27 05:36 . 2012-12-12 10:36 1026560 ----a-w- c:\windows\system32\mstime.dll
2012-10-27 05:36 . 2012-12-12 10:36 82944 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-10-27 05:36 . 2012-12-12 10:36 736256 ----a-w- c:\windows\system32\msfeeds.dll
2012-10-27 05:36 . 2012-12-12 10:36 57856 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-27 05:36 . 2012-12-12 10:36 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-10-27 05:35 . 2012-12-12 10:36 247808 ----a-w- c:\windows\system32\ieui.dll
2012-10-27 05:35 . 2012-12-12 10:36 2458624 ----a-w- c:\windows\system32\iertutil.dll
2012-10-27 05:35 . 2012-12-12 10:37 12404736 ----a-w- c:\windows\system32\ieframe.dll
2012-10-27 05:35 . 2012-12-12 10:36 256000 ----a-w- c:\windows\system32\iepeers.dll
2012-10-27 05:35 . 2012-12-12 10:36 445952 ----a-w- c:\windows\system32\iedkcs32.dll
2012-10-27 05:33 . 2012-12-12 10:36 12288 ----a-w- c:\windows\system32\msfeedssync.exe
2012-10-27 05:00 . 2012-12-12 10:36 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-10-27 04:59 . 2012-12-12 10:36 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-10-27 04:23 . 2012-12-12 10:36 482816 ----a-w- c:\windows\system32\html.iec
2012-10-27 03:52 . 2012-12-12 10:36 386048 ----a-w- c:\windows\SysWow64\html.iec
2012-10-22 17:02 . 2012-10-22 17:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1696D05C-C6CC-B007-08CD-818A6174ED1E}]
c:\programdata\SaveAs\509f2a99e4a83.ocx [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C3F654DF-AAC2-1193-6F47-C58D29820BCD}]
c:\programdata\SaveAs\509f29e091586.ocx [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Optimizer Pro"="c:\program files (x86)\Optimizer Pro\OptProLauncher.exe" [2012-06-10 79664]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-06 3143800]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" [2012-03-21 2186096]
"SMART Board Tools"="c:\program files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files (x86)\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files (x86)\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2012-04-17 2560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-06 5814392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Response Hardware;Response Hardware;c:\program files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-03-02 19312]
S2 SMARTHelperService;SMART Helper Service;c:\program files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-03-21 580976]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [2012-03-21 13168]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [2012-03-21 16368]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [2012-03-21 24944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 21:22]
.
2013-01-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-14 00:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 20:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-08-11 11369576]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - ExtSQL: 2012-11-17 16:59; {AE93811A-5C9A-4d34-8462-F7B864FC4696}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
FF - ExtSQL: 2012-11-17 16:59; {EE223D7A-F30F-11DD-8F0A-D2AD55D89593}; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.xpi
FF - ExtSQL: 2012-11-26 23:16; [email protected]; c:\users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-16 07:05:42
ComboFix-quarantined-files.txt 2013-01-16 11:05
ComboFix2.txt 2013-01-14 03:19
ComboFix3.txt 2013-01-12 15:55
ComboFix4.txt 2013-01-10 16:47
.
Pre-Run: 131,235,606,528 bytes free
Post-Run: 131,067,359,232 bytes free
.
- - End Of File - - 7DB3168BD4F0015F654A10046CFB13B6

MiniToolBox by Farbar Version:10-01-2013
Ran by Dannnn (administrator) on 16-01-2013 at 07:13:02
Running from "C:\Users\Dannnn\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dannnn-PC
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 18-F4-6A-3F-67-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744f:2f6f:1cf:56fc%12(Preferred) 
Autoconfiguration IPv4 Address. . : 169.254.86.252(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 
DHCPv6 IAID . . . . . . . . . . . : 219739242
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0B-7D-75-00-24-54-BB-65-6F
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nbed.nb.ca
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-24-54-D9-49-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{414029DD-4B3C-4920-83E1-004C64775EB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.nbed.nb.ca:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host google.com. Please check the name and try again.
Server: UnKnown
Address: fec0:0:0:ffff::1

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...18 f4 6a 3f 67 14 ......Atheros AR9285 Wireless Network Adapter
11...00 24 54 d9 49 64 ......Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.86.252 281
169.254.86.252 255.255.255.255 On-link 169.254.86.252 281
169.254.255.255 255.255.255.255 On-link 169.254.86.252 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.86.252 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.86.252 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::744f:2f6f:1cf:56fc/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/13/2013 11:10:24 AM) (Source: Application Error) (User: )
Description: Faulting application name: avgmfapx.exe, version: 13.0.0.2802, time stamp: 0x50c05a7c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x137c
Faulting application start time: 0xavgmfapx.exe0
Faulting application path: avgmfapx.exe1
Faulting module path: avgmfapx.exe2
Report Id: avgmfapx.exe3

Error: (01/13/2013 02:25:58 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (01/13/2013 02:25:44 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/12/2013 00:00:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: ResponseHardwareService.exe, version: 4.0.340.0, time stamp: 0x4f516480
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0x40000015
Fault offset: 0x0008d635
Faulting process id: 0x6f4
Faulting application start time: 0xResponseHardwareService.exe0
Faulting application path: ResponseHardwareService.exe1
Faulting module path: ResponseHardwareService.exe2
Report Id: ResponseHardwareService.exe3

Error: (01/12/2013 00:00:01 PM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/12/2013 11:55:58 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/12/2013 11:44:47 AM) (Source: Application Error) (User: )
Description: Faulting application name: ResponseHardwareService.exe, version: 4.0.340.0, time stamp: 0x4f516480
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0x40000015
Fault offset: 0x0008d635
Faulting process id: 0x6e8
Faulting application start time: 0xResponseHardwareService.exe0
Faulting application path: ResponseHardwareService.exe1
Faulting module path: ResponseHardwareService.exe2
Report Id: ResponseHardwareService.exe3

Error: (01/12/2013 11:44:26 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

Error: (01/12/2013 11:27:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: ResponseHardwareService.exe, version: 4.0.340.0, time stamp: 0x4f516480
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0x40000015
Fault offset: 0x0008d635
Faulting process id: 0x6d0
Faulting application start time: 0xResponseHardwareService.exe0
Faulting application path: ResponseHardwareService.exe1
Faulting module path: ResponseHardwareService.exe2
Report Id: ResponseHardwareService.exe3

Error: (01/12/2013 11:27:10 AM) (Source: Schedule) (User: )
Description: Schedule error: 10050Initialize call failed, bailing out

System errors:
=============
Error: (01/16/2013 07:02:50 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/16/2013 06:58:46 AM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/16/2013 06:55:02 AM) (Source: Service Control Manager) (User: )
Description: The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/16/2013 06:49:27 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/16/2013 06:49:24 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/15/2013 00:58:25 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/13/2013 11:22:32 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/13/2013 11:22:29 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/13/2013 11:21:36 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5

Error: (01/13/2013 11:15:05 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (01/11/2013 07:15:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 27645 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (11/13/2012 09:04:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3765 seconds with 1980 seconds of active time. This session ended with a crash.

Error: (10/21/2012 09:01:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4929 seconds with 120 seconds of active time. This session ended with a crash.

Error: (10/04/2012 01:38:18 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 164 seconds with 120 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2012-11-10 09:14:23.690
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-10 09:14:23.518
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-08 22:20:59.537
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-08 22:20:59.365
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-08 06:48:08.492
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-08 06:48:08.368
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-07 06:50:46.304
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-07 06:50:46.163
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-06 06:43:11.142
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-11-06 06:43:10.970
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\GEARAspiWDM.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

Adobe Flash Player 11 ActiveX (Version: 11.5.502.135)
Adobe Flash Player 11 Plugin (Version: 11.5.502.135)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Agatha Christie - Death on the Nile (Version: 2.2.0.82)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Atheros Client Installation Program (Version: 1.0.5.0621)
Audacity 2.0.2 (Version: 2.0.2)
AVG 2013 (Version: 13.0.2637)
AVG 2013 (Version: 13.0.2805)
AVG 2013 (Version: 2013.0.2805)
BatteryLifeExtender (Version: 1.0.5)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Network Adapter (Version: 5.60.48.44)
Build-a-lot (Version: 2.2.0.82)
Chuzzle Deluxe (Version: 2.2.0.82)
CyberLink YouCam (Version: 2.0.3911)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.82)
Easy Display Manager (Version: 3.2)
Easy Network Manager (Version: 4.4.1)
Easy SpeedUp Manager (Version: 2.1.0.15)
EasyBatteryManager (Version: 4.0.0.4)
ETDWare PS/2-X64 8.0.7.0_WHQL (Version: 8.0.7.0)
Farm Frenzy (Version: 2.2.0.82)
Google Chrome (Version: 23.0.1271.97)
Google Drive (Version: 1.6.3837.2778)
Google Update Helper (Version: 1.3.21.123)
Insaniquarium Deluxe (Version: 2.2.0.82)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel® Matrix Storage Manager
iTunes (Version: 11.0.1.12)
John Deere Drive Green (Version: 2.2.0.82)
Junk Mail filter update (Version: 14.0.8117.416)
Marvell Miniport Driver (Version: 11.24.27.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40302)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40307)
Mozilla Firefox 17.0.1 (x86 en-US) (Version: 17.0.1)
Mozilla Maintenance Service (Version: 17.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Optimizer Pro v3.0 (Version: 3.0)
Peggle (Version: 2.2.0.82)
Penguins! (Version: 2.2.0.82)
Plants vs. Zombies (Version: 2.2.0.82)
Polar Golfer (Version: 2.2.0.82)
Realtek High Definition Audio Driver (Version: 6.0.1.6176)
Samsung AnyWeb Print (Version: 1.0)
Samsung AnyWeb Print (Version: 1.1.19.0)
Samsung Recovery Solution 5 (Version: 5.0.0.6)
Samsung Support Center (Version: 1.1.18)
Samsung Universal Print Driver (Version: 2.01.06.00:16)
Samsung Update Plus (Version: 3.0.0.17)
Skype™ 5.10 (Version: 5.10.116)
SMART Common Files (Version: 11.0.246.0)
SMART English (United Kingdom) Language Pack (Version: 11.0.38.0)
SMART Ink (Version: 1.0.418.0)
SMART Notebook (Version: 11.0.583.0)
SMART Product Drivers (Version: 11.0.222.0)
SMART Response Software (Version: 4.0.340.0)
SMART Sync Teacher (Version: 10.0.576.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide (Version: 1.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Vuze (Version: 4.8)
WildTangent Games (Version: 1.0.1.5)
WildTangent ORB Game Console
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Zuma Deluxe (Version: 2.2.0.95)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 37%
Total physical RAM: 4028.61 MB
Available physical RAM: 2537.2 MB
Total Pagefile: 8055.37 MB
Available Pagefile: 6539.62 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.97 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:181 GB) (Free:122.14 GB) NTFS
2 Drive d: () (Fixed) (Total:269.16 GB) (Free:250.66 GB) NTFS
4 Drive f: (JOKER) (Removable) (Total:7.52 GB) (Free:7.12 GB) FAT32

========================= Users: ========================================

User accounts for \\DANNNN-PC

Administrator Dannnn Guest

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

What is the status of your system at present, what issues/concerns remain....


----------



## dcarson108 (Jan 5, 2013)

The same as before. The internet still only has limited connectivity, but it is not heating up as fast as it was when we started. I'm not sure about the other issues since I could only see those when I was online.


----------



## kevinf80 (Mar 21, 2006)

Right click on the Wireless icon next to the clock, then Select "Troubleshoot Problems" what feedback do you get?

Also run FSS one more time and post fresh log....


----------



## dcarson108 (Jan 5, 2013)

Trouble shoot says the issues detected are:

Windows cannot connect to "straightconnaught"
Problem with wireless adapter or access point.

Here's the fresh log:

Farbar Service Scanner Version: 05-01-2013
Ran by Dannnn (administrator) on 17-01-2013 at 07:41:33
Running from "C:\Users\Dannnn\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. 
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy: 
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-04-16 09:24] - [2010-11-20 05:23] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Select start, in the search box type *Device manager* tap enter, when that window opens scroll to *Network adapters* expand that entry, are there any exclamation or questions marks...


----------



## dcarson108 (Jan 5, 2013)

Nope, it just gives me two more clickable options (Atheros and Marvell Yukon)


----------



## kevinf80 (Mar 21, 2006)

Atheros is the wireless network adapter, the other is for the ethernet cable connection, if no exclamation or question marks drivers should be OK.

Do the following:

Go to Start > All Programs > Accessories > Right click on "Command Prompt" select "Run As Administrator"

At the command prompt type in:

*Ipconfig /release* Tap enter ***Note the space between *Ipconfig* and */release*
*Ipconfig /renew* Tap enter ***Note the space between *Ipconfig* and */renew*
*Ipconfig /flushdns* Tap enter ***Note the space between *Ipconfig* and */flushdns*

Then turn off your router/modem, shut down the Computer. Leave off for 1 full minute, Turn on router/modem, wait for all lights to stabilize. 
Boot up the Computer, can you connect?

If not then open Command prompt again:

Now type in:
*Ipconfig /all* Tap enter ***Note the space between *Ipconfig* and */All*

post those results here in your next reply...


----------



## dcarson108 (Jan 5, 2013)

Still no connection.

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>Ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dannnn-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 18-F4-6A-3F-67-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744f:2f6f:1cf:56fc%12(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.86.252(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 219739242
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0B-7D-75-00-24-54-BB-65-6F

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : nbed.nb.ca
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast E
thernet Controller
Physical Address. . . . . . . . . : 00-24-54-D9-49-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{414029DD-4B3C-4920-83E1-004C64775EB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.nbed.nb.ca:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>


----------



## kevinf80 (Mar 21, 2006)

Can you go back to reply #10 and follow those instructions. The entries flagged by ESET were not removed as per the OTM script I gave.
Also MGA was not run and the log posted. You have the means to transfer the required tools for that to be done.

When that is done totally remove AVG, also d/l and transfer the removal tool available here:

http://www.avg.com/us-en/utilities

When AVG is totally removed see if there is any change with the connection..

If still no connection re-run DDS and post the two logs, if those logs are clean one of the Networking guys will move this thread back to that forum, they have the required knowledge to look at the connection issue...

Soooooo, i`d like to see the logs as per reply #10. After AVG is totally removed if you have a connection post back and let me know, if not then post fresh DDS logs...

If DDS logs are good we can move to the Networking forum, one of the experts there will take over.

Thanks,

Kevin...


----------



## dcarson108 (Jan 5, 2013)

Alright, so a couple issues, but I don't think it's any too bad. There is still not internet connection. When I went to copy the MGAdiag, nothing happened. So I copied the text in there and I will post it below. Hopefully the formatting isn't too weird.

When I ran the AVG remover, a black box would pop-up for maybe half a second and close. I tried turning AVG back on and it did the same thing. I did remove AVG through add/remove programs though.

Here are the logs you wanted:

All processes killed
Error: Unable to interpret <Files> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\MocaFlix\sprotector.dll> in the current context!
Error: Unable to interpret <C:\Program Files (x86)\Optimizer Pro> in the current context!
Error: Unable to interpret <C:\ProgramData\OptimizerPro1> in the current context!
Error: Unable to interpret <C:\ProgramData\SaveAs> in the current context!
Error: Unable to interpret <C:\ProgramData\Tarma Installer> in the current context!
Error: Unable to interpret <C:\Users\All Users\OptimizerPro1> in the current context!
Error: Unable to interpret <C:\Users\All Users\SaveAs> in the current context!
Error: Unable to interpret <C:\Users\All Users\Tarma Installer> in the current context!
Error: Unable to interpret <C:\Users\Dannnn\Downloads\DownloadSetup.exe> in the current context!
Error: Unable to interpret <C:\Users\Dannnn\Downloads\DTLite4454-0316.exe> in the current context!
Error: Unable to interpret <C:\Users\Dannnn\Downloads\SaveAs(1).exe> in the current context!
Error: Unable to interpret <C:\Users\Dannnn\Downloads\SaveAs.exe> in the current context!
Error: Unable to interpret <C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dannnn
->Temp folder emptied: 130086 bytes
->Temporary Internet Files folder emptied: 2907332 bytes
->FireFox cache emptied: 76148208 bytes
->Google Chrome cache emptied: 159314391 bytes
->Flash cache emptied: 539 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9011 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 87278 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53083 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 228.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 01192013_201855

Files moved on Reboot...
C:\Users\Dannnn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PWB9R-4K7W4-2BT4J
Windows Product Key Hash: jlJIE69lzaXsu5B+X11cktZP6u8=
Windows Product ID: 00359-OEM-8992687-00015
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7600.2.00010300.0.0.003
ID: {E3170E16-DBBD-4671-84F3-93F6FF92E12E}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7600.win7_gdr.120830-0334
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 103 Blocked VLK
Microsoft Office Enterprise 2007 - 103 Blocked VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E3170E16-DBBD-4671-84F3-93F6FF92E12E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7600.2.00010300.0.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-2BT4J</PKey><PID>00359-OEM-8992687-00015</PID><PIDType>2</PIDType><SID>S-1-5-21-4271745193-2774163658-938709683</SID><SYSTEM><Manufacturer>SAMSUNG ELECTRONICS CO., LTD.</Manufacturer><Model>RV410/RV510/S3510/E3510 </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>02UC.P026.20100916.LX </Version><SMBIOSVersion major="2" minor="5"/><Date>20100916000000.000000+000</Date></BIOS><HWID>A9B93607018400F8</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Atlantic Standard Time(GMT-04:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>SECCSD</OEMID><OEMTableID>LH43STAR</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>103</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>103</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>ACD7202654E586</Val><Hash>fFic3JgCreGGRxyF8uMWB4R4Jcg=</Hash><Pid>89388-707-1528066-65720</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="103"/><App Id="16" Version="12" Result="103"/><App Id="18" Version="12" Result="103"/><App Id="19" Version="12" Result="103"/><App Id="1A" Version="12" Result="103"/><App Id="1B" Version="12" Result="103"/><App Id="44" Version="12" Result="103"/><App Id="A1" Version="12" Result="103"/><App Id="BA" Version="12" Result="103"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7600.16385

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800015-02-1033-7600.0000-2402010
Installation ID: 001114269104173110422452300095163746535345290940536014
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 2BT4J
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 19/01/2013 8:24:29 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:31:2012 17:41
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAIAAAABAAAAAgABAAEA6GFySZrY5hZyXdhx+hooFWRaMANGyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC 
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC SECCSD LH43STAR
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT
SSDT BrtRef DD01BRT

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17153
Run by Dannnn at 20:56:57 on 2013-01-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.4029.2550 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\runservice.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\ResponseSoftwareService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\hkcmd.exe
C:\Windows\system32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxpers.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
BHO: SaveAs Class: {1696D05C-C6CC-B007-08CD-818A6174ED1E} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: SaveAs Class: {C3F654DF-AAC2-1193-6F47-C58D29820BCD} - 
TB: SMART Sync: {8E1233B3-485A-4E51-B77E-9E075A68C588} - C:\Program Files (x86)\SMART Technologies\Education Software\SyncIEToolbar.dll
uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
mRun: [SMART Board Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
mRun: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe"
mRun: [Response Desktop Menu] "C:\Program Files (x86)\SMART Technologies\Education Software\DesktopMenu.exe"
mRun: [SMARTClassroomCoordinator.exe] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\34162737F6E613 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\354555D275962756C6563737 : DHCPNameServer = 138.73.2.253 192.197.143.16 198.164.30.2
TCP: Interfaces\{414029DD-4B3C-4920-83E1-004C64775EB9}\56C6563647279636 : DHCPNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{E917552B-B4F9-4B6D-BB82-EACBCDAF3A0F} : DHCPNameServer = 204.81.0.10 204.81.0.99
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Special:Random
FF - ExtSQL: 2012-11-26 23:16; [email protected]; C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-30 30568]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\Windows\System32\drivers\SABI.sys [2010-8-28 13824]
R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2012-4-17 2560]
R2 Response Hardware;Response Hardware;C:\Program Files (x86)\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-3-2 19312]
R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-3-21 580976]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-8-28 111616]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-8 401696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-15 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 Samsung UPD Service;Samsung UPD Service;C:\Windows\System32\SUPDSvc.exe [2012-4-15 166704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-18 1255736]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-01-20 00:53:22 -------- d-----w- C:\Users\Dannnn\AppData\Local\Avg2013
2013-01-20 00:22:28 -------- d-----w- C:\MGADiagToolOutput
2013-01-20 00:18:55 -------- d-----w-  C:\_OTM
2013-01-16 22:15:51 -------- d-sh--w- C:\$RECYCLE.BIN
2013-01-10 16:08:09 98816 ----a-w- C:\Windows\sed.exe
2013-01-10 16:08:09 256000 ----a-w- C:\Windows\PEV.exe
2013-01-10 16:08:09 208896 ----a-w- C:\Windows\MBR.exe
2013-01-04 15:04:09 -------- d-----w- C:\Users\Dannnn\AppData\Roaming\SUPERAntiSpyware.com
2013-01-04 03:32:26 -------- d-----w- C:\Users\Dannnn\AppData\Roaming\Malwarebytes
2013-01-04 03:31:38 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-04 03:31:26 -------- d-----w- C:\Users\Dannnn\AppData\Local\Programs
2013-01-01 17:19:18 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-22 09:25:03 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-22 09:25:03 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-22 09:25:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-22 09:25:02 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
==================== Find3M ====================
.
2013-01-20 00:51:25 857 --sha-w- C:\Windows\SysWow64\mmf.sys
2013-01-04 20:39:29 22368 ----a-w- C:\Windows\System32\drivers\WS2IFSL.SYS
2012-12-12 21:22:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 21:22:18 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-22 08:20:36 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:34:27 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:49:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-09 02:22:31 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec
2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec
.
============= FINISH: 20:58:04.62 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 15/04/2012 9:03:26 PM
System Uptime: 19/01/2013 8:50:54 PM (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV410/RV510/S3510/E3510 
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 1196/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 181 GiB total, 122.178 GiB free.
D: is FIXED (NTFS) - 269 GiB total, 250.664 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 29/12/2012 10:34:01 AM - Scheduled Checkpoint
RP74: 04/01/2013 4:24:31 PM - ComboFix created restore point
RP75: 05/01/2013 12:46:07 PM - Restore Operation
RP76: 08/01/2013 7:14:57 AM - ComboFix created restore point
RP77: 09/01/2013 5:56:21 PM - Restore Operation
RP78: 12/01/2013 11:34:18 AM - ComboFix created restore point
RP79: 16/01/2013 6:52:32 AM - ComboFix created restore point
RP80: 19/01/2013 8:46:47 PM - Removed AVG 2013
RP81: 19/01/2013 8:49:06 PM - Removed AVG 2013
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Installation Program
Audacity 2.0.2
BatteryLifeExtender
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Bonjour
Broadcom 802.11 Network Adapter
Build-a-lot
Chuzzle Deluxe
CyberLink YouCam
Diner Dash 2 Restaurant Rescue
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
ETDWare PS/2-X64 8.0.7.0_WHQL
Farm Frenzy
Google Chrome
Google Drive
Google Update Helper
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
John Deere Drive Green
Junk Mail filter update
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Optimizer Pro v3.0
Peggle
Penguins!
Plants vs. Zombies
Polar Golfer
Realtek High Definition Audio Driver
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Skype™ 5.10
SMART Common Files
SMART English (United Kingdom) Language Pack
SMART Ink
SMART Notebook
SMART Product Drivers
SMART Response Software
SMART Sync Teacher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
User Guide
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Vuze
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
19/01/2013 8:20:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
19/01/2013 8:18:55 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
19/01/2013 1:07:26 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
16/01/2013 7:02:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
16/01/2013 6:55:02 AM, Error: Service Control Manager [7034] - The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).
13/01/2013 1:59:37 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
13/01/2013 1:58:36 AM, Error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error %%-1.
13/01/2013 1:56:12 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
13/01/2013 1:56:12 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
13/01/2013 1:56:12 AM, Error: Service Control Manager [7000] - The Ancillary Function Driver for Winsock service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/01/2013 12:11:00 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
12/01/2013 12:11:00 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
12/01/2013 12:02:20 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
12/01/2013 12:02:15 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/01/2013 12:02:15 PM, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The device does not recognize the command.
12/01/2013 12:00:16 PM, Error: Service Control Manager [7034] - The Response Hardware service terminated unexpectedly. It has done this 1 time(s).
12/01/2013 12:00:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD
12/01/2013 12:00:05 PM, Error: Service Control Manager [7001] - The Server service depends on the Server SMB 1.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/01/2013 12:00:04 PM, Error: Service Control Manager [7001] - The Server SMB 2.xxx Driver service depends on the srvnet service which failed to start because of the following error: The device does not recognize the command.
12/01/2013 12:00:04 PM, Error: Service Control Manager [7001] - The Server SMB 1.xxx Driver service depends on the Server SMB 2.xxx Driver service which failed to start because of the following error: The dependency service or group failed to start.
12/01/2013 12:00:04 PM, Error: Service Control Manager [7000] - The srvnet service failed to start due to the following error: The device does not recognize the command.
12/01/2013 12:00:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the SMB 2.0 MiniRedirector service which failed to start because of the following error: The dependency service or group failed to start.
12/01/2013 12:00:02 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
12/01/2013 12:00:02 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The device does not recognize the command.
12/01/2013 12:00:02 PM, Error: Service Control Manager [7000] - The SMB MiniRedirector Wrapper and Engine service failed to start due to the following error: The device does not recognize the command.
12/01/2013 12:00:01 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/01/2013 12:00:01 PM, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The device does not recognize the command.
12/01/2013 12:00:01 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/01/2013 11:27:34 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
.
==== End Of File ===========================


----------



## kevinf80 (Mar 21, 2006)

Sorry for the delay,

Your version MS office is running with a blocked Volume Licence Key (VLK). Those licences are not issued for personal use, they are normally for corporate, business or educational use. Maybe you should either UNinstall your version of MS office or buy a genuine licence...

From the DDS logs I see Optimizer Pro is still running, also Spybots Teatimer. Optimizer Pro is classed as a PUP, Potentially unwanted programs, it is also flagged as scareware and definitely not wanted on your system.

See if you can UNinstall the two following programs:

*Optimizer Pro
Spybot - Search & Destroy*

Next,

I want you to run OTM again, the apps that need removing did not work last time, OTM should be still on your Desktop

Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....


*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Service
avgtp
:Files
C:\Windows\System32\drivers\avgtpx64.sys
C:\Program Files (x86)\MocaFlix\sprotector.dll
C:\Program Files (x86)\Spybot
C:\Program Files (x86)\Optimizer Pro
C:\ProgramData\OptimizerPro1
C:\ProgramData\SaveAs
C:\ProgramData\Tarma Installer
C:\Users\All Users\OptimizerPro1
C:\Users\All Users\SaveAs
C:\Users\All Users\Tarma Installer
C:\Users\Dannnn\Downloads\DownloadSetup.exe
C:\Users\Dannnn\Downloads\DTLite4454-0316.exe
C:\Users\Dannnn\Downloads\SaveAs(1).exe
C:\Users\Dannnn\Downloads\SaveAs.exe
C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe
C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\e xtensions\[email protected]
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Is there a wirless connection? if not can you try wired with Ethernet cable, does that connect?

Kevin


----------



## dcarson108 (Jan 5, 2013)

I still can't get a full connection, whether it's wireless or with the Ethernet cable. here's the log:

All processes killed
Error: Unable to interpret <:Service> in the current context!
Error: Unable to interpret <avgtp> in the current context!
========== FILES ==========
File/Folder C:\Windows\System32\drivers\avgtpx64.sys not found.
File/Folder C:\Program Files (x86)\MocaFlix\sprotector.dll not found.
File/Folder C:\Program Files (x86)\Spybot not found.
File/Folder C:\Program Files (x86)\Optimizer Pro not found.
C:\ProgramData\OptimizerPro1\downloads folder moved successfully.
C:\ProgramData\OptimizerPro1 folder moved successfully.
File/Folder C:\ProgramData\SaveAs not found.
File/Folder C:\ProgramData\Tarma Installer not found.
File/Folder C:\Users\All Users\OptimizerPro1 not found.
File/Folder C:\Users\All Users\SaveAs not found.
File/Folder C:\Users\All Users\Tarma Installer not found.
C:\Users\Dannnn\Downloads\DownloadSetup.exe moved successfully.
C:\Users\Dannnn\Downloads\DTLite4454-0316.exe moved successfully.
C:\Users\Dannnn\Downloads\SaveAs(1).exe moved successfully.
C:\Users\Dannnn\Downloads\SaveAs.exe moved successfully.
C:\Users\Dannnn\Downloads\Shinedown_Amaryllis_2012-All-Albums-(Special-Edition).exe moved successfully.
File/Folder C:\Users\Dannnn\AppData\Roaming\Mozilla\Firefox\Profiles\g26fl3wt.default\e xtensions\[email protected] not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dannnn
->Temp folder emptied: 778573 bytes
->Temporary Internet Files folder emptied: 167322 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8227 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 01202013_195058

Files moved on Reboot...
C:\Users\Dannnn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

Thanks for the info and log, run the following see if this makes any difference to the connection issue:

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste *sfc /scannow* > then tap enter. When finished type *exit* Tap enter, re-boot your PC.

***Note the space between *sfc* and */scannow*.

If that did not help do this:

Select start > in the search box type *services.msc* See if the two following services are "Started" and start up type is "Automatic"

*DHCP Client 
DNS Client*

If still no connection I`ll ask a colleague to have a look into this issue, it is somewhat outside of my knowledge pool....

Thanks,

Kevin.....


----------



## dcarson108 (Jan 5, 2013)

After the sfc run, no changes. I searched the second part and both are started and set to automatic.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, unfortunately i`m stumped with the connection problem. I`ve contacted a one of the networking guys to takeover...

Thanks for your understanding,

Kevin....


----------



## dcarson108 (Jan 5, 2013)

I appreciate all the help you have given me. Hopefully whatever initially started the problem is gone and it's just odd security feature. Thank you very much for getting me this far.


----------



## kevinf80 (Mar 21, 2006)

My colleague is currently offline, but will respond later. While you wait set the system up for a clean boot, see if that makes any difference...

Full instructions are available here: http://support.microsoft.com/kb/929135 it is reasonably easy to follow, maybe helpfull to read the instructions through fully a couple of times...

Nearly 2am local time for me, catch up later....

Kevin....:up:


----------



## etaf (Oct 2, 2003)

I have moved to the networking forum , *kevinf80* has confirmed you are virus free

if the clean boot does not work - post back results and we will probably need to cover some of the ground again


----------



## dcarson108 (Jan 5, 2013)

I am able to connect on campus without doing the clean boot. I will let you know tonight if I am able to connect at home.


----------



## etaf (Oct 2, 2003)

if you cannoct OK at campus - then lets not try a clean boot yet - let us know what happens at hone


----------



## dcarson108 (Jan 5, 2013)

Hmm, can't connect at home. That's strange because earlier when I had the issue I was unable to connect on campus. Any suggestions?


----------



## etaf (Oct 2, 2003)

as i say starting over again , i'm afraid 

so what happens when you try and connect - does it ask for a password - does it connect - but no internet - can you describe the symptoms 

are others connecting to the wireless all OK


----------



## dcarson108 (Jan 5, 2013)

It connects but it says no internet access. When I trouble shoot it, it says there is an issue with the connection to the router. 

As you know, I was able to connect to the wireless on campus with no issue. The laptop I'm on now and one other laptop are having zero issues connecting.


----------



## etaf (Oct 2, 2003)

It may still be a security suite issue -

are you going back to campus soon?



> It connects but it says no internet access.


 when it connects can we see the following

*------------------------------------------------------------------------*
* ipconfig /all *
If you cannot access the internet with this PC, then you will need to paste the results into something like notepad and then copy onto a machine that can access the internet and post the results in a reply here.
Save the file to a USB flash drive or other removable media. Plug it into the working computer with internet access and copy the file and paste here.

If you do not have another PC - do you have a phone connected to the internet - can you photograph the result and post the image in a reply 
Note: you will see entries named *Tunnel adapter Teredo Tunneling Pseudo-Interface:* we dont need to see that information - JUST the infomation above those entries

We would like to see the results from an *ipconfig /all* - post back the results in a reply here.

This should also work for windows 8
Hold the *Windows* key and press *R*, then type *CMD* then press *Enter* to open a command prompt box 
(A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

_Note that there is a space before the /ALL, but there is *NOT* a space after the / in the following command._

* ipconfig /all > network.txt & network.txt *

It will export the results into notepad and then automatically open the notepad and display on your screen.

Now all you need to do is copy and paste those results into a reply here
to do that:
From the notepad menu - choose *Edit* - *Select all* 
all the text will now be highlighted
Next
From the notepad menu - choose *Edit* - *Copy*

Now go back to the forum - goto the reply and then right click in the reply box and *paste* the results. 
The results from the notepad should now appear in the forum reply.
*------------------------------------------------------------------------*


----------



## dcarson108 (Jan 5, 2013)

This is from my campus connection.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Dannnn> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dannnn-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : stu.ca

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : stu.ca
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 18-F4-6A-3F-67-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744f:2f6f:1cf:56fc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 198.164.76.184(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.248.0
Lease Obtained. . . . . . . . . . : January-22-13 1:00:13 PM
Lease Expires . . . . . . . . . . : January-22-13 2:17:36 PM
Default Gateway . . . . . . . . . : 198.164.72.1
DHCP Server . . . . . . . . . . . : 192.207.76.82
DHCPv6 IAID . . . . . . . . . . . : 219739242
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0B-7D-75-00-24-54-BB-65-6F

DNS Servers . . . . . . . . . . . : 138.73.202.120
192.207.76.72
198.164.30.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : no-domain-set.aliant
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast E
thernet Controller
Physical Address. . . . . . . . . : 00-24-54-D9-49-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.no-domain-set.aliant:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3489:30de:395b:b347(Pref
erred)
Link-local IPv6 Address . . . . . : fe80::3489:30de:395b:b347%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.stu.ca:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : stu.ca
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . : stu.ca
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:c6a4:4cb8::c6a4:4cb8(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 138.73.202.120
192.207.76.72
198.164.30.2
NetBIOS over Tcpip. . . . . . . . : Disabled


----------



## etaf (Oct 2, 2003)

so now at home can we see another ipconfig /all when it connects to your home wireless 

a) theres something on the PC that does not like the wireless - security suite 
or
b) it does not like your router - a reset of the router maybe in order - what the make and model of the router and do you have a separate modem ?


----------



## dcarson108 (Jan 5, 2013)

A) I'm not sure if it's a security issue or not.

B) When I troubleshoot it asks me to investigate router or access point (I've done the restart a few times). When I click continue, it says it is unable to solve the wireless connectivity issue.

Here's the log when it was ran from my wireless connection at home:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Dannnn> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dannnn-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 18-F4-6A-3F-67-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744f:2f6f:1cf:56fc%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.86.252(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 219739242
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-0B-7D-75-00-24-54-BB-65-6F

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : no-domain-set.aliant
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast E
thernet Controller
Physical Address. . . . . . . . . : 00-24-54-D9-49-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.no-domain-set.aliant:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{414029DD-4B3C-4920-83E1-004C64775EB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


----------



## etaf (Oct 2, 2003)

> Autoconfiguration IPv4 Address. . : 169.254.86.252


 thats shown because it cannnot find a dhcp service
*IP 169.254.x.x*
An IP adress of 169.254.x.x is the autoconfiguration address that Windows assigns (Microsoft APIPA) is a DHCP failover mechanism, when it cannot find a dhcp service, so something is either blocking access or is not running

lets see what programs are on the PC

*------------------------------------------------------------------------*
* List of all programs installed on PC *

Hold the *Windows* key and press *R*, then type *CMD* then press *Enter* to open a command prompt box 
(A new dialogue box - black with white font, will appear on screen ):

In the command prompt window that opens, type the following command:

* wmic product get name > program_on_pc.txt & program_on_pc.txt *

It will export the results into notepad and then automatically open the notepad and display on your screen.

Now all you need to do is copy and paste those results into a reply here
to do that:
From the notepad menu - choose *Edit* - *Select all* 
all the text will now be highlighted
Next
From the notepad menu - choose *Edit* - *Copy*

Now go back to the forum - goto the reply and then right click in the reply box and *paste* the results. 
The results from the notepad should now appear in the forum reply.
*------------------------------------------------------------------------*


----------



## dcarson108 (Jan 5, 2013)

Name 
Microsoft Office Enterprise 2007 
Microsoft Office OneNote MUI (English) 2007 
Microsoft Office Groove Setup Metadata MUI (English) 2007 
Microsoft Office InfoPath MUI (English) 2007 
Microsoft Office Access MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Access Setup Metadata MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office Publisher MUI (English) 2007 
Microsoft Office Outlook MUI (English) 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Groove MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Application Error Reporting 
Microsoft Office File Validation Add-In 
Microsoft Office 2010 
Windows Live Essentials 
Visual Studio 2008 x64 Redistributables 
Windows Live Writer 
AVG 2013 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Default Manager 
Bing Rewards Client Installer 
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 
Google Drive 
Windows Live ID Sign-in Assistant 
Windows Live SOXE Definitions 
SMART Ink 
Skype™ 5.10 
Bonjour 
Windows Live Communications Platform 
Windows Live Movie Maker 
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) 
SMART Product Drivers 
Apple Software Update 
Windows Live Photo Gallery 
Windows Live Mail 
SMART English (United Kingdom) Language Pack 
MSVCRT_amd64 
AVG 2013 
Easy Network Manager 
Windows Live Messenger 
Windows Live Writer 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Adobe Reader X (10.1.4) 
Visual Studio 2010 x64 Redistributables 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
MSXML 4.0 SP2 (KB973688) 
SMART Response Software 
Samsung Support Center 
Windows Live Photo Gallery 
Windows Live Photo Common 
D3DX10 
SMART Notebook 
Junk Mail filter update 
SMART Common Files 
Windows Live Movie Maker 
Windows Live Messenger 
YouCam 
Google Update Helper 
Windows Live Family Safety 
Windows Live Mail 
MSVCRT 
Apple Mobile Device Support 
Windows Live Family Safety 
iMindMap 6 
Windows Live Photo Common 
Windows Live Language Selector 
Apple Application Support 
BatteryLifeExtender 
Windows Live Writer 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Silverlight 
Samsung AnyWeb Print 
iTunes 
MSXML 4.0 SP2 (KB954430) 
Windows Live Sync 
Microsoft .NET Framework 4 Client Profile 
Windows Live PIMT Platform 
Windows Live MIME IFilter 
SMART Sync Teacher 
Windows Live UX Platform 
Windows Live Writer Resources 
Windows Live Installer 
Windows Live SOXE 
Windows Live UX Platform Language Pack


----------



## etaf (Oct 2, 2003)

AVG is still on the system - that may be the issue

i would suggest we use the removal tool and remove AVG 
* AVG Removal Tools *
http://www.avg.com/gb-en/utilities
http://www.avg.com/ww-en/utilities

> removal tool, that can be used with *AVG 2013* http://www.avg.com/tools#tba2 - > on Installation Tab > use the * AvgRemover *
> removal tool, that can be used with *AVG 2012* http://www.avg.com/tools2012.tpl-mcr1#tba2 -> on Installation Tab > use the * AvgRemover *
> removal tool, that can be used with *AVG 2011* http://www.avg.com/tools2011.tpl-mcr1#tba2 -> on Installation Tab > use the * AvgRemover *
> removal tool, that can be used with *AVG 9.0* http://www.avg.com/tools9.tpl-mcr1#tba2 -> on Installation Tab > use the * AvgRemover *
> removal tool, that can be used with *AVG 8.5* http://www.avg.com/tools8.tpl-mcr1#tba2 -> on Installation Tab > use the * AvgRemover *


----------



## dcarson108 (Jan 5, 2013)

I had it uninstalled (still no working connection), but I just re-installed it the other day. Should I still uninstall it and see anyways?


----------



## etaf (Oct 2, 2003)

did you use the removal tool when you removed ?

it maybe a setting needed - or a wild goose chase


----------



## dcarson108 (Jan 5, 2013)

Alright, it should be all gone. Do you want me to run another command prompt?


----------



## etaf (Oct 2, 2003)

yes please


----------



## dcarson108 (Jan 5, 2013)

Name 
Microsoft Office Enterprise 2007 
Microsoft Office OneNote MUI (English) 2007 
Microsoft Office Groove Setup Metadata MUI (English) 2007 
Microsoft Office InfoPath MUI (English) 2007 
Microsoft Office Access MUI (English) 2007 
Microsoft Office Shared Setup Metadata MUI (English) 2007 
Microsoft Office Excel MUI (English) 2007 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 
Microsoft Office Access Setup Metadata MUI (English) 2007 
Microsoft Office PowerPoint MUI (English) 2007 
Microsoft Office Publisher MUI (English) 2007 
Microsoft Office Outlook MUI (English) 2007 
Microsoft Office Office 64-bit Components 2007 
Microsoft Office Shared 64-bit MUI (English) 2007 
Microsoft Office Groove MUI (English) 2007 
Microsoft Office Word MUI (English) 2007 
Microsoft Office Proofing (English) 2007 
Microsoft Office Shared MUI (English) 2007 
Microsoft Office Proof (English) 2007 
Microsoft Office Proof (Spanish) 2007 
Microsoft Office Proof (French) 2007 
Microsoft Application Error Reporting 
Microsoft Office File Validation Add-In 
Microsoft Office 2010 
Windows Live Essentials 
Visual Studio 2008 x64 Redistributables 
Windows Live Writer 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Default Manager 
Bing Rewards Client Installer 
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 
Google Drive 
Windows Live ID Sign-in Assistant 
Windows Live SOXE Definitions 
SMART Ink 
Skype™ 5.10 
Bonjour 
Windows Live Communications Platform 
Windows Live Movie Maker 
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) 
SMART Product Drivers 
Apple Software Update 
Windows Live Photo Gallery 
Windows Live Mail 
SMART English (United Kingdom) Language Pack 
MSVCRT_amd64 
Easy Network Manager 
Windows Live Messenger 
Windows Live Writer 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Adobe Reader X (10.1.4) 
Visual Studio 2010 x64 Redistributables 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
MSXML 4.0 SP2 (KB973688) 
SMART Response Software 
Samsung Support Center 
Windows Live Photo Gallery 
Windows Live Photo Common 
D3DX10 
SMART Notebook 
Junk Mail filter update 
SMART Common Files 
Windows Live Movie Maker 
Windows Live Messenger 
YouCam 
Google Update Helper 
Windows Live Family Safety 
Windows Live Mail 
MSVCRT 
Apple Mobile Device Support 
Windows Live Family Safety 
iMindMap 6 
Windows Live Photo Common 
Windows Live Language Selector 
Apple Application Support 
BatteryLifeExtender 
Windows Live Writer 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Silverlight 
Samsung AnyWeb Print 
iTunes 
MSXML 4.0 SP2 (KB954430) 
Windows Live Sync 
Microsoft .NET Framework 4 Client Profile 
Windows Live PIMT Platform 
Windows Live MIME IFilter 
SMART Sync Teacher 
Windows Live UX Platform 
Windows Live Writer Resources 
Windows Live Installer 
Windows Live SOXE 
Windows Live UX Platform Language Pack


----------



## etaf (Oct 2, 2003)

and an ipconfig /all please


----------



## dcarson108 (Jan 5, 2013)

Sorry for the delay, it's been a busy couple of days. Here's the info:

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-95-10-70-00-24-54-D9-49-64

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : no-domain-set.aliant
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast E
thernet Controller
Physical Address. . . . . . . . . : 00-24-54-D9-49-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{414029DD-4B3C-4920-83E1-004C64775EB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


----------



## etaf (Oct 2, 2003)

can you post the full information, this is cut off


----------



## dcarson108 (Jan 5, 2013)

Ah, that's weird. Is there some secret to copying from the command prompt? I right clock, select all, and then crtl c, but it rarely actually copies. It took me a good amount of tries for it to actually copy wiht the first attempt and I've been trying for over 5 minutes now to get the whole thing posted.


----------



## etaf (Oct 2, 2003)

try this in cmd command prompt box - it will open the ipconfig /all directly in notepad 
_Note that there is a space before the /ALL, but there is *NOT* a space after the / in the following command._

* ipconfig /all > network.txt & network.txt *


----------



## dcarson108 (Jan 5, 2013)

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Dannnn> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Dannnn-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 18-F4-6A-3F-67-14
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::744f:2f6f:1cf:56fc%11(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.86.252(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 219739242
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-95-10-70-00-24-54-D9-49-64

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : no-domain-set.aliant
Description . . . . . . . . . . . : Marvell Yukon 88E8040 Family PCI-E Fast E
thernet Controller
Physical Address. . . . . . . . . : 00-24-54-D9-49-64
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{414029DD-4B3C-4920-83E1-004C64775EB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.no-domain-set.aliant:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


----------



## dcarson108 (Jan 5, 2013)

Any updates on what could be wrong?


----------



## etaf (Oct 2, 2003)

can you do the following - status of the services and also run fabar again
*------------------------------------------------------------------------*
*Status of Services*

We would like to see some status information for each of the services listed below.

To do this goto

Start> Run {search bar in Vista/W7}> type * CMD * to open a command prompt box (A new dialogue box - black with white font, will appear on screen ):

Type the following command 
*SERVICES.MSC*

*OR*
Control Panel>
Administrative Tools> 
Services>

then for each of the services listed below - Please post back the following status information;
If the service is set to Started or Stopped 
*and* 
If the service is set to Automatic or Manual


COM+ Event System (for WZC issues)
Computer Browser
DHCP Client
DNS Client
Network Connections
Network Location Awareness
Remote Procedure Call (RPC)
Server
TCP/IP Netbios helper
Wireless Zero Configuration _(XP wireless configurations only_)
WLAN AutoConfig (_Windows 7 & Vista wireless configurations only_)
Workstation

If any of those services are not started/running, 
then right click on the service 
then from the menu choose *properties* and now check the dependencies.

for each dependency entry - Check each of one of the dependencies and see which one is preventing the service from running/starting.

---------

Also to help us identify what may be causing the issue
Check the event log, there may be clues to what is failing. To do that 
Start > 
control panel > 
administrative tools > 
event Viewer>

*------------------------------------------------------------------------*

*------------------------------------------------------------------------*
*Services - Fabar Service Scanner, free*

We would like to see some status information for each of the services on the PC goto

http://www.technibble.com/fabar-service-scanner/

and download the free scanner tool

Theres a Direct link to the program here
http://download.bleepingcomputer.com/farbar/FSS.exe

Now "double click" on the downloaded file to run the scanner , the scanner program will now open

tick *all* the options. and then click on *scan*

the scan results will open automatically in a seperate window in the notepad program.

Now all you need to do is copy and paste those results to a reply here
to do that:
From the notepad menu - choose *Edit* - *Select all* 
all the text will be highlighted
Next
From the notepad menu - choose *Edit* - *Copy*
Now go back to the forum - reply and then right click in the reply box and *paste*

if you have any issues. A log file called FSS.txt will be created in the same directory as the program is run from.

*------------------------------------------------------------------------*


----------

