# Google redirect



## nettech_gt (May 18, 2012)

Recently I have noticed that sometimes my Google searches are redirected to other websites. (Its very random and doesn't always redirect) An example of one is:

home-and-garden.become.com

I have scanned with Spybot, AVG 2012, Malwarebytes, MS Security Essentials and ESET Online scan (all in safe mode) yet nothing was found.... Please help!

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 6:27:14 PM, on 5/17/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
C:\Program Files (x86)\WakeupOnStandBy\wosb.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKCU\..\Run: [MurGeeMon] C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe :silent
O4 - HKCU\..\Run: [WOSB] "C:\Program Files (x86)\WakeupOnStandBy\wosb.exe" /run /systray dt="5/18/2012" tm="7:30:40 AM" file="C:\Log Off_Task Kill.bat" wait="0:0:2" /ptowu weekdays=127 /ast kv="1" vID=1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Download to MurGeeMon - C:\Program Files (x86)\MurGeeMon\ProcessClick.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\Windows\PSSDNSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9499 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by nettech_gt at 20:50:16 on 2012-05-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1874 [GMT -7:00]
.
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WUDFHost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
C:\Program Files (x86)\WakeupOnStandBy\wosb.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [MurGeeMon] C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe :silent
uRun: [WOSB] "C:\Program Files (x86)\WakeupOnStandBy\wosb.exe" /run /systray dt="5/18/2012" tm="7:30:40 AM" file="C:\Log Off_Task Kill.bat" wait="0:0:2" /ptowu weekdays=127 /ast kv="1" vID=1
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download to MurGeeMon - C:\Program Files (x86)\MurGeeMon\ProcessClick.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{720F4577-691B-4ED3-AAC2-440F9A2D5D55}\D657E63686B696E6 : DhcpNameServer = 209.18.47.62
TCP: Interfaces\{E4BFFFFA-9E6C-4438-8CF7-56AC10FC0E46} : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\nettech_gt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\[email protected]\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys --> C:\Windows\system32\DRIVERS\tdrpm273.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-5-15 3246040]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-2-28 9603432]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-2-22 1153368]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-12 2337144]
R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.30904.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.30904.0.sys [?]
R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-2 253088]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-6 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 PsShutdownSvc;PsShutdown;C:\Windows\PSSDNSVC.EXE [2011-4-10 87616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-05-18 01:13:45 388096 ----a-r- C:\Users\nettech_gt\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-05-18 01:13:44 -------- d-----w- C:\Program Files (x86)\TrendMicro
2012-05-17 05:23:12 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07AED541-733A-4077-A0AD-9BB1BFDDC55C}\gapaengine.dll
2012-05-17 05:23:09 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0DECC42C-4767-4B81-A994-BBF6D79979A7}\mpengine.dll
2012-05-17 05:15:37 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-17 05:15:35 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-15 23:23:28 -------- d-----w- C:\Users\nettech_gt\AppData\Roaming\Malwarebytes
2012-05-15 23:23:24 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-15 23:23:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-15 23:23:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-11 00:39:37 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-11 00:39:36 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-11 00:39:30 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 00:39:29 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 00:39:29 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 00:39:29 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 00:38:37 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-11 00:38:18 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-11 00:38:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:38:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:00:49 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-06 15:00:48 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 15:00:48 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-16 14:30:00 87616 ----a-w- C:\Windows\PSSDNSVC.EXE
2012-05-06 14:59:18 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 14:59:18 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-14 14:20:51 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-21 03:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 20:50:52.41 ===============


----------



## eddie5659 (Mar 19, 2001)

Hiya and welcome to Tech Support Guy 

Download *Security Check* from *here*.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called *checkup.txt*; please post the contents of that document.

Then, can you run this for me:

*Download and scan with* *SUPERAntiSpyware* Free Edition for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Home*" button to leave the control center screen.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click *Scan your computer*.
On the left, select all *fixed drives*.
Click "*Start Complete Scan*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*Continue*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*Remove Threats*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *View Scan Logs*.
[*]Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
[*]If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor.
[*]Please copy and paste the Scan Log results in your next reply._
_[*]Click *Close* to exit the program._
_

eddie_


----------



## nettech_gt (May 18, 2012)

Results of screen317's Security Check version 0.99.32 
Windows 7 x64 *(UAC is disabled!)* 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Disabled! 
ZoneAlarm Firewall 
ZoneAlarm Free 
ZoneAlarm Security 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
MVPS Hosts File 
Spybot - Search & Destroy 
Java(TM) 6 Update 32 
Adobe Reader X (10.1.3) 
Mozilla Firefox (12.0.) 
Mozilla Thunderbird (x86 en-US..) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Windows Defender MSMpEng.exe 
*Spybot Teatimer.exe is disabled!* 
AVG avgwdsvc.exe 
AVG avgtray.exe 
Microsoft Security Essentials msseces.exe 
CheckPoint ZoneAlarm vsmon.exe 
CheckPoint ZoneAlarm zatray.exe 
*``````````End of Log````````````*


----------



## nettech_gt (May 18, 2012)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2012 at 05:39 PM

Application Version : 5.0.1150

Core Rules Database Version : 8623
Trace Rules Database Version: 6435

Scan type : Complete Scan
Total Scan Time : 00:51:06

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 674
Memory threats detected : 0
Registry items scanned : 63785
Registry threats detected : 0
File items scanned : 244245
File threats detected : 2

Trojan.Agent/Gen-Frauder[Startup]
C:\PROGRAM FILES (X86)\WIZARDS OF THE COAST LLC\MAGIC THE GATHERING - DUELS OF THE PLANESWALKERS\AUTOLOAD_DOTP.EXE

Adware.Tracking Cookie
s0.2mdn.net [ C:\USERS\GAMES\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\L9LQUSCK ]


----------



## nettech_gt (May 18, 2012)

FYI:

Trojan.Agent/Gen-Frauder[Startup]
C:\PROGRAM FILES (X86)\WIZARDS OF THE COAST LLC\MAGIC THE GATHERING - DUELS OF THE PLANESWALKERS\AUTOLOAD_DOTP.EXE

This is not a virus. It is a custom script I created using "Auto Hot Key" to launch various other programs to launch when I load the game "MAGIC THE GATHERING - DUELS OF THE PLANESWALKERS"


----------



## eddie5659 (Mar 19, 2001)

Thank you for explaining about that file. If any of the tools we use in the process remove this automatically, we'll put them back from quarantine 

Okay, can you run the following, and post their logs. If need be, post in a few replies 

---------

Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply

--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan 









On completion of the scan click save log, save it to your desktop and post in your next reply 









-------------------------

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop *


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## nettech_gt (May 18, 2012)

20:37:56.0648 3652 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
20:37:58.0676 3652 ============================================================
20:37:58.0676 3652 Current date / time: 2012/05/21 20:37:58.0676
20:37:58.0676 3652 SystemInfo:
20:37:58.0676 3652 
20:37:58.0676 3652 OS Version: 6.1.7601 ServicePack: 1.0
20:37:58.0676 3652 Product type: Workstation
20:37:58.0676 3652 ComputerName: KEVIN-LAPTOP
20:37:58.0676 3652 UserName: nettech_gt
20:37:58.0676 3652 Windows directory: C:\Windows
20:37:58.0676 3652 System windows directory: C:\Windows
20:37:58.0676 3652 Running under WOW64
20:37:58.0676 3652 Processor architecture: Intel x64
20:37:58.0676 3652 Number of processors: 2
20:37:58.0676 3652 Page size: 0x1000
20:37:58.0676 3652 Boot type: Normal boot
20:37:58.0676 3652 ============================================================
20:37:58.0941 3652 Drive \Device\Harddisk0\DR0 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:37:59.0035 3652 Drive \Device\Harddisk2\DR2 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:37:59.0035 3652 ============================================================
20:37:59.0035 3652 \Device\Harddisk0\DR0:
20:37:59.0035 3652 MBR partitions:
20:37:59.0035 3652 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x6FCB800
20:37:59.0035 3652 \Device\Harddisk2\DR2:
20:37:59.0035 3652 MBR partitions:
20:37:59.0035 3652 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129CD800
20:37:59.0035 3652 ============================================================
20:37:59.0035 3652 C: <-> \Device\Harddisk0\DR0\Partition0
20:37:59.0082 3652 F: <-> \Device\Harddisk2\DR2\Partition0
20:37:59.0082 3652 ============================================================
20:37:59.0082 3652 Initialize success
20:37:59.0082 3652 ============================================================
20:38:46.0048 2412 ============================================================
20:38:46.0048 2412 Scan started
20:38:46.0048 2412 Mode: Manual; SigCheck; TDLFS; 
20:38:46.0048 2412 ============================================================
20:38:46.0266 2412 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
20:38:46.0329 2412 !SASCORE - ok
20:38:46.0422 2412 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:38:46.0469 2412 1394ohci - ok
20:38:46.0500 2412 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:38:46.0516 2412 ACPI - ok
20:38:46.0516 2412 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:38:46.0563 2412 AcpiPmi - ok
20:38:46.0672 2412 AcrSch2Svc (b175ee4f763d25908789896d43522f72) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
20:38:46.0703 2412 AcrSch2Svc - ok
20:38:46.0719 2412 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:38:46.0734 2412 AdobeARMservice - ok
20:38:46.0812 2412 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:38:46.0828 2412 AdobeFlashPlayerUpdateSvc - ok
20:38:46.0921 2412 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:38:46.0968 2412 adp94xx - ok
20:38:46.0999 2412 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:38:47.0015 2412 adpahci - ok
20:38:47.0031 2412 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:38:47.0046 2412 adpu320 - ok
20:38:47.0062 2412 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:38:47.0171 2412 AeLookupSvc - ok
20:38:47.0202 2412 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
20:38:47.0233 2412 afcdp - ok
20:38:47.0530 2412 afcdpsrv (af44f7e027037628f1fac3c13cde73e6) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
20:38:47.0608 2412 afcdpsrv - ok
20:38:47.0717 2412 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:38:47.0748 2412 AFD - ok
20:38:47.0764 2412 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:38:47.0779 2412 agp440 - ok
20:38:47.0779 2412 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:38:47.0811 2412 ALG - ok
20:38:47.0811 2412 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:38:47.0826 2412 aliide - ok
20:38:47.0826 2412 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:38:47.0842 2412 amdide - ok
20:38:47.0857 2412 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:38:47.0889 2412 AmdK8 - ok
20:38:47.0889 2412 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:38:47.0920 2412 AmdPPM - ok
20:38:47.0920 2412 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:38:47.0951 2412 amdsata - ok
20:38:47.0967 2412 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:38:47.0982 2412 amdsbs - ok
20:38:47.0982 2412 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:38:47.0998 2412 amdxata - ok
20:38:48.0013 2412 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:38:48.0123 2412 AppID - ok
20:38:48.0123 2412 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:38:48.0169 2412 AppIDSvc - ok
20:38:48.0169 2412 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:38:48.0216 2412 Appinfo - ok
20:38:48.0232 2412 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:38:48.0247 2412 arc - ok
20:38:48.0247 2412 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:38:48.0263 2412 arcsas - ok
20:38:48.0279 2412 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:38:48.0310 2412 AsyncMac - ok
20:38:48.0325 2412 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:38:48.0341 2412 atapi - ok
20:38:48.0403 2412 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:38:48.0450 2412 AudioEndpointBuilder - ok
20:38:48.0466 2412 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:38:48.0513 2412 AudioSrv - ok
20:38:48.0934 2412 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:38:49.0027 2412 AVGIDSAgent - ok
20:38:49.0105 2412 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
20:38:49.0121 2412 AVGIDSDriver - ok
20:38:49.0121 2412 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
20:38:49.0137 2412 AVGIDSEH - ok
20:38:49.0137 2412 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
20:38:49.0152 2412 AVGIDSFilter - ok
20:38:49.0183 2412 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
20:38:49.0199 2412 Avgldx64 - ok
20:38:49.0199 2412 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
20:38:49.0215 2412 Avgmfx64 - ok
20:38:49.0230 2412 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
20:38:49.0230 2412 Avgrkx64 - ok
20:38:49.0277 2412 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
20:38:49.0293 2412 Avgtdia - ok
20:38:49.0308 2412 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:38:49.0324 2412 avgwd - ok
20:38:49.0339 2412 AX88772 (594931a6353318ee9d77a9ceafddee21) C:\Windows\system32\DRIVERS\ax88772.sys
20:38:49.0371 2412 AX88772 - ok
20:38:49.0386 2412 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:38:49.0417 2412 AxInstSV - ok
20:38:49.0464 2412 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:38:49.0511 2412 b06bdrv - ok
20:38:49.0527 2412 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:38:49.0558 2412 b57nd60a - ok
20:38:49.0558 2412 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
20:38:49.0573 2412 BCM42RLY - ok
20:38:49.0823 2412 BCM43XX (37394d3553e220fb732c21e217e1bd8b) C:\Windows\system32\DRIVERS\bcmwl664.sys
20:38:49.0901 2412 BCM43XX - ok
20:38:49.0979 2412 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:38:49.0995 2412 BDESVC - ok
20:38:50.0010 2412 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:38:50.0041 2412 Beep - ok
20:38:50.0119 2412 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:38:50.0166 2412 BFE - ok
20:38:50.0244 2412 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
20:38:50.0307 2412 BITS - ok
20:38:50.0322 2412 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:38:50.0338 2412 blbdrive - ok
20:38:50.0353 2412 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:38:50.0369 2412 bowser - ok
20:38:50.0369 2412 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:38:50.0416 2412 BrFiltLo - ok
20:38:50.0416 2412 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:38:50.0431 2412 BrFiltUp - ok
20:38:50.0447 2412 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:38:50.0494 2412 Browser - ok
20:38:50.0525 2412 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:38:50.0541 2412 Brserid - ok
20:38:50.0556 2412 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:38:50.0572 2412 BrSerWdm - ok
20:38:50.0572 2412 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:38:50.0587 2412 BrUsbMdm - ok
20:38:50.0603 2412 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:38:50.0619 2412 BrUsbSer - ok
20:38:50.0634 2412 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:38:50.0650 2412 BTHMODEM - ok
20:38:50.0665 2412 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:38:50.0697 2412 bthserv - ok
20:38:50.0712 2412 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:38:50.0759 2412 cdfs - ok
20:38:50.0775 2412 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:38:50.0790 2412 cdrom - ok
20:38:50.0806 2412 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:38:50.0837 2412 CertPropSvc - ok
20:38:50.0853 2412 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:38:50.0868 2412 circlass - ok
20:38:50.0899 2412 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:38:50.0931 2412 CLFS - ok
20:38:50.0946 2412 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:38:50.0946 2412 clr_optimization_v2.0.50727_32 - ok
20:38:50.0962 2412 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:38:50.0977 2412 clr_optimization_v2.0.50727_64 - ok
20:38:51.0009 2412 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:38:51.0024 2412 clr_optimization_v4.0.30319_32 - ok
20:38:51.0040 2412 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:38:51.0055 2412 clr_optimization_v4.0.30319_64 - ok
20:38:51.0055 2412 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:38:51.0087 2412 CmBatt - ok
20:38:51.0087 2412 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:38:51.0102 2412 cmdide - ok
20:38:51.0149 2412 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:38:51.0180 2412 CNG - ok
20:38:51.0180 2412 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:38:51.0196 2412 Compbatt - ok
20:38:51.0211 2412 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:38:51.0227 2412 CompositeBus - ok
20:38:51.0243 2412 COMSysApp - ok
20:38:51.0243 2412 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:38:51.0258 2412 crcdisk - ok
20:38:51.0289 2412 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
20:38:51.0336 2412 CryptSvc - ok
20:38:51.0399 2412 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:38:51.0445 2412 DcomLaunch - ok
20:38:51.0461 2412 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:38:51.0523 2412 defragsvc - ok
20:38:51.0539 2412 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:38:51.0570 2412 DfsC - ok
20:38:51.0601 2412 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:38:51.0711 2412 Dhcp - ok
20:38:51.0711 2412 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:38:51.0757 2412 discache - ok
20:38:51.0773 2412 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:38:51.0789 2412 Disk - ok
20:38:53.0364 2412 DisplayLinkService (ff3898beead10ff735750396ccad3e28) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
20:38:53.0567 2412 DisplayLinkService - ok
20:38:53.0645 2412 DisplayLinkUsbPort (4483543563dcd194acefe139950dfde3) C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.30904.0.sys
20:38:53.0676 2412 DisplayLinkUsbPort - ok
20:38:53.0707 2412 dlkmd (598f5681d1ebd67b524dd14f1e05abd0) C:\Windows\system32\drivers\dlkmd.sys
20:38:53.0723 2412 dlkmd - ok
20:38:53.0723 2412 dlkmdldr (d83c01faf754361b8772148c1e096014) C:\Windows\system32\drivers\dlkmdldr.sys
20:38:53.0754 2412 dlkmdldr - ok
20:38:53.0770 2412 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:38:53.0801 2412 Dnscache - ok
20:38:53.0832 2412 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:38:53.0910 2412 dot3svc - ok
20:38:53.0926 2412 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:38:53.0973 2412 DPS - ok
20:38:53.0973 2412 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:38:54.0019 2412 drmkaud - ok
20:38:54.0331 2412 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:38:54.0441 2412 DXGKrnl - ok
20:38:54.0456 2412 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:38:54.0550 2412 EapHost - ok
20:38:54.0909 2412 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:38:54.0987 2412 ebdrv - ok
20:38:55.0049 2412 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:38:55.0080 2412 EFS - ok
20:38:55.0143 2412 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:38:55.0174 2412 ehRecvr - ok
20:38:55.0189 2412 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:38:55.0221 2412 ehSched - ok
20:38:55.0299 2412 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:38:55.0330 2412 elxstor - ok
20:38:55.0330 2412 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:38:55.0392 2412 ErrDev - ok
20:38:55.0439 2412 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:38:55.0486 2412 EventSystem - ok
20:38:55.0501 2412 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:38:55.0564 2412 exfat - ok
20:38:55.0579 2412 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:38:55.0642 2412 fastfat - ok
20:38:55.0704 2412 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:38:55.0751 2412 Fax - ok
20:38:55.0751 2412 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:38:55.0782 2412 fdc - ok
20:38:55.0782 2412 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:38:55.0845 2412 fdPHost - ok
20:38:55.0845 2412 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:38:55.0907 2412 FDResPub - ok
20:38:55.0907 2412 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:38:55.0923 2412 FileInfo - ok
20:38:55.0938 2412 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:38:55.0985 2412 Filetrace - ok
20:38:55.0985 2412 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:38:56.0016 2412 flpydisk - ok
20:38:56.0047 2412 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:38:56.0063 2412 FltMgr - ok
20:38:56.0172 2412 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
20:38:56.0250 2412 FontCache - ok
20:38:56.0266 2412 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:38:56.0266 2412 FontCache3.0.0.0 - ok
20:38:56.0281 2412 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:38:56.0297 2412 FsDepends - ok
20:38:56.0313 2412 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:38:56.0328 2412 Fs_Rec - ok
20:38:56.0344 2412 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:38:56.0375 2412 fvevol - ok
20:38:56.0375 2412 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:38:56.0391 2412 gagp30kx - ok
20:38:56.0469 2412 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:38:56.0531 2412 gpsvc - ok
20:38:56.0547 2412 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:38:56.0578 2412 hcw85cir - ok
20:38:56.0609 2412 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:38:56.0640 2412 HdAudAddService - ok
20:38:56.0656 2412 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:38:56.0687 2412 HDAudBus - ok
20:38:56.0703 2412 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:38:56.0734 2412 HidBatt - ok
20:38:56.0734 2412 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:38:56.0765 2412 HidBth - ok
20:38:56.0781 2412 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:38:56.0796 2412 HidIr - ok
20:38:56.0812 2412 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:38:56.0859 2412 hidserv - ok
20:38:56.0859 2412 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:38:56.0890 2412 HidUsb - ok
20:38:56.0905 2412 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:38:56.0968 2412 hkmsvc - ok
20:38:56.0999 2412 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:38:57.0046 2412 HomeGroupListener - ok
20:38:57.0061 2412 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:38:57.0108 2412 HomeGroupProvider - ok
20:38:57.0124 2412 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:38:57.0139 2412 HpSAMD - ok
20:38:57.0202 2412 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:38:57.0264 2412 HTTP - ok
20:38:57.0280 2412 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:38:57.0280 2412 hwpolicy - ok
20:38:57.0295 2412 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:38:57.0327 2412 i8042prt - ok
20:38:57.0358 2412 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:38:57.0389 2412 iaStorV - ok
20:38:57.0467 2412 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:38:57.0498 2412 idsvc - ok
20:38:57.0514 2412 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:38:57.0529 2412 iirsp - ok
20:38:57.0607 2412 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:38:57.0654 2412 IKEEXT - ok
20:38:57.0670 2412 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:38:57.0685 2412 intelide - ok
20:38:57.0685 2412 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:38:57.0717 2412 intelppm - ok
20:38:57.0717 2412 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:38:57.0732 2412 IntuitUpdateServiceV4 - ok
20:38:57.0748 2412 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:38:57.0779 2412 IPBusEnum - ok
20:38:57.0795 2412 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:38:57.0826 2412 IpFilterDriver - ok
20:38:57.0888 2412 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:38:57.0935 2412 iphlpsvc - ok
20:38:57.0951 2412 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:38:57.0966 2412 IPMIDRV - ok
20:38:57.0982 2412 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:38:58.0013 2412 IPNAT - ok
20:38:58.0029 2412 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:38:58.0060 2412 IRENUM - ok
20:38:58.0060 2412 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:38:58.0075 2412 isapnp - ok
20:38:58.0107 2412 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:38:58.0122 2412 iScsiPrt - ok
20:38:58.0138 2412 ISWKL (bf65e6d039ae37c988d5b2b680e7d718) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
20:38:58.0153 2412 ISWKL - ok
20:38:58.0231 2412 IswSvc (99148599fe4d0a5cd7c7eb74ed5a63e4) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
20:38:58.0263 2412 IswSvc - ok
20:38:58.0278 2412 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys
20:38:58.0294 2412 itecir - ok
20:38:58.0309 2412 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:38:58.0325 2412 kbdclass - ok
20:38:58.0325 2412 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:38:58.0341 2412 kbdhid - ok
20:38:58.0356 2412 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:38:58.0372 2412 KeyIso - ok
20:38:58.0387 2412 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:38:58.0403 2412 KSecDD - ok
20:38:58.0419 2412 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:38:58.0434 2412 KSecPkg - ok
20:38:58.0434 2412 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:38:58.0481 2412 ksthunk - ok
20:38:58.0512 2412 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:38:58.0559 2412 KtmRm - ok
20:38:58.0575 2412 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:38:58.0621 2412 LanmanServer - ok
20:38:58.0637 2412 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:38:58.0684 2412 LanmanWorkstation - ok
20:38:58.0684 2412 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:38:58.0731 2412 lltdio - ok
20:38:58.0762 2412 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:38:58.0809 2412 lltdsvc - ok
20:38:58.0809 2412 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:38:58.0855 2412 lmhosts - ok
20:38:58.0871 2412 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:38:58.0887 2412 LSI_FC - ok
20:38:58.0902 2412 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:38:58.0918 2412 LSI_SAS - ok
20:38:58.0918 2412 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:38:58.0933 2412 LSI_SAS2 - ok
20:38:58.0949 2412 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:38:58.0965 2412 LSI_SCSI - ok
20:38:58.0980 2412 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:38:59.0027 2412 luafv - ok
20:38:59.0043 2412 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:38:59.0058 2412 Mcx2Svc - ok
20:38:59.0074 2412 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:38:59.0089 2412 megasas - ok
20:38:59.0105 2412 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:38:59.0136 2412 MegaSR - ok
20:38:59.0136 2412 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:38:59.0183 2412 MMCSS - ok
20:38:59.0183 2412 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:38:59.0230 2412 Modem - ok
20:38:59.0245 2412 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:38:59.0261 2412 monitor - ok
20:38:59.0261 2412 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:38:59.0277 2412 mouclass - ok
20:38:59.0292 2412 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:38:59.0323 2412 mouhid - ok
20:38:59.0339 2412 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:38:59.0355 2412 mountmgr - ok
20:38:59.0370 2412 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:38:59.0386 2412 MozillaMaintenance - ok
20:38:59.0417 2412 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
20:38:59.0448 2412 MpFilter - ok
20:38:59.0464 2412 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:38:59.0495 2412 mpio - ok
20:38:59.0511 2412 MpKsl379bf02e (0ebb390b7aeec45ec061d9870a34fd42) C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2347A454-51D2-4A49-ABFF-733C6003F57A}\MpKsl379bf02e.sys
20:38:59.0526 2412 MpKsl379bf02e - ok
20:38:59.0542 2412 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:38:59.0573 2412 mpsdrv - ok
20:38:59.0651 2412 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:38:59.0713 2412 MpsSvc - ok
20:38:59.0729 2412 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:38:59.0745 2412 MRxDAV - ok
20:38:59.0760 2412 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:38:59.0791 2412 mrxsmb - ok
20:38:59.0823 2412 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:38:59.0838 2412 mrxsmb10 - ok
20:38:59.0854 2412 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:38:59.0869 2412 mrxsmb20 - ok
20:38:59.0885 2412 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:38:59.0885 2412 msahci - ok
20:38:59.0901 2412 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:38:59.0932 2412 msdsm - ok
20:38:59.0947 2412 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:38:59.0963 2412 MSDTC - ok
20:38:59.0979 2412 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:39:00.0010 2412 Msfs - ok
20:39:00.0025 2412 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:39:00.0057 2412 mshidkmdf - ok
20:39:00.0057 2412 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:39:00.0072 2412 msisadrv - ok
20:39:00.0088 2412 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:39:00.0135 2412 MSiSCSI - ok
20:39:00.0135 2412 msiserver - ok
20:39:00.0150 2412 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:39:00.0181 2412 MSKSSRV - ok
20:39:00.0197 2412 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:39:00.0213 2412 MsMpSvc - ok
20:39:00.0213 2412 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:39:00.0259 2412 MSPCLOCK - ok
20:39:00.0259 2412 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:39:00.0306 2412 MSPQM - ok
20:39:00.0337 2412 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:39:00.0353 2412 MsRPC - ok
20:39:00.0369 2412 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:39:00.0384 2412 mssmbios - ok
20:39:00.0384 2412 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:39:00.0431 2412 MSTEE - ok
20:39:00.0431 2412 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:39:00.0447 2412 MTConfig - ok
20:39:00.0462 2412 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:39:00.0478 2412 Mup - ok
20:39:00.0525 2412 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:39:00.0571 2412 napagent - ok
20:39:00.0603 2412 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:39:00.0696 2412 NativeWifiP - ok
20:39:00.0774 2412 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:39:00.0821 2412 NDIS - ok
20:39:00.0821 2412 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:39:00.0868 2412 NdisCap - ok
20:39:00.0868 2412 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:39:00.0915 2412 NdisTapi - ok
20:39:00.0915 2412 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:39:00.0961 2412 Ndisuio - ok
20:39:00.0977 2412 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:39:01.0024 2412 NdisWan - ok
20:39:01.0024 2412 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:39:01.0071 2412 NDProxy - ok
20:39:01.0071 2412 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:39:01.0102 2412 NetBIOS - ok
20:39:01.0133 2412 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:39:01.0180 2412 NetBT - ok
20:39:01.0180 2412 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:39:01.0195 2412 Netlogon - ok
20:39:01.0242 2412 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:39:01.0289 2412 Netman - ok
20:39:01.0320 2412 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:39:01.0367 2412 netprofm - ok
20:39:01.0383 2412 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:39:01.0398 2412 NetTcpPortSharing - ok
20:39:01.0414 2412 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:39:01.0429 2412 nfrd960 - ok
20:39:01.0445 2412 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:39:01.0461 2412 NisDrv - ok
20:39:01.0492 2412 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
20:39:01.0507 2412 NisSrv - ok
20:39:01.0539 2412 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:39:01.0585 2412 NlaSvc - ok
20:39:01.0585 2412 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:39:01.0632 2412 Npfs - ok
20:39:01.0632 2412 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:39:01.0663 2412 nsi - ok
20:39:01.0679 2412 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:39:01.0710 2412 nsiproxy - ok
20:39:01.0866 2412 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:39:01.0913 2412 Ntfs - ok
20:39:01.0975 2412 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:39:02.0038 2412 Null - ok
20:39:02.0069 2412 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
20:39:02.0100 2412 NVENETFD - ok
20:39:02.0100 2412 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
20:39:02.0116 2412 NVHDA - ok
20:39:03.0177 2412 nvlddmkm (782db4086fc3b58df54598ea19cf5be2) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:39:03.0411 2412 nvlddmkm - ok
20:39:03.0504 2412 NVNET (0aa2a6aae14bdf0bea29056ee759b200) C:\Windows\system32\DRIVERS\nvmf6264.sys
20:39:03.0520 2412 NVNET - ok
20:39:03.0551 2412 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:39:03.0567 2412 nvraid - ok
20:39:03.0567 2412 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
20:39:03.0582 2412 nvsmu - ok
20:39:03.0598 2412 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:39:03.0613 2412 nvstor - ok
20:39:03.0645 2412 nvstor64 (5b3f39342934b79841fa888d6957aa14) C:\Windows\system32\DRIVERS\nvstor64.sys
20:39:03.0660 2412 nvstor64 - ok
20:39:03.0691 2412 nvsvc (ec22ae4f072a03e0f9d9e8f9def33b68) C:\Windows\system32\nvvsvc.exe
20:39:03.0707 2412 nvsvc - ok
20:39:03.0723 2412 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:39:03.0738 2412 nv_agp - ok
20:39:03.0754 2412 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:39:03.0785 2412 ohci1394 - ok
20:39:03.0816 2412 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:39:03.0847 2412 p2pimsvc - ok
20:39:03.0879 2412 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:39:03.0910 2412 p2psvc - ok
20:39:03.0925 2412 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:39:03.0941 2412 Parport - ok
20:39:03.0957 2412 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:39:03.0972 2412 partmgr - ok
20:39:03.0988 2412 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:39:04.0003 2412 PcaSvc - ok
20:39:04.0035 2412 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:39:04.0050 2412 pci - ok
20:39:04.0050 2412 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:39:04.0066 2412 pciide - ok
20:39:04.0097 2412 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:39:04.0113 2412 pcmcia - ok
20:39:04.0128 2412 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:39:04.0128 2412 pcw - ok
20:39:04.0206 2412 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:39:04.0253 2412 PEAUTH - ok
20:39:04.0315 2412 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:39:04.0347 2412 PerfHost - ok
20:39:04.0471 2412 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:39:04.0534 2412 pla - ok
20:39:04.0581 2412 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:39:04.0612 2412 PlugPlay - ok
20:39:04.0627 2412 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:39:04.0659 2412 PNRPAutoReg - ok
20:39:04.0690 2412 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:39:04.0737 2412 PNRPsvc - ok
20:39:04.0783 2412 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:39:04.0830 2412 PolicyAgent - ok
20:39:04.0861 2412 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:39:04.0908 2412 Power - ok
20:39:04.0939 2412 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:39:04.0986 2412 PptpMiniport - ok
20:39:05.0002 2412 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:39:05.0017 2412 Processor - ok
20:39:05.0049 2412 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
20:39:05.0095 2412 ProfSvc - ok
20:39:05.0111 2412 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:39:05.0127 2412 ProtectedStorage - ok
20:39:05.0142 2412 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:39:05.0189 2412 Psched - ok
20:39:05.0205 2412 PsShutdownSvc (6391a2cb8d1eb7e70fc4ae45b4cebed7) C:\Windows\PSSDNSVC.EXE
20:39:05.0205 2412 PsShutdownSvc - ok
20:39:05.0361 2412 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:39:05.0392 2412 ql2300 - ok
20:39:05.0470 2412 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:39:05.0485 2412 ql40xx - ok
20:39:05.0517 2412 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:39:05.0563 2412 QWAVE - ok
20:39:05.0579 2412 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:39:05.0610 2412 QWAVEdrv - ok
20:39:05.0610 2412 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:39:05.0657 2412 RasAcd - ok
20:39:05.0657 2412 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:39:05.0704 2412 RasAgileVpn - ok
20:39:05.0719 2412 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:39:05.0782 2412 RasAuto - ok
20:39:05.0797 2412 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:39:05.0844 2412 Rasl2tp - ok
20:39:05.0891 2412 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:39:05.0938 2412 RasMan - ok
20:39:05.0953 2412 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:39:06.0000 2412 RasPppoe - ok
20:39:06.0016 2412 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:39:06.0063 2412 RasSstp - ok
20:39:06.0094 2412 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:39:06.0141 2412 rdbss - ok
20:39:06.0141 2412 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:39:06.0172 2412 rdpbus - ok
20:39:06.0187 2412 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:39:06.0234 2412 RDPCDD - ok
20:39:06.0250 2412 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:39:06.0297 2412 RDPENCDD - ok
20:39:06.0297 2412 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:39:06.0343 2412 RDPREFMP - ok
20:39:06.0375 2412 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
20:39:06.0406 2412 RDPWD - ok
20:39:06.0421 2412 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:39:06.0453 2412 rdyboost - ok
20:39:06.0468 2412 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:39:06.0515 2412 RemoteAccess - ok
20:39:06.0531 2412 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:39:06.0577 2412 RemoteRegistry - ok
20:39:06.0593 2412 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
20:39:06.0609 2412 rimmptsk - ok
20:39:06.0624 2412 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
20:39:06.0655 2412 rimsptsk - ok
20:39:06.0671 2412 RimUsb - ok
20:39:06.0671 2412 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
20:39:06.0702 2412 RimVSerPort - ok
20:39:06.0718 2412 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
20:39:06.0733 2412 rismxdp - ok
20:39:06.0733 2412 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
20:39:06.0780 2412 ROOTMODEM - ok
20:39:06.0780 2412 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:39:06.0827 2412 RpcEptMapper - ok
20:39:06.0843 2412 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:39:06.0858 2412 RpcLocator - ok
20:39:06.0905 2412 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:39:06.0952 2412 RpcSs - ok
20:39:06.0967 2412 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:39:07.0014 2412 rspndr - ok
20:39:07.0014 2412 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:39:07.0061 2412 SamSs - ok
20:39:07.0077 2412 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
20:39:07.0092 2412 SASDIFSV - ok
20:39:07.0108 2412 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
20:39:07.0123 2412 SASKUTIL - ok
20:39:07.0139 2412 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:39:07.0155 2412 sbp2port - ok
20:39:07.0264 2412 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:39:07.0295 2412 SBSDWSCService - ok
20:39:07.0326 2412 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:39:07.0404 2412 SCardSvr - ok
20:39:07.0420 2412 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:39:07.0451 2412 scfilter - ok
20:39:07.0560 2412 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:39:07.0607 2412 Schedule - ok
20:39:07.0623 2412 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:39:07.0654 2412 SCPolicySvc - ok
20:39:07.0669 2412 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:39:07.0701 2412 sdbus - ok
20:39:07.0716 2412 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:39:07.0747 2412 SDRSVC - ok
20:39:07.0747 2412 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:39:07.0794 2412 secdrv - ok
20:39:07.0794 2412 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:39:07.0919 2412 seclogon - ok
20:39:07.0935 2412 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:39:07.0966 2412 SENS - ok
20:39:07.0981 2412 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:39:08.0013 2412 SensrSvc - ok
20:39:08.0013 2412 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:39:08.0028 2412 Serenum - ok
20:39:08.0044 2412 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:39:08.0059 2412 Serial - ok
20:39:08.0075 2412 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:39:08.0106 2412 sermouse - ok
20:39:08.0122 2412 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:39:08.0169 2412 SessionEnv - ok
20:39:08.0169 2412 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
20:39:08.0200 2412 sffdisk - ok
20:39:08.0200 2412 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:39:08.0231 2412 sffp_mmc - ok
20:39:08.0231 2412 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
20:39:08.0262 2412 sffp_sd - ok
20:39:08.0278 2412 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:39:08.0293 2412 sfloppy - ok
20:39:08.0325 2412 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:39:08.0371 2412 SharedAccess - ok
20:39:08.0418 2412 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:39:08.0449 2412 ShellHWDetection - ok
20:39:08.0465 2412 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:39:08.0481 2412 SiSRaid2 - ok
20:39:08.0481 2412 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:39:08.0496 2412 SiSRaid4 - ok
20:39:08.0512 2412 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:39:08.0559 2412 Smb - ok
20:39:08.0605 2412 snapman (b2c19ae46c5a109679b4fb38058df05a) C:\Windows\system32\DRIVERS\snapman.sys
20:39:08.0621 2412 snapman - ok
20:39:08.0637 2412 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:39:08.0652 2412 SNMPTRAP - ok
20:39:08.0652 2412 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:39:08.0668 2412 spldr - ok
20:39:08.0730 2412 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:39:08.0808 2412 Spooler - ok
20:39:09.0151 2412 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:39:09.0229 2412 sppsvc - ok
20:39:09.0307 2412 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:39:09.0354 2412 sppuinotify - ok
20:39:09.0401 2412 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:39:09.0432 2412 srv - ok
20:39:09.0479 2412 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:39:09.0495 2412 srv2 - ok
20:39:09.0510 2412 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:39:09.0526 2412 srvnet - ok
20:39:09.0557 2412 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:39:09.0604 2412 SSDPSRV - ok
20:39:09.0604 2412 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:39:09.0651 2412 SstpSvc - ok
20:39:09.0651 2412 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:39:09.0666 2412 stexstor - ok
20:39:09.0729 2412 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:39:09.0760 2412 stisvc - ok
20:39:09.0775 2412 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:39:09.0791 2412 swenum - ok
20:39:09.0838 2412 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:39:09.0885 2412 swprv - ok
20:39:09.0916 2412 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys
20:39:09.0931 2412 SynTP - ok
20:39:10.0087 2412 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:39:10.0134 2412 SysMain - ok
20:39:10.0212 2412 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:39:10.0228 2412 TabletInputService - ok
20:39:10.0259 2412 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:39:10.0306 2412 TapiSrv - ok
20:39:10.0321 2412 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:39:10.0353 2412 TBS - ok
20:39:10.0524 2412 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:39:10.0602 2412 Tcpip - ok
20:39:10.0836 2412 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:39:10.0883 2412 TCPIP6 - ok
20:39:10.0945 2412 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:39:10.0992 2412 tcpipreg - ok
20:39:11.0008 2412 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:39:11.0023 2412 TDPIPE - ok
20:39:11.0133 2412 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
20:39:11.0179 2412 tdrpman273 - ok
20:39:11.0195 2412 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:39:11.0211 2412 TDTCP - ok
20:39:11.0226 2412 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:39:11.0273 2412 tdx - ok
20:39:11.0491 2412 TeamViewer6 (8a9828975a857e477efef5a61ba45ac0) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
20:39:11.0569 2412 TeamViewer6 - ok
20:39:11.0632 2412 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:39:11.0663 2412 TermDD - ok
20:39:11.0725 2412 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:39:11.0788 2412 TermService - ok
20:39:11.0788 2412 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:39:11.0819 2412 Themes - ok
20:39:11.0819 2412 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:39:11.0866 2412 THREADORDER - ok
20:39:11.0944 2412 timounter (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
20:39:11.0975 2412 timounter - ok
20:39:11.0991 2412 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:39:12.0037 2412 TrkWks - ok
20:39:12.0053 2412 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:39:12.0100 2412 TrustedInstaller - ok
20:39:12.0115 2412 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:39:12.0147 2412 tssecsrv - ok
20:39:12.0162 2412 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:39:12.0178 2412 TsUsbFlt - ok
20:39:12.0193 2412 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:39:12.0225 2412 tunnel - ok
20:39:12.0240 2412 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:39:12.0256 2412 uagp35 - ok
20:39:12.0287 2412 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:39:12.0334 2412 udfs - ok
20:39:12.0349 2412 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:39:12.0365 2412 UI0Detect - ok
20:39:12.0381 2412 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:39:12.0396 2412 uliagpkx - ok
20:39:12.0396 2412 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:39:12.0412 2412 umbus - ok
20:39:12.0427 2412 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:39:12.0443 2412 UmPass - ok
20:39:12.0474 2412 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:39:12.0521 2412 upnphost - ok
20:39:12.0537 2412 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:39:12.0552 2412 usbaudio - ok
20:39:12.0568 2412 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
20:39:12.0583 2412 usbccgp - ok
20:39:12.0599 2412 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:39:12.0630 2412 usbcir - ok
20:39:12.0630 2412 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
20:39:12.0646 2412 usbehci - ok
20:39:12.0693 2412 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
20:39:12.0708 2412 usbhub - ok
20:39:12.0724 2412 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
20:39:12.0739 2412 usbohci - ok
20:39:12.0739 2412 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:39:12.0771 2412 usbprint - ok
20:39:12.0771 2412 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:39:12.0786 2412 usbscan - ok
20:39:12.0802 2412 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:39:12.0817 2412 USBSTOR - ok
20:39:12.0833 2412 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
20:39:12.0849 2412 usbuhci - ok
20:39:12.0880 2412 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:39:12.0895 2412 usbvideo - ok
20:39:12.0911 2412 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:39:12.0942 2412 UxSms - ok
20:39:12.0958 2412 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:39:12.0973 2412 VaultSvc - ok
20:39:12.0973 2412 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:39:12.0989 2412 vdrvroot - ok
20:39:13.0051 2412 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:39:13.0083 2412 vds - ok
20:39:13.0098 2412 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:39:13.0114 2412 vga - ok
20:39:13.0129 2412 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:39:13.0161 2412 VgaSave - ok
20:39:13.0192 2412 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:39:13.0207 2412 vhdmp - ok
20:39:13.0207 2412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:39:13.0223 2412 viaide - ok
20:39:13.0239 2412 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:39:13.0254 2412 volmgr - ok
20:39:13.0285 2412 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:39:13.0301 2412 volmgrx - ok
20:39:13.0332 2412 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:39:13.0363 2412 volsnap - ok
20:39:13.0410 2412 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
20:39:13.0426 2412 Vsdatant - ok
20:39:13.0441 2412 vsmon - ok
20:39:13.0473 2412 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:39:13.0488 2412 vsmraid - ok
20:39:13.0629 2412 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:39:13.0707 2412 VSS - ok
20:39:13.0769 2412 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:39:13.0800 2412 vwifibus - ok
20:39:13.0816 2412 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:39:13.0831 2412 vwififlt - ok
20:39:13.0847 2412 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:39:13.0863 2412 vwifimp - ok
20:39:13.0894 2412 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:39:13.0941 2412 W32Time - ok
20:39:13.0956 2412 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:39:13.0972 2412 WacomPen - ok
20:39:13.0987 2412 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:14.0019 2412 WANARP - ok
20:39:14.0019 2412 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:39:14.0065 2412 Wanarpv6 - ok
20:39:14.0175 2412 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:39:14.0237 2412 WatAdminSvc - ok
20:39:14.0377 2412 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:39:14.0424 2412 wbengine - ok
20:39:14.0502 2412 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:39:14.0549 2412 WbioSrvc - ok
20:39:14.0580 2412 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:39:14.0611 2412 wcncsvc - ok
20:39:14.0611 2412 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:39:14.0643 2412 WcsPlugInService - ok
20:39:14.0658 2412 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:39:14.0674 2412 Wd - ok
20:39:14.0736 2412 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:39:14.0767 2412 Wdf01000 - ok
20:39:14.0783 2412 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:39:14.0830 2412 WdiServiceHost - ok
20:39:14.0830 2412 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:39:14.0845 2412 WdiSystemHost - ok
20:39:14.0877 2412 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:39:14.0908 2412 WebClient - ok
20:39:14.0939 2412 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:39:14.0970 2412 Wecsvc - ok
20:39:14.0986 2412 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:39:15.0033 2412 wercplsupport - ok
20:39:15.0048 2412 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:39:15.0079 2412 WerSvc - ok
20:39:15.0095 2412 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:39:15.0126 2412 WfpLwf - ok
20:39:15.0142 2412 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:39:15.0157 2412 WIMMount - ok
20:39:15.0157 2412 WinDefend - ok
20:39:15.0173 2412 WinHttpAutoProxySvc - ok
20:39:15.0204 2412 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:39:15.0235 2412 Winmgmt - ok
20:39:15.0423 2412 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:39:15.0501 2412 WinRM - ok
20:39:15.0579 2412 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:39:15.0610 2412 WinUsb - ok
20:39:15.0688 2412 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:39:15.0735 2412 Wlansvc - ok
20:39:15.0750 2412 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
20:39:15.0750 2412 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
20:39:15.0750 2412 wltrysvc - detected UnsignedFile.Multi.Generic (1)
20:39:15.0766 2412 WmBEnum (680a7846370000d20d7e74917d5b7936) C:\Windows\system32\drivers\WmBEnum.sys
20:39:15.0781 2412 WmBEnum - ok
20:39:15.0797 2412 WmFilter (14c35ba8189c6f65d839163aa285e954) C:\Windows\system32\drivers\WmFilter.sys
20:39:15.0813 2412 WmFilter - ok
20:39:15.0813 2412 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:39:15.0844 2412 WmiAcpi - ok
20:39:15.0875 2412 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:39:15.0891 2412 wmiApSrv - ok
20:39:15.0906 2412 WMPNetworkSvc - ok
20:39:15.0906 2412 WmVirHid (8488dd91a3ee54a8e29f02ad7bb8201e) C:\Windows\system32\drivers\WmVirHid.sys
20:39:15.0922 2412 WmVirHid - ok
20:39:15.0937 2412 WmXlCore (14802b3a30aa849c97cb968ccc813bf3) C:\Windows\system32\drivers\WmXlCore.sys
20:39:15.0953 2412 WmXlCore - ok
20:39:15.0969 2412 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:39:15.0984 2412 WPCSvc - ok
20:39:16.0000 2412 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:39:16.0031 2412 WPDBusEnum - ok
20:39:16.0047 2412 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:39:16.0078 2412 ws2ifsl - ok
20:39:16.0093 2412 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
20:39:16.0109 2412 wscsvc - ok
20:39:16.0125 2412 WSearch - ok
20:39:16.0343 2412 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
20:39:16.0437 2412 wuauserv - ok
20:39:16.0515 2412 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:39:16.0561 2412 WudfPf - ok
20:39:16.0577 2412 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:39:16.0624 2412 WUDFRd - ok
20:39:16.0639 2412 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:39:16.0671 2412 wudfsvc - ok
20:39:16.0702 2412 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:39:16.0717 2412 WwanSvc - ok
20:39:16.0749 2412 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:39:17.0076 2412 \Device\Harddisk0\DR0 - ok
20:39:17.0107 2412 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
20:39:17.0404 2412 \Device\Harddisk2\DR2 - ok
20:39:17.0419 2412 Boot (0x1200) (8ec53f3ee5ff8916b763b6919cc8aa48) \Device\Harddisk0\DR0\Partition0
20:39:17.0419 2412 \Device\Harddisk0\DR0\Partition0 - ok
20:39:17.0419 2412 Boot (0x1200) (239af974f2a584e6754c0052599944c5) \Device\Harddisk2\DR2\Partition0
20:39:17.0419 2412 \Device\Harddisk2\DR2\Partition0 - ok
20:39:17.0419 2412 ============================================================
20:39:17.0419 2412 Scan finished
20:39:17.0419 2412 ============================================================
20:39:17.0435 5788 Detected object count: 1
20:39:17.0435 5788 Actual detected object count: 1
20:39:54.0891 5788 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:39:54.0891 5788 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:40:06.0544 5892 Deinitialize success


----------



## nettech_gt (May 18, 2012)

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-21 20:43:42
-----------------------------
20:43:42.965 OS Version: Windows x64 6.1.7601 Service Pack 1
20:43:42.965 Number of processors: 2 586 0x170A
20:43:42.965 ComputerName: KEVIN-LAPTOP UserName: nettech_gt
20:43:43.339 Initialize success
20:55:29.303 AVAST engine defs: 12052101
20:56:24.386 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000074
20:56:24.386 Disk 0 Vendor: OCZ-VERT 1.23 Size: 57241MB BusType: 11
20:56:24.402 Disk 0 MBR read successfully
20:56:24.402 Disk 0 MBR scan
20:56:24.402 Disk 0 Windows 7 default MBR code
20:56:24.402 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57239 MB offset 2048
20:56:24.464 Disk 0 scanning C:\Windows\system32\drivers
20:56:31.438 Service scanning
20:56:49.424 Modules scanning
20:56:49.424 Disk 0 trace - called modules:
20:56:49.440 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
20:56:49.440 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80041f0750]
20:56:49.440 3 CLASSPNP.SYS[fffff880011cf43f] -> nt!IofCallDriver -> [0xfffffa8003e82e40]
20:56:49.955 5 ACPI.sys[fffff88000fa47a1] -> nt!IofCallDriver -> \Device\00000074[0xfffffa8003f4a130]
20:56:50.282 AVAST engine scan C:\
21:52:12.848 Scan finished successfully
21:52:26.763 Disk 0 MBR has been saved successfully to "C:\Users\nettech_gt\Desktop\MBR.dat"
21:52:26.825 The log file has been saved successfully to "C:\Users\nettech_gt\Desktop\aswMBR.txt"


----------



## nettech_gt (May 18, 2012)

ComboFix 12-05-21.06 - nettech_gt 05/21/2012 22:01:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1722 [GMT -7:00]
Running from: c:\users\nettech_gt\Downloads\ComboFix.exe
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\system32\drivers\etc\lmhosts . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 05:12 . 2012-05-22 05:12 -------- d-----w- c:\users\Games\AppData\Local\temp
2012-05-22 05:12 . 2012-05-22 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-22 03:43 . 2012-05-22 03:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CE8BFFA-9F0D-4A0A-AAA5-8A683F795016}\offreg.dll
2012-05-22 03:39 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1CE8BFFA-9F0D-4A0A-AAA5-8A683F795016}\mpengine.dll
2012-05-20 23:44 . 2012-05-20 23:44 -------- d-----w- c:\users\nettech_gt\AppData\Roaming\SUPERAntiSpyware.com
2012-05-20 23:43 . 2012-05-21 01:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-05-20 23:43 . 2012-05-20 23:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-05-20 23:28 . 2012-05-20 23:28 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-20 23:27 . 2012-05-20 23:27 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-20 09:30 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-18 01:13 . 2012-05-18 01:13 388096 ----a-r- c:\users\nettech_gt\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2012-05-18 01:13 . 2012-05-18 01:13 -------- d-----w- c:\program files (x86)\TrendMicro
2012-05-17 05:23 . 2012-05-17 05:23 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{07AED541-733A-4077-A0AD-9BB1BFDDC55C}\gapaengine.dll
2012-05-17 05:15 . 2012-05-17 05:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-05-17 05:15 . 2012-05-17 05:15 -------- d-----w- c:\program files\Microsoft Security Client
2012-05-15 23:23 . 2012-05-15 23:23 -------- d-----w- c:\users\nettech_gt\AppData\Roaming\Malwarebytes
2012-05-15 23:23 . 2012-05-15 23:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-15 23:23 . 2012-05-15 23:23 -------- d-----w- c:\programdata\Malwarebytes
2012-05-15 23:23 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-11 00:39 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 00:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 00:39 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 00:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 00:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 00:39 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 00:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-11 00:38 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 00:38 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 00:38 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 15:00 . 2012-05-06 15:00 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-06 15:00 . 2012-05-06 15:00 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-06 15:00 . 2012-05-06 15:00 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 14:30 . 2011-04-11 05:46 87616 ----a-w- c:\windows\PSSDNSVC.EXE
2012-05-20 23:27 . 2011-02-06 21:45 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-06 14:59 . 2012-04-02 15:37 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 14:59 . 2011-05-20 23:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-14 14:20 . 2012-04-14 14:20 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-21 03:44 . 2012-03-21 03:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44 . 2012-03-21 03:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-03-01 06:46 . 2012-04-11 10:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-11 10:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-11 10:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-11 10:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-11 10:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-11 10:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-11 10:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 10:01 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 10:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 10:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 10:01 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 10:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 10:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MurGeeMon"="c:\program files (x86)\MurGeeMon\MurGeeMon.exe" [2011-07-16 416768]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 4787072]
"WOSB"="c:\program files (x86)\WakeupOnStandBy\wosb.exe" [2011-04-26 1272320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-01-29 5111464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-06 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 PsShutdownSvc;PsShutdown;c:\windows\PSSDNSVC.EXE [2012-05-21 87616]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-15 3246040]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-02-28 9603432]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-03 33672]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-11-03 827520]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.30904.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 14:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 15:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-04 16328736]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-10-20 394768]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download to MurGeeMon - c:\program files (x86)\MurGeeMon\ProcessClick.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2012-05-21 23:23:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 06:22
.
Pre-Run: 27,147,239,424 bytes free
Post-Run: 27,207,667,712 bytes free
.
- - End Of File - - D1FE51C48BEDFA83A4A850E8139F5339


----------



## eddie5659 (Mar 19, 2001)

Download *OTL* to your Desktop


Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Select *All Users*

Please copy the text in the code box below and paste it in the *Custom Scans/Fixes* box in OTL:


```
netsvcs
activex
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%windir%\system32\tasks\*.*
%systemroot%\Fonts\*.exe
%systemroot%\*. /mp /s
/md5start
consrv.dll
explorer.exe
winlogon.exe
regedit.exe
Userinit.exe
svchost.exe
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT
```

Click the *Quick Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.

Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time and post them in your topic


eddie


----------



## nettech_gt (May 18, 2012)

OTL logfile created on: 5/23/2012 4:23:51 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\nettech_gt\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 53.75% Memory free
7.50 Gb Paging File | 5.23 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 25.41 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
Drive F: | 148.90 Gb Total Space | 35.34 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
Drive S: | 298.01 Gb Total Space | 191.19 Gb Free Space | 64.16% Space Free | Partition Type: FAT32

Computer Name: KEVIN-LAPTOP | User Name: nettech_gt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/23 16:13:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\nettech_gt\Downloads\OTL.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/09 21:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 21:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/15 22:32:32 | 000,416,768 | ---- | M] (MurGee.com) -- C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
PRC - [2011/06/01 05:44:54 | 008,003,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/05/15 08:40:01 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011/04/25 19:32:35 | 001,272,320 | ---- | M] (www.dennisbabkin.com) -- C:\Program Files (x86)\WakeupOnStandBy\wosb.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/28 17:57:58 | 005,111,464 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/10/20 10:07:50 | 000,394,768 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/27 22:02:54 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\MurGeeMon\WindowMoverHook.dll
MOD - [2011/01/28 18:23:44 | 000,279,904 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll
MOD - [2011/01/28 17:04:34 | 000,028,512 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
MOD - [2011/01/28 17:03:34 | 000,019,808 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2011/11/03 07:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:*64bit:* - [2011/08/11 16:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:*64bit:* - [2011/02/28 02:41:13 | 009,603,432 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:*64bit:* - [2009/07/17 10:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:*64bit:* - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/23 07:30:00 | 000,087,616 | ---- | M] (Systems Internals) [On_Demand | Stopped] -- C:\Windows\PSSDNSVC.EXE -- (PsShutdownSvc)
SRV - [2012/05/06 08:00:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/14 07:23:22 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/09 21:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/10/12 07:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/02 07:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/05/15 08:40:01 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/10/20 10:08:17 | 001,118,328 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/11/03 07:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:*64bit:* - [2011/10/07 07:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2011/09/13 07:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/08/08 07:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:*64bit:* - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:*64bit:* - [2011/07/11 02:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2011/07/11 02:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/07/11 02:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/07/11 02:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/05/15 08:40:01 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:*64bit:* - [2011/05/15 08:40:00 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:*64bit:* - [2011/05/15 08:39:59 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:*64bit:* - [2011/05/15 08:39:57 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:*64bit:* - [2011/05/07 18:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:*64bit:* - [2011/04/07 17:33:12 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.30904.0.sys -- (DisplayLinkUsbPort)
DRV:*64bit:* - [2011/02/28 02:41:36 | 000,206,960 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:*64bit:* - [2011/02/28 02:41:36 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:*64bit:* - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2010/11/20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/05/31 10:29:58 | 000,077,312 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:*64bit:* - [2010/04/27 16:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:*64bit:* - [2010/04/27 16:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:*64bit:* - [2010/04/27 14:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:*64bit:* - [2010/04/27 14:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:*64bit:* - [2009/08/24 12:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2009/08/21 14:24:00 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:*64bit:* - [2009/07/17 10:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:*64bit:* - [2009/07/17 10:06:18 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:*64bit:* - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/13 17:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:*64bit:* - [2009/07/01 13:20:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:*64bit:* - [2009/06/25 18:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:*64bit:* - [2009/06/25 17:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:*64bit:* - [2009/06/25 17:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:*64bit:* - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:*64bit:* - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/03/09 17:58:00 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:*64bit:* - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 3E B2 B3 63 23 CD 01 [binary data]
IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: [email protected]:1.98.20110322
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nettech_gt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/10 10:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2011/11/13 09:11:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/10 22:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/06 08:00:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/20 16:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/03/06 22:47:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/12/22 18:36:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{02842F5A-7CDB-11E1-826D-B8AC6F996F26}: C:\Users\nettech_gt\AppData\Local\{02842F5A-7CDB-11E1-826D-B8AC6F996F26}\

[2011/02/07 17:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Extensions
[2011/02/06 15:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/05/01 21:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions
[2012/04/25 21:03:00 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/11/01 21:14:45 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\[email protected]
[2010/06/08 23:00:34 | 000,000,921 | ---- | M] () -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\searchplugins\conduit.xml
[2012/05/20 16:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/20 16:27:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2011/11/06 11:06:08 | 000,512,595 | ---- | M] () (No name found) -- C:\USERS\NETTECH_GT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMWQ9ZEK.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
[2012/02/24 21:46:43 | 000,081,156 | ---- | M] () (No name found) -- C:\USERS\NETTECH_GT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMWQ9ZEK.DEFAULT\EXTENSIONS\{6D96BB5E-1175-4EBF-8AB5-5F56F1C79F65}.XPI
[2012/01/09 18:36:35 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NETTECH_GT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GMWQ9ZEK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/05/06 08:00:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/21 16:10:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/21 16:10:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/02/22 18:59:00 | 000,432,363 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14886 more lines...
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:*64bit:* - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:*64bit:* - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:*64bit:* - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:*64bit:* - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:*64bit:* - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:*64bit:* - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000..\Run: [MurGeeMon] C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe (MurGee.com)
O4 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000..\Run: [WOSB2] C:\Program Files (x86)\WakeupOnStandBy\wosb.exe (www.dennisbabkin.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:*64bit:* - Extra context menu item: Download to MurGeeMon - C:\Program Files (x86)\MurGeeMon\ProcessClick.htm ()
O8 - Extra context menu item: Download to MurGeeMon - C:\Program Files (x86)\MurGeeMon\ProcessClick.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4BFFFFA-9E6C-4438-8CF7-56AC10FC0E46}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:*64bit:* {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:*64bit:* {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:*64bit:* {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:*64bit:* {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:*64bit:* {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:*64bit:* {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:*64bit:* {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:*64bit:* {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:*64bit:* {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:*64bit:* {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:*64bit:* {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:*64bit:* {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:*64bit:* {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:*64bit:* {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:*64bit:* {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:*64bit:* {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:*64bit:* {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:*64bit:* {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:*64bit:* {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:*64bit:* {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:*64bit:* >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:*64bit:* >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:*64bit:* >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/22 18:08:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/21 22:00:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/21 22:00:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/21 22:00:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/21 22:00:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/21 22:00:12 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/21 22:00:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/20 16:44:21 | 000,000,000 | ---D | C] -- C:\Users\nettech_gt\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/20 16:43:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/20 16:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/20 16:43:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/20 16:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/17 18:13:45 | 000,000,000 | ---D | C] -- C:\Users\nettech_gt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/17 18:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2012/05/16 22:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/16 22:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/15 16:23:28 | 000,000,000 | ---D | C] -- C:\Users\nettech_gt\AppData\Roaming\Malwarebytes
[2012/05/15 16:23:24 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/15 16:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/15 16:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/15 16:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/06 08:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/06 08:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

========== Files - Modified Within 30 Days ==========

[2012/05/23 16:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/23 15:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/23 07:30:00 | 000,087,616 | ---- | M] (Systems Internals) -- C:\Windows\PSSDNSVC.EXE
[2012/05/23 03:56:34 | 000,349,294 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/23 03:08:19 | 098,901,587 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/23 02:15:54 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/23 02:15:54 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/23 02:15:54 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/22 21:13:27 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/22 21:13:27 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/21 21:52:26 | 000,000,512 | ---- | M] () -- C:\Users\nettech_gt\Desktop\MBR.dat
[2012/05/20 16:43:46 | 000,001,814 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/17 18:13:45 | 000,002,997 | ---- | M] () -- C:\Users\nettech_gt\Desktop\HiJackThis.lnk
[2012/05/16 22:15:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/16 22:15:38 | 000,743,066 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/16 17:45:39 | 000,001,362 | ---- | M] () -- C:\Users\nettech_gt\Desktop\AVG2012 Online Shield findings.csv
[2012/05/11 03:08:13 | 000,300,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/05/21 22:00:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/21 22:00:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/21 22:00:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/21 22:00:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/21 22:00:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/21 21:52:26 | 000,000,512 | ---- | C] () -- C:\Users\nettech_gt\Desktop\MBR.dat
[2012/05/20 16:43:46 | 000,001,814 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/17 18:13:45 | 000,002,997 | ---- | C] () -- C:\Users\nettech_gt\Desktop\HiJackThis.lnk
[2012/05/16 22:15:41 | 000,001,921 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/16 22:15:38 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/16 22:08:48 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/16 17:45:39 | 000,001,362 | ---- | C] () -- C:\Users\nettech_gt\Desktop\AVG2012 Online Shield findings.csv
[2012/03/04 11:56:27 | 000,000,614 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/25 21:28:28 | 000,007,602 | ---- | C] () -- C:\Users\nettech_gt\AppData\Local\Resmon.ResmonCfg
[2011/09/20 15:53:43 | 000,000,060 | ---- | C] () -- C:\Windows\MurGeeMon.INI
[2011/04/24 11:02:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/07 17:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2011/04/07 17:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2011/04/07 17:33:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2011/03/10 22:07:00 | 000,003,584 | ---- | C] () -- C:\Users\nettech_gt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/22 18:06:13 | 000,000,600 | ---- | C] () -- C:\Users\nettech_gt\AppData\Local\PUTTY.RND

========== LOP Check ==========

[2011/11/13 09:24:39 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\AVG2012
[2011/12/03 18:01:53 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\CheckPoint
[2011/05/11 16:50:47 | 000,000,000 | ---D | M] -- C:\Users\Games\AppData\Roaming\Subversion
[2011/05/15 09:07:28 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\Acronis
[2011/11/13 09:24:39 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\AVG2012
[2012/03/08 20:44:04 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\Canon
[2011/11/13 09:11:06 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\CheckPoint
[2011/02/06 14:47:59 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\OpenOffice.org
[2011/02/23 17:57:43 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\Research In Motion
[2011/05/14 09:31:38 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\Subversion
[2011/10/04 21:52:46 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\TeamViewer
[2011/02/06 15:52:31 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\Thunderbird
[2011/08/31 21:33:25 | 000,000,000 | ---D | M] -- C:\Users\nettech_gt\AppData\Roaming\Unity
[2011/06/12 07:18:09 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2011/05/12 05:06:31 | 000,000,000 | ---D | M] -- C:\$AVG
[2012/05/22 18:08:39 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/04/07 18:07:59 | 000,000,000 | ---D | M] -- C:\Boot
[2012/05/21 23:26:25 | 000,000,000 | ---D | M] -- C:\ComboFix
[2011/02/06 10:03:33 | 000,000,000 | ---D | M] -- C:\dell
[2009/07/13 22:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/07/13 20:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/05/20 16:43:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/05/17 18:13:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/05/20 16:44:21 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/05/21 23:26:25 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011/02/06 09:41:19 | 000,000,000 | ---D | M] -- C:\Recovery
[2012/05/23 16:25:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/04/08 18:05:48 | 000,000,000 | R--D | M] -- C:\Users
[2011/02/27 10:57:18 | 000,000,000 | ---D | M] -- C:\Win 7 Drivers
[2012/05/21 22:16:05 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\system32\tasks\*.* >

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009/07/13 18:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009/07/13 18:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/13 18:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/13 18:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/13 18:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: KEVIN-LAPTOP
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media 
Volume 1 C System NTFS Partition 55 GB Healthy System 
Volume 2 E Removable 0 B No Media 
Volume 3 F Backup NTFS Partition 148 GB Healthy

< End of report >


----------



## nettech_gt (May 18, 2012)

OTL Extras logfile created on: 5/23/2012 4:23:51 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\nettech_gt\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 53.75% Memory free
7.50 Gb Paging File | 5.23 Gb Available in Paging File | 69.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.90 Gb Total Space | 25.41 Gb Free Space | 45.46% Space Free | Partition Type: NTFS
Drive F: | 148.90 Gb Total Space | 35.34 Gb Free Space | 23.73% Space Free | Partition Type: NTFS
Drive S: | 298.01 Gb Total Space | 191.19 Gb Free Space | 64.16% Space Free | Partition Type: FAT32

Computer Name: KEVIN-LAPTOP | User Name: nettech_gt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1267384669-3832851734-2083165496-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0466CD-E9BB-4589-8BA7-AD5A4703FA36}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1497CC4D-63CC-4BEE-9DBE-5647D65660C3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{17A89757-C90B-459A-91C1-6C6812DF10FA}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1FB93D74-9237-4370-ACFC-01C3ABDC2806}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{23DABB0B-7D30-4081-AF3A-D92C5DD9C02B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{25AD31A8-0686-489F-9095-21552AC0810B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{276CDCF1-ECFA-4C9A-815D-A4A3C0C5FC19}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2A11E4F0-6C30-4786-8B5A-D4AAC4FFB948}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{33A5B4A2-0F9A-4C59-9497-C0E16FBBC22C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B3D9DF8-6B72-4C5F-A5A7-7D6BB08A9476}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D041535-31AD-41CF-847D-53D2B4EAC81F}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{3E9AC36A-8FD4-496C-B16F-C3DE7EB574D1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{54C408EB-7477-4563-8BF6-EF6FD542496D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{59AA1098-544E-41E2-B921-51F231BEC9CE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5EB45D21-BF8C-4F77-99F7-7EC1D17F39DF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{61F547FB-A5D0-42FF-B8F3-B36EC7409A8D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{64CE5F05-0EC3-4D5A-A6D5-02E0A40F11D6}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe | 
"{8216DDAC-F40B-47D4-879B-2CD8EC499DD8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8C4AE898-E75F-4DCD-B99C-B52214A85D19}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{96BB474A-6727-4DFD-80F7-08FC5E0F8F8C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F313FDA-3846-43C3-ABFF-3E3F2BC8E646}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B2A29AAB-95B4-4CEB-8AC7-8D85C94A9D86}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B5508274-385B-4CA2-B34E-ADC5FAF7652A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{CB8B257D-B57F-4E3C-B643-506A86AA1051}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{D71B4508-8850-45C3-BCC1-881AE6BC49DA}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe | 
"{DB2F7873-A5A0-4472-A90A-8A7D969520BC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E45C9C4C-24EE-4117-9069-1F9CA1EACF99}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079DD23E-DA43-475A-BF53-1C7930D52D82}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{11D0EBEB-B8C0-4201-BB9C-28A4F46E557E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{125945CB-35C8-4D58-9465-27B0F315A0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{1F73234C-10AE-439E-B34F-6F76D280EF18}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2212D7E7-36ED-48AE-AD0B-235E9AEBB7EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2341A6F6-51A0-417D-B6D4-A0B5D5911733}" = protocol=58 | dir=out | [email protected],-28546 | 
"{2E0DB657-FF99-49B4-87DF-B8CB2A99868C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34B1A9EE-14CB-4674-90D4-6270290D32B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BC3D947-7210-4C65-86D6-14532BBA5076}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E4DCB08-2698-4F2E-A0FC-9F66FB4CB185}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5188E43D-5E5B-42E3-AAE4-B178375D22ED}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{519F6533-231C-42E5-8B9B-523E1EDD9292}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{5A1D04F4-866B-4DD5-9362-1CFF05E63F6D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{5EAFA945-9F7D-4152-84F9-5517C55A8368}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{680AD629-0E56-4AD4-959B-CFC55AE71DBD}" = protocol=6 | dir=out | app=system | 
"{68E1A34A-7B99-4593-8C91-30142D480A03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{80CC9C84-4A38-4EE0-A6B1-C1533533532D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{85719BF9-92A0-48A6-BD87-7235DA9F38D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{89FEF0C6-C86A-4DD6-9AC2-B4BB4FD12C0D}" = protocol=1 | dir=out | [email protected],-28544 | 
"{9F105233-AE5C-4816-9F86-820DB59FBDB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A38EE63D-8283-4432-98F8-D2ED048D7758}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{B32F7CA9-A932-4B77-8610-FF054BB69321}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{B4DB3B54-1492-42A6-B93C-1E1CB1A26B69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B6461F4D-2270-4F84-9141-C70730E4B673}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe | 
"{B6A95779-6274-4595-8E57-A42436BB32EE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{BE90739D-F163-4CC0-B259-D76E69A11226}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C0F262DC-BD7D-4BF1-9AB4-54CEDDC9C10A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C38E7AB7-4A5C-460A-A448-691EBCACD56A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CB58BE30-2B30-41CD-9769-3BB53AC10C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{CF17AAD4-DAC2-4808-8520-B36A28283B64}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{D231FF91-F573-4481-8EAA-1423E36FFF18}" = protocol=1 | dir=in | [email protected],-28543 | 
"{DCDC6DA2-4779-4F49-8FBA-BDF69A5C0188}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DFFB6BAD-9678-4016-A3EF-EC8ACA182D0A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe | 
"{E4DDF8AF-4445-4998-8D1D-748B11B95ED5}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E62B2820-98ED-4E26-BE4E-1ABD6C424374}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{EDC78D11-7EED-4F81-AD4F-D3735F1BCA58}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{F9468697-F085-45D3-A847-8FB016DB88F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{45EF12B0-F531-4A2C-A1C0-6B1495698E30}" = TortoiseSVN 1.6.15.21042 (64 bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D545574-2A09-49A9-8B29-9A03A88B6494}" = DisplayLink Graphics
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF8C49DA-BCA5-46E1-8763-47F92DF9DA02}" = DisplayLink Core Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"1ECF77EA0B590A72334E5A399ACB5AB27C3D88EE" = Windows Driver Package - ITE Tech.Inc. (itecir) HIDClass (05/01/2009 5.1.0000.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Dell Touchpad
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{2B120B1D-1908-4FB3-8C9D-72128A74E80A}" = ZoneAlarm Security
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.00
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A386CC19-1E79-4D4C-A54B-C8747871E4AD}" = ZoneAlarm Firewall
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E9335AE6-D0D0-45E0-AD17-ED68DB6F07EE}_is1" = MurGeeMon 1.8
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 11.0.1 (x86 en-US)" = Mozilla Thunderbird 11.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"TeamViewer 6" = TeamViewer 6
"TurboTax 2011" = TurboTax 2011
"ZoneAlarm Free" = ZoneAlarm Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1267384669-3832851734-2083165496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/22/2012 8:33:11 PM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/22/2012 9:06:54 PM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 5:14:34 AM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 5:17:57 AM | Computer Name = Kevin-Laptop | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program 
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of 
attribute "language" in element "assemblyIdentity" is invalid.

Error - 5/23/2012 6:14:34 AM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 7:14:35 AM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 8:14:35 AM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 9:14:35 AM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 10:14:45 AM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/23/2012 6:54:43 PM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 5/17/2012 1:29:29 AM | Computer Name = Kevin-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/17/2012 1:29:29 AM | Computer Name = Kevin-Laptop | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 5/17/2012 9:27:44 AM | Computer Name = Kevin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 5/17/2012 9:27:44 AM | Computer Name = Kevin-Laptop | Source = DCOM | ID = 10005
Description =

Error - 5/20/2012 10:01:25 AM | Computer Name = Kevin-Laptop | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or 
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 5/20/2012 7:36:21 PM | Computer Name = Kevin-Laptop | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on cannot be read.

Error - 5/20/2012 8:49:11 PM | Computer Name = Kevin-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:47:17 PM on ?5/?20/?2012 was unexpected.

Error - 5/22/2012 1:02:45 AM | Computer Name = Kevin-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 5/22/2012 1:05:21 AM | Computer Name = Kevin-Laptop | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version 
of the driver.

Error - 5/22/2012 1:13:26 AM | Computer Name = Kevin-Laptop | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, firstly can you uninstall this via AddRemove Programs.

*ZoneAlarm Toolbar*

Then, can you update Java as follows:

*Upgrade Java* : (32 bits)

Download the latest version of *Java SE Runtime Environment (JRE) JRE 7 Update 3 *.
Under the JAVA Platform Standard Edition, click the "*Download JRE*" button to the right.
Accept License Agreement.[/b]".
Click on the link to download Windows Offline Installation 32 bit ( jre-7u3-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the * jre-7u3-windows-i586.exe* and select "Run as an Administrator.")

After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:


Applications and Applets
Trace and Log Files
OK out of all the screens. 

-----------------

Then, can you run the following fix:

Run OTL 

Under the *Custom Scans/Fixes* box at the bottom, paste in the following 

```
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2010/06/08 23:00:34 | 000,000,921 | ---- | M] () -- C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.defau lt\searchplugins\conduit.xml
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1267384669-3832851734-2083165496-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
:Files
ipconfig /flushdns /c
:Commands 
[purity] 
[resethosts] 
[emptytemp] 
[emptyjava]
[EMPTYFLASH] 
[CREATERESTOREPOINT] 
[Reboot]
```

Then click the *Run Fix* button at the top 
Click OK.
OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

eddie


----------



## nettech_gt (May 18, 2012)

"ZoneAlarm Toolbar" is not in the Add/Remove Programs list.




All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1267384669-3832851734-2083165496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.defau lt\searchplugins\conduit.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1267384669-3832851734-2083165496-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File ptyjava] not found.
File PTYFLASH] not found.
File EATERESTOREPOINT] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.43.1 log created on 05242012_210127

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

No worries about ZoneAlarm, we'll carry on 

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:file
C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
:folderfind
*ZoneAlarm*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*

---------------

Also, can you run an online scan here:

Please go *HERE* to run BitDefenders QuickScan
Once you are on the Bitdefender site click the *Free Scan Now* button. 
If it wants to install an ActiveX component allow it.
If it wants to run an AddOn component allow it.
Tick the *Accept* box and then *OK*
It should now start scanning.
When the scan completes, click the *View Report* button, and copy/paste the contents here.

eddie


----------



## nettech_gt (May 18, 2012)

FYI: Murgeemon.exe is a program I installed. I use it to force windows to open on a specific monitor.

SystemLook 30.07.11 by jpshortstuff
Log created at 21:41 on 26/05/2012 by nettech_gt
Administrator - Elevation successful

========== file ==========

C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe - File found and opened.
MD5: 94FC976F162A80D36A2E17CD661510A9
Created at 23:07 on 12/09/2011
Modified at 05:32 on 16/07/2011
Size: 416768 bytes
Attributes: --a----
FileDescription: MurGeeMon
FileVersion: 1.8
ProductVersion: 1.8
OriginalFilename: MurGeeMon.exe
InternalName: MurGeeMon.exe
ProductName: MurGeeMon
CompanyName: MurGee.com
Comments: Contact Us at [email protected]

========== folderfind ==========

Searching for "*ZoneAlarm*"
C:\Program Files (x86)\CheckPoint\ZoneAlarm d------ [16:10 13/11/2011]
C:\ProgramData\CheckPoint\ZoneAlarm d------ [17:16 20/02/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm d------ [16:10 13/11/2011]
C:\Users\All Users\CheckPoint\ZoneAlarm d------ [17:16 20/02/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm d------ [16:10 13/11/2011]
C:\Users\Games\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar d------ [01:01 04/12/2011]
C:\Users\nettech_gt\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar d------ [16:11 13/11/2011]

-= EOF =-


----------



## nettech_gt (May 18, 2012)

QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Sat May 26 21:47:14 2012
Machine ID: 34A84A74



No infection found.
-------------------



Processes
---------
Acronis CDP 2564 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
Acronis Scheduler Helper 4852 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
Acronis True Image 752 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
Adobe Acrobat Update Service 2544 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
AVG Internet Security 2972 C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
AVG Internet Security 4708 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
AVG Internet Security 2624 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
Firefox 984 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 3464 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Intuit Update Service 4316 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
Java(TM) Platform SE Auto Updater 2 0 1588 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MurGeeMon 4956 C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
RIMBBLaunchAgent 5040 C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
Spybot - Search & Destroy 2700 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
TeamViewer 4428 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
TeamViewer 2888 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
Thunderbird 5084 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
TrueVector Service 1760 C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
Wake-up On Stand-by or Hibernation 5024 C:\Program Files (x86)\WakeupOnStandBy\wosb.exe
ZoneAlarm 3548 C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe


Network activity
----------------
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 23.11.175.139
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 74.125.239.1
Process firefox.exe (984) connected on port 80 (HTTP) --> 208.93.141.190
Process firefox.exe (984) connected on port 80 (HTTP) --> 66.235.142.58
Process firefox.exe (984) connected on port 80 (HTTP) --> 66.235.142.57
Process TeamViewer_Service.exe (2888) connected on port 5938 --> 92.51.171.96
Process thunderbird.exe (5084) connected on port 443 (HTTP over SSL) --> 184.169.161.88

Process TeamViewer_Service.exe (2888) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 5938


Autoruns and critical files
---------------------------
Acronis Scheduler Helper C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
Acronis True Image C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
Dell Wireless WLAN Card Wireless Networ C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
LWEMon.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe
Microsoft Security Client C:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
MurGeeMon C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
RIMBBLaunchAgent C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Wake-up On Stand-by or Hibernation C:\Program Files (x86)\WakeupOnStandBy\wosb.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
ZoneAlarm C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
ZoneAlarm Browser Security C:\Program Files\CheckPoint\ZAForceField\ForceField.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
AVG Internet Security c:\program files (x86)\avg\avg2012\avgssie.dll
Bitdefender QuickScan C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
IE Tab Plug-in C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\[email protected]\plugins\npCoralIETab.dll
Java Deployment Toolkit 7.0.40.22 C:\Windows\SysWOW64\npDeployJava1.dll
Java(TM) Platform SE 7 U4 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
Java(TM) Platform SE 7 U4 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
Java(TM) Platform SE 7 U4 c:\program files (x86)\java\jre7\bin\ssv.dll
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
npFFApi C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
NPSWF32_11_2_202_235.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
NPWebSLLauncher.dll C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Unity Player C:\Users\nettech_gt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
ZoneAlarm Browser Security c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\trustcheckerieplugin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: b3710d5900ea1a07d531e443c1979ca6 C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
MD5: 196b5edadf1e0ed75c75a60807b727d3 C:\Program Files (x86)\Acronis\TrueImageHome\Common\gc.dll
MD5: eba523dbfe3263d402ae4ebc07ff2df1 C:\Program Files (x86)\Acronis\TrueImageHome\Common\libcrypto9.dll
MD5: cb82e8e5601838458ce425596373f910 C:\Program Files (x86)\Acronis\TrueImageHome\Common\resource.dll
MD5: 652bafa562857881f836483d0a78337d C:\Program Files (x86)\Acronis\TrueImageHome\Common\rpc_client.dll
MD5: 4beb1395a639a914aebcf4c2432000e8 C:\Program Files (x86)\Acronis\TrueImageHome\Common\thread_pool.dll
MD5: d9c2a35c394ee236554097d75c2640ce C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MD5: 7ec56424e3e77ebf4bf5e0798175e4e5 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 81885dc655647081f19d1248eebaacdc C:\Program Files (x86)\AVG\AVG2012\avgameh.dll
MD5: 7664d9390517845ab2d9c65d7cfa5043 C:\Program Files (x86)\AVG\AVG2012\avgamnot.dll
MD5: c0a0e2d9adf84f79ad4907392ef2c4bc C:\Program Files (x86)\AVG\AVG2012\avgamx.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files (x86)\AVG\AVG2012\avgcertx.dll
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files (x86)\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files (x86)\AVG\AVG2012\avgchclx.dll
MD5: cfc932d4a910be89f2107e9f26e83fe3 C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll
MD5: b4866ba452702eb04fde2959e6f429ef C:\Program Files (x86)\AVG\AVG2012\avgcslx.dll
MD5: 09c8e6fa85896d6eecc095b92f799d84 C:\Program Files (x86)\AVG\AVG2012\avgdecider.dll
MD5: 283328b17265f6424d2c6686dba4ade1 C:\Program Files (x86)\AVG\AVG2012\avgidpmx.dll
MD5: 9f6d24345734fb2413c1a7dbc4bb9913 C:\Program Files (x86)\AVG\AVG2012\avgidpsdkx.dll
MD5: 6d440ff3f44ca72edfd6176c6d6a89c0 C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
MD5: 3e94ff7d1a2d973f7527fc6b6b70f5e7 C:\Program Files (x86)\AVG\AVG2012\avglngx.dll
MD5: 343e039c305c967478a37270209216e9 C:\Program Files (x86)\AVG\AVG2012\avglogx.dll
MD5: 589f6e84ff8cebc70c6f4808d2d6b537 C:\Program Files (x86)\AVG\AVG2012\avgmvflx.dll
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files (x86)\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files (x86)\AVG\AVG2012\avgopensslx.dll
MD5: 91c2c60bb66dbe2ec0e1a83cd2e72b6f C:\Program Files (x86)\AVG\AVG2012\avgscanx.dll
MD5: aabdfbf51a5b0310caa9d2e2e4b85982 C:\Program Files (x86)\AVG\AVG2012\avgsched.dll
MD5: d17a93d6a4facede137c32650fe5a902 C:\Program Files (x86)\AVG\AVG2012\avgsrmx.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files (x86)\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files (x86)\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
MD5: 922ff22e37b61dab5e4352c3c527baf4 C:\Program Files (x86)\AVG\AVG2012\avguires.dll
MD5: 787a7dd89fcc6b2f232ec65a8cf0ee2a C:\Program Files (x86)\AVG\AVG2012\avgvvx.dll
MD5: 7dab06426a345073e1fba88e100c1cfb C:\Program Files (x86)\AVG\AVG2012\avgwd.dll
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
MD5: 7d3d2dbf2c3224d43a19443e73ccfa86 C:\Program Files (x86)\AVG\AVG2012\avgwdwsc.dll
MD5: bb4c900fd6bf91422fc44a9cb640ae01 C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
MD5: 449d2363bd2c2aad83fdb6e082b8c112 C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
MD5: af44f7e027037628f1fac3c13cde73e6 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
MD5: 1f63afab3009e5a58b710406f3cedb63 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
MD5: b175ee4f763d25908789896d43522f72 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
MD5: 5b96c27b3b53f4ea6816db40f6f9b427 C:\Program Files (x86)\Common Files\Acronis\SnapAPI\snapapi.dll
MD5: 8c1d2248dc442d6aa55c420fa37ad5a3 C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\tdrpapi.dll
MD5: 60e5af8b7b4140c711b050fae5a3ab70 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 62b7936f9036dd6ed36e6a7efa805dc0 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 4bf940a921bfac209ec6cf31e091ea05 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceme40.dll
MD5: ab97d171a77b5f4bafb033bf539bed42 C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlceqp40.dll
MD5: ec133c3e2a97aa6fbc276dcccd0645bf C:\Program Files (x86)\Common Files\Intuit\Database Providers\SQL Server Compact Edition 4.0\x86\sqlcese40.dll
MD5: 1663a135865f0ba6e853353e98e67f2a C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: bc7b9ba1f4d4c982ae23dcc0d121c4b0 C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
MD5: 52d28ae9e168ba60f2dfa00edd101b14 C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MD5: 65035c441ab7259fe4a0725bb87260bd c:\program files (x86)\java\jre7\bin\jp2ssv.dll
MD5: 38c0b4409937afe199edb3e8d7764e18 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
MD5: 271356fb9f7e84ce4517e5b97ba6cfbd c:\program files (x86)\java\jre7\bin\ssv.dll
MD5: bd5fc9f3ef6ce0e4e149e9825285974d C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 4f69aabb5d82aa4ef6dff7871212adf6 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 2c83614ca5c79d7f75c65e79fcabb257 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 3817d77e8371f2b8bfab4653fb23230c C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 0993ab4dc534b208c5557d0586195589 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: 97258f0898f8e3f3d154ce1dd71fd50b C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: f8d269cb2edd02963adab1065352487d C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: 1200b011ad494a9e41d882143deb9d68 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: 6d8f7647f8eadb1f0d003b13ac7aff8b C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 4eb7702ea671448197af4ca2b0d6f7d0 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 77685eccd3cc603c49fb6df510f2d191 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: cbbaa8d5109e5c51c241482be107d1b2 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: e52f9b31aea7458e415616b88f41d6b6 C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 65d434a6ead6152acffca952121b8fa2 C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: a7b6857b7503d9ca4f40d17a7ebb67fb C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 7d894ed61ef0505277d8a476d7df43f1 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: 25a86a8d2a66b599800d3530dc8ca4af C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 9a0f86431a4304985a6a32356d8a1e5a C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 49c2a8dbd535ec9ff202aca627c3ec6a C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: ed866bd9b4f737c4e798eb92dca30931 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: cbe42bf86e34fbb1ca197da60b024792 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 96aa8ba23142cc8e2b30f3cae0c80254 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 763f29e41f844e5cda5e7961e6ca92b2 C:\Program Files (x86)\Mozilla Thunderbird\freebl3.dll
MD5: 80c5fdc647ad96e33b9e8cbc36b47eb5 C:\Program Files (x86)\Mozilla Thunderbird\mozalloc.dll
MD5: ce315a299dc556ba26b2910192b94f43 C:\Program Files (x86)\Mozilla Thunderbird\mozglue.dll
MD5: af243eb06b3267b83418dff19ed75817 C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MD5: 3d81d51581a747802aa3cde8f83850ce C:\Program Files (x86)\Mozilla Thunderbird\mozsqlite3.dll
MD5: 911edd98343498fd01057081bf30eb53 C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MD5: 93976ffeba3d34e3248d9ce1ab7cb6d5 C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MD5: 62019deb662268c68fe771f483f72201 C:\Program Files (x86)\Mozilla Thunderbird\nspr4.dll
MD5: 103d2d25eafde4575b9c131856581ab8 C:\Program Files (x86)\Mozilla Thunderbird\nss3.dll
MD5: 45a4e71630a4fc51b5b044d1b238ea94 C:\Program Files (x86)\Mozilla Thunderbird\nssckbi.dll
MD5: 2cd803f5aed3dbc3c79d20f8d89b56c5 C:\Program Files (x86)\Mozilla Thunderbird\nssdbm3.dll
MD5: 1e8ddc00cf27bbf949c720433b232299 C:\Program Files (x86)\Mozilla Thunderbird\nssutil3.dll
MD5: 44587c849859890dd80ca887e9c70e68 C:\Program Files (x86)\Mozilla Thunderbird\plc4.dll
MD5: 076fdf28e38b3a4100325cbdfa8d8960 C:\Program Files (x86)\Mozilla Thunderbird\plds4.dll
MD5: 422644356d1038b436e7a3bae3a33058 C:\Program Files (x86)\Mozilla Thunderbird\smime3.dll
MD5: 60948a0d0151fe117d667bf4b1b81534 C:\Program Files (x86)\Mozilla Thunderbird\softokn3.dll
MD5: 38f4abbd8909c982f09759236c72eb32 C:\Program Files (x86)\Mozilla Thunderbird\ssl3.dll
MD5: 977d09b785c896a5328125bc779b0df2 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
MD5: 1b7e7a5b2165cd611f21ff34cab3faeb C:\Program Files (x86)\Mozilla Thunderbird\xpcom.dll
MD5: dfc4de7ee6345e912743d07ee68fe50b C:\Program Files (x86)\Mozilla Thunderbird\xul.dll
MD5: 94fc976f162a80d36a2e17cd661510a9 C:\Program Files (x86)\MurGeeMon\MurGeeMon.exe
MD5: 99c9432b3400d7cf6a48f1c5ac82efc8 C:\Program Files (x86)\MurGeeMon\WindowMoverHook.dll
MD5: 2d6ef592e9d3f64d0f3d592322ea1b04 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
MD5: da0fe6ba79b6ac310f27aaf9386c7fe0 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Resource_en.dll
MD5: 8a9828975a857e477efef5a61ba45ac0 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
MD5: 00d9282218b1bd8736e54298290f0317 C:\Program Files (x86)\TeamViewer\Version6\tv_w32.dll
MD5: 5b1dc722b19bb25a2f6dab16d13cfa99 C:\Program Files (x86)\WakeupOnStandBy\wosb.exe
MD5: 48b8babcf7bbb5966e1061d8c88b4acb C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
MD5: bf65e6d039ae37c988d5b2b680e7d718 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
MD5: 99148599fe4d0a5cd7c7eb74ed5a63e4 C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
MD5: a71b41a8514e4809660933f7e36307ae C:\Program Files\CheckPoint\ZAForceField\WOW64\ISWUL_MIN\ISWUL.dll
MD5: abd71dca47f961a35435e2194a022196 C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWDMP.dll
MD5: ff22a7ee963e6fd33591baa222de181a C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWFWMON.dll
MD5: 5a9bd22b40f9e68b41637e53fdef6601 C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll
MD5: 0c18284639c520ab253bf3d800e53235 C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWVEXT.dll
MD5: a5d4f62cad3d9d6eb263e39e0277ceb1 C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
MD5: e8537e7e4a4f341da59b8c8449bed5eb c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\trustcheckerieplugin.dll
MD5: 1f83cb91a9830038dbe7cd1ba1921205 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
MD5: 13b0a570e1ae451c92da550085d72cf3 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
MD5: ff3898beead10ff735750396ccad3e28 C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
MD5: 0104f4ca73154c23ffb449501f6d2d53 C:\Program Files\Logitech\Gaming Software\LWEMon.exe
MD5: 59faaf2c83c8169ea20f9e335e418907 C:\Program Files\Microsoft Security Client\MsMpEng.exe
MD5: 00490c2a421579311eff460addab7ad0 C:\Program Files\Microsoft Security Client\msseces.exe
MD5: 10a43829a9e606af3eef25a1c1665923 C:\Program Files\Microsoft Security Client\NisSrv.exe
MD5: 7d9d615201a483d6fa99491c2e655a5a C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
MD5: 3289766038db2cb14d07dc84392138d5 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
MD5: 58a38e75f3316a83c23df6173d41f2b5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
MD5: fc201ff22ec9e809ca412eb4b1309f31 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MD5: 07a026874244d944d82b9265da8d6384 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 87a356753b2208461da361b13e7e909c C:\Users\nettech_gt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: f82c597a5011763cb087c61f85b09f0e C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\[email protected]\plugins\npCoralIETab.dll
MD5: 1570f1e976e042c833f736e3cfe03d96 C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 3fde8cced3be616c546518ec18595f58 C:\Users\nettech_gt\AppData\Roaming\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\bnbar12.dll
MD5: 14b2b51b429c3e17c154920d1541fcc3 C:\Users\nettech_gt\AppData\Roaming\Thunderbird\Profiles\k9b60qz7.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbasecomps.dll
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL
MD5: 303366f0de2d2cb059401c640641157b C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\f11d5fea7ded12068e8cdb8b2f1bdbd9\CustomMarshalers.ni.dll
MD5: 8495229cb7e717879c8e6a22ef661d09 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MD5: 187672a73a548bc293c39d92fdec40b3 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MD5: 19b65e81fe6603a5d5fb6433134d283d C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14ba6251d6ec84c9579ed3d3e10b30c1\System.Core.ni.dll
MD5: 38ad0b72c22903c51d6f4f0c2453541b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9f5111b0b58258c3a4bbcfb8bf27374c\System.Data.ni.dll
MD5: 82af57a8511d20a65b46be5d5898c2a1 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c821be068070b07a9a339ab7152bc95e\System.Drawing.ni.dll
MD5: 1caf8cd2d85633c3f4ffa998e1d4d145 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\26ee061618887d629a9f7072970ffb85\System.EnterpriseServices.ni.dll
MD5: 2314bb4385e85700edda905f8455473a C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\0f9d7198d2c0a3953fb59b1aca0d35f7\System.Runtime.Remoting.ni.dll
MD5: 6484a4a7392d73959f82e5f50060bc91 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\371591225ee369c94784e24dc22f2e45\System.ServiceProcess.ni.dll
MD5: d2a4f11b3555d3ece26a8203cd0a0002 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\ce2aa3a5e89c326055ac8e2a309232f7\System.Transactions.ni.dll
MD5: 83efd5ba4634cd136a52d794ca7d91d4 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e3290e9cf0eced36ca662cf67df4a939\System.Windows.Forms.ni.dll
MD5: b48231d95e9054250775a15106bf82b9 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MD5: 5a656af788c0929e5180e641518eed75 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: ac4c51eb24aa95b77f705ab159189e24 C:\Windows\Explorer.exe
MD5: 8a74bca77fdb507065a8d0f2bee9558d C:\Windows\Microsoft.Net\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MD5: 621b8a1aa85635b59837f44d853b5859 C:\Windows\Microsoft.Net\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll
MD5: c755e17bac396f9a9f468320b3f6cf46 C:\Windows\Microsoft.Net\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MD5: 41962d5e18e9874390bc1f074571a6bb C:\Windows\Microsoft.Net\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 215ce077258cedd5be4c56e9d614db9f C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 781bf72f57cc9e5f85cb109c24d00fdc C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 35ed37326421112206caabc025fdcdab C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 6391a2cb8d1eb7e70fc4ae45b4cebed7 C:\Windows\PSSDNSVC.EXE
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 855b79451ecf62602f20eb4d5c71f99b C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: e24fe90e9de8d8ae70e59f7b01675def C:\Windows\system32\AVICAP32.dll
MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\BROWCLI.DLL
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: a29d734f650f958424743be3baa052c8 C:\Windows\system32\dwrite.dll
MD5: 40d777b7a95e00593eb1568c68514493 C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 1e8d06aae74fed674c1156b3fea911c2 C:\Windows\system32\faultrep.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\iphlpapi.dll
MD5: 327695074718e1bdac226b2a16f425e2 C:\Windows\system32\jsproxy.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\system32\MSVFW32.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\Netapi32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\system32\NLAapi.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\propsys.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\RICHED20.DLL
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\system32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 6b140b1382f1fe04ba57b196aeb19725 C:\Windows\system32\t2embed.dll
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\System32\winhttp.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\winspool.drv
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\winsta.dll
MD5: a7d79e9f660340ab20cd73f12910985f C:\Windows\system32\Wintrust.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: a8cdf3768604ff95b54669e20053d569 C:\Windows\system32\WSCAPI.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\wtsapi32.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: b23137887833d849edb4f03ed8124e71 c:\windows\syswow64\ieframe.dll
MD5: 1341915d4705a3ba68bc49e83024ade0 C:\Windows\syswow64\iertutil.dll
MD5: b2db6aba2e292235749b80a9c3dfa867 C:\Windows\syswow64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: 2978077b7dd5b5e24a0a7c0a75b08a5a C:\Windows\SysWOW64\jscript.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: 459ac130c6ab892b1cd5d7544626efc5 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: de5a4d89c47b9a1cc97dfab11a795abb C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 6df3ea6fb1d0521127377f454081abea C:\Windows\SysWOW64\msscript.ocx
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: 4515bbd8946c3974e251d7ca0ab72229 C:\Windows\SysWOW64\npDeployJava1.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 16ab4bd2acc52109f43739bf0e89e18f C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 544eff88ac6c85df5a4d6f18dfe08cfc C:\Windows\SysWOW64\taskschd.dll
MD5: 4c162b2a8e175f46db41b21c77688221 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 44465367256d1c72b58f5abaa19e7016 C:\Windows\syswow64\WININET.dll
MD5: a7d79e9f660340ab20cd73f12910985f C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: a3c190d644e88de5872fc7fec7377e35 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCP80.dll
MD5: 5ff5e12f28725d14caa3b408848adffc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: 5963633010616b25503ee126f55e8de4 C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: 7717f84f483002815490033bf069dabd C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.01 MB sent, 0.98 KB recvd
Scanned 402 files and modules - 30 seconds

==============================================================================


----------



## eddie5659 (Mar 19, 2001)

Thanks for the info on Murgeemon.

We have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are legit, but we try and compile a list of good/bad, to help everyone 

Please download *GooredFix* from one of the locations below and *save it to your Desktop*
*Download Mirror #1*
*Download Mirror #2*

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select *Run As Administrator* (Vista).
When prompted to run the scan, click *Yes*.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


----------



## nettech_gt (May 18, 2012)

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:18 on 29/05/2012 (nettech_gt)
Firefox version 12.0 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [00:50 08/02/2011]

C:\Users\nettech_gt\Application Data\Mozilla\Firefox\Profiles\gmwq9zek.default\extensions\
[email protected] [04:14 02/11/2011]
{e001c731-5e37-4538-a5cb-8168736a2360} [04:46 27/05/2012]
{E0B8C461-F8FB-49b4-8373-FE32E9252800} [04:02 26/04/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"="C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker" [16:11 13/11/2011]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"="C:\Program Files (x86)\AVG\AVG2012\Firefox4\" [16:24 13/11/2011]

---------- Old Logs ----------

-=E.O.F=-


----------



## eddie5659 (Mar 19, 2001)

Okay, they're nice and clean 

Now, you happen to be running two antiviruses - AVG Anti-Virus 2012 and Microsoft Security Essentials. Whilst you think double protection is better, this can actually cause conflicts. I would uninstall one of them, MSE is a very good one, as AVG is know to sometimes cause slowness.

Also, you're using ZoneAlarm firewall. Microsoft have actually made the Windows 7 firewall very robust, and I would recommend uninstalling ZA and using the Windows firewall. Also, ZA is known to install Checkpoint, which uses Conduit which can sometimes cause redirects, and I normally remove any conduit from systems.

---

Can you also run this, to see if anything is hiding:

Download *RogueKiller* to your desktop


Quit all running programs 
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe 
Wait until the Pre-scan has finished.
Click on Scan
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe 
Click on Report and copy/paste the contents here.


----------



## nettech_gt (May 18, 2012)

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: nettech_gt [Admin rights]
Mode: Scan -- Date: 05/31/2012 17:27:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: OCZ-VERT EX2 SCSI Disk Device +++++
--- User ---
[MBR] 968f5faabf9df215819275c87c8e3644
[BSP] 576a71815e8567740f76d3cfc19d3625 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 57239 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: WDC WD16 00AAJS-00L7A0 USB Device +++++
--- User ---
[MBR] 12821633a912a19cf05bbf7bb0f0f0e4
[BSP] 6d78a3a56dec5d987d88ad9a5efb837e : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152475 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt


----------



## eddie5659 (Mar 19, 2001)

How's the computer running now? If its all okay, we'll remove the tools we've used, but I'll wait until you reply 

eddie


----------



## nettech_gt (May 18, 2012)

I searched (via Google) for a bunch of random things but nothing has be redirected. So it appears to be ok now. Its odd though as from what I could tell from all the logs I posted nothing (virus/malware/rootkit) was actually found and removed. Were you able to determine what might have been causing the random redirects I was experiencing? THANX!


----------



## eddie5659 (Mar 19, 2001)

Glad to hear its not redirecting. As to pinpointing what it was, it could have been any one of the things we removed, that's one of the hard parts about this area...saying it was THAT file 

Still, overall it helped, so if its all okay, we'll remove the tools we used 

*You can mark this thread Solved at the top of this page, if its all running okay *

*Any questions about the following, just ask  *

We have a couple of last steps to perform and then you're all set.

Firstly, lets uninstall the tools we've used:

*Follow these steps to uninstall Combofix and tools used in the removal of malware*

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

*ComboFix /Uninstall *

Then, run this:


Download *OTC* to your desktop and run it 
Click Yes to beginning the Cleanup process and remove these components, including this application. 
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes. 

======================
Uninstall *SUPERAntiSpyware* from AddRemove Programs.

Also, remove the following from the Desktop, if still there after doing the above:

*SecurityCheck
TDSSKiller
aswMBR
SystemLook
GooredFix
RogueKiller
*
==============================

*Clear Cache/Temp Files*
Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

*Create Restore Point (Win7)*


Select *Start* > *Control Panel* then double-click on the *System* icon in the Control Panel.
In the left-hand pane click on the *System Protection* option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C indicates System protection *ON*.
(This indicates System restore is turned ON for the Windows drive).
Click on the *Create* button to create a new restore point. In the Name dialog, type a descriptive name and then click on the *Create* button.
You will get a message that the Restore Point was created successfully. Click on the *Close* button.
Click on the *OK* button and close the System window in the Control Panel.

*Making Internet Explorer More Secure*

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the following:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply

Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Click once on the *Custom Level* button.
 Change the *Download signed ActiveX controls* to *Prompt*.
 Change the *Download unsigned ActiveX controls* to *Disable*.
 Change the *Initialise and script ActiveX controls not marked as safe* to *Disable.*
 Change the *Installation of desktop items* to *Prompt.*
 Change the *Launching programs and files in an IFRAME* to *Prompt.*
 When all these settings have been made, click on the *OK* button.
 If it prompts you as to whether or not you want to save the settings, press the *Yes* button. 
 Next press the *Apply* button and then the *OK* to exit the Internet Properties page.

*Makeing FireFox More Secure*

Please visit this page to explain how to make Firefox more secure - How to Secure Firefox

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.

Go to Start | Programs | Accessories | System Tools | Disk Cleanup
It should start straight away, but if you have to select a drive, click on the C-drive.
Let it run, and at the end it will give you some boxes to tick. 
All are okay to enable, then press *OK* and then *Yes* to the question after.
It will close after its completed.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program:
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. You can either use *Microsoft Windows Firewall* which is good, or a free one available for personal use.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------



## nettech_gt (May 18, 2012)

Thanx!


----------



## eddie5659 (Mar 19, 2001)

No problem


----------

