GeekPolice Tech TutorialsLog in

 


Share

descriptionSearch engine redirect/admin privledges hijacked

more_horiz
I recently have had a search engine redirect problem on my windows 7 machine. I looked up a file based on some advice in another forum and went to the file Windows/System32/drivers/etc/hosts file and found an extra line of code at the bottom. I tried to delete the extra line but found that I no longer have administrator privledges on this computer. It does still list my user name (the only one on the machine) as an administrator.
Here's the scan log:
PRC - File not found --
PRC - [2012/05/20 22:38:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nisha Stone\Downloads\OTL.com
PRC - [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/03/07 11:52:23 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/07 11:52:19 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/10/12 18:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 18:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2010/02/11 12:36:12 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
PRC - [2009/10/15 03:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
PRC - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
PRC - [2009/08/20 13:50:58 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2009/08/20 13:50:53 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/08 22:04:52 | 000,441,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppgooglenaclpluginchrome.dll
MOD - [2012/05/08 22:04:51 | 003,921,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012/05/08 22:03:36 | 000,553,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012/05/08 22:03:35 | 000,117,744 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012/05/08 22:03:25 | 000,134,656 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012/05/08 22:03:24 | 000,250,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012/05/08 22:03:23 | 002,375,680 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2012/03/07 11:52:19 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/10/15 03:10:44 | 001,169,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
MOD - [2009/10/15 03:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/10/15 03:10:16 | 000,588,272 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\BBEngineAS.dll
MOD - [2009/09/28 00:52:34 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2009/08/20 13:50:58 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2009/08/20 13:50:53 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2009/08/18 16:09:20 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2009/08/18 16:08:28 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2009/05/27 07:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
MOD - [2009/05/27 07:13:36 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccats.dll
MOD - [2009/04/07 14:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/30 07:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2009/03/30 07:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009/03/30 07:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2009/03/30 07:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2009/03/30 07:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2009/03/30 07:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2009/03/30 07:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2009/03/30 07:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 09:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 03:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXECsmr.dll
MOD - [2009/02/20 03:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXECsm.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2010/04/14 20:08:32 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010/04/14 20:08:24 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV:64bit: - [2010/02/24 13:16:08 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/02/17 16:45:16 | 000,155,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV:64bit: - [2009/12/16 08:16:30 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/12/14 00:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/11/13 11:28:38 | 000,129,536 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/13 11:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2012/03/07 11:52:23 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2011/11/23 03:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/08/20 15:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/04/26 15:16:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/04/14 20:08:24 | 000,045,736 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/17 15:53:26 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2010/02/11 12:36:12 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/12/14 00:28:54 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\STacSV64.exe -- (STacSV)
SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2009/07/30 10:59:18 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 13:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/14 13:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/04/26 17:09:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/31 15:54:40 | 000,100,472 | ---- | M] (Juniper Networks) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NEOFLTR_650_15507.SYS -- (NEOFLTR_650_15507) Juniper Networks TDI Filter Driver (NEOFLTR_650_15507)
DRV:64bit: - [2010/02/17 16:52:42 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/17 16:52:42 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2010/02/17 16:45:32 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/12/23 01:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/16 08:16:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/12/16 08:16:14 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/12/14 00:28:54 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/11/03 12:21:18 | 000,074,016 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/10/12 06:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/25 18:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/09/17 13:33:00 | 000,023,912 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/20 11:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/18 09:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/09 13:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV:64bit: - [2009/02/13 11:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{6D1C46E5-C8CD-47F4-9A42-F2FFA4AD3940}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100616233828419&tb_oid=16-06-2010&tb_mrud=16-06-2010
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{B7C8CFD1-4294-4BD5-901D-E8203F7FB1D2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100616233828419&tb_oid=16-06-2010&tb_mrud=16-06-2010
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS405
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B2424D56-9391-40BB-B1E6-6D3F1B3B02C8}&mid=69ffb5e5c92247d19d7ed16fff29a2d1-fa93600655c8b3cff7980eed9f918013613cf617&lang=en&ds=AVG&pr=pr&d=2011-09-04 13:03:59&v=8.0.0.34&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://secure.logmeinrescue-enterprise.com/Customer/Code.aspx|http://www.stdavids.com/remote-gateway-home.aspx"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 13:47:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/04/11 16:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/11 16:30:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/22 23:53:50 | 000,000,000 | ---D | M]

[2012/02/22 23:45:11 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nisha Stone\AppData\Roaming\Mozilla\Extensions
[2012/05/03 07:44:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nisha Stone\AppData\Roaming\Mozilla\Firefox\Profiles\b9vegfpn.default\extensions
[2012/02/22 23:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 17:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 17:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 17:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 17:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/10/12 19:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010/10/12 17:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/03/07 11:52:17 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nisha Stone\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Nisha Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nisha Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nisha Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Nisha Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Gmail = C:\Users\Nisha Stone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [lxecmon.exe] C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Users\Nisha Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A08D2318-19E6-4332-A741-87FBBD3984CD} https://cwtdra.clio.medcity.net/portal/mckesson/eig/viewer/,DSID=71def0af505d739c2b6e08b83d0aefa6,DanaInfo=HPFSanAntonio1.hca.corpad.net,SSL,ST=1+/mckapprun.cab (McKesson Application Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://cwtdra.clio.medcity.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DAB7231-F0D7-4D35-973B-A2CFE43BD382}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f0d12c16-6934-11df-97b2-0026b9cd4b22}\Shell - "" = AutoRun
O33 - MountPoints2\{f0d12c16-6934-11df-97b2-0026b9cd4b22}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)



SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


I'll put the rest in a second post

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Part 2:

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/20 08:32:29 | 000,000,000 | ---D | C] -- C:\Users\Nisha Stone\AppData\Local\Apple
[2012/05/16 07:52:59 | 000,000,000 | ---D | C] -- C:\Users\Nisha Stone\AppData\Local\Adobe
[2012/05/15 22:27:53 | 000,000,000 | ---D | C] -- C:\Users\Nisha Stone\AppData\Local\Apple Computer
[2012/05/13 13:35:17 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/13 13:35:16 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/13 13:35:16 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/13 13:35:16 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/13 13:35:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/13 13:34:32 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/13 13:34:30 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/13 13:34:30 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Nisha Stone\Documents\*.tmp files -> C:\Users\Nisha Stone\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/20 22:41:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/20 22:38:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 22:38:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/20 22:31:48 | 000,038,793 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012/05/20 22:30:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/20 22:30:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/20 22:29:36 | 2960,539,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/20 17:50:19 | 098,714,532 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/05/20 08:46:58 | 000,392,192 | -H-- | M] () -- C:\Users\Nisha Stone\Documents\Anytime1_backup.atw
[2012/05/20 08:46:58 | 000,392,192 | -H-- | M] () -- C:\Users\Nisha Stone\Documents\Anytime1.ATW
[2012/05/17 20:44:51 | 000,002,306 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/17 07:22:06 | 000,625,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/05/16 17:12:57 | 000,417,997 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/16 17:12:47 | 000,000,000 | ---- | M] () -- C:\Users\Nisha Stone\dir
[2012/05/15 14:46:16 | 000,364,422 | ---- | M] () -- C:\Users\Nisha Stone\Documents\Spring Dining room.jpg
[2012/05/15 14:46:02 | 000,264,135 | ---- | M] () -- C:\Users\Nisha Stone\Documents\Spring Guest.jpg
[2012/05/15 13:15:41 | 000,351,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/14 03:14:21 | 000,747,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/14 03:14:21 | 000,628,554 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/14 03:14:21 | 000,108,700 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/04 12:13:32 | 005,112,078 | ---- | M] () -- C:\Users\Nisha Stone\Documents\waiver_lakelesson.pdf
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Users\Nisha Stone\Documents\*.tmp files -> C:\Users\Nisha Stone\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 17:12:47 | 000,000,000 | ---- | C] () -- C:\Users\Nisha Stone\dir
[2012/05/15 14:46:16 | 000,364,422 | ---- | C] () -- C:\Users\Nisha Stone\Documents\Spring Dining room.jpg
[2012/05/15 14:46:02 | 000,264,135 | ---- | C] () -- C:\Users\Nisha Stone\Documents\Spring Guest.jpg
[2012/05/04 12:13:32 | 005,112,078 | ---- | C] () -- C:\Users\Nisha Stone\Documents\waiver_lakelesson.pdf
[2012/04/05 16:07:58 | 000,000,256 | -H-- | C] () -- C:\ProgramData\sDO4peyxSUZ9aO
[2012/01/25 12:06:55 | 000,000,319 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/02/22 14:37:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/25 20:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/12 10:55:34 | 000,000,118 | -H-- | C] () -- C:\Users\Nisha Stone\AppData\Roaming\wklnhst.dat

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2010/08/30 23:02:16 | 000,116,224 | ---- | M] (Acresso) -- C:\Users\Nisha Stone\Desktop\zipForm6.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/02/16 09:40:41 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/02/16 09:40:41 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/02/16 09:40:41 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/05/05 12:00:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint
[2010/04/26 15:14:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2010/05/25 15:13:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AnyTime Deluxe
[2011/10/02 18:58:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/09/04 13:01:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2012/03/07 11:52:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2011/05/22 23:48:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BillP Studios
[2012/01/31 17:40:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/05/22 22:06:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Boxee
[2010/04/26 15:14:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/02/22 23:53:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2012/04/11 16:30:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/04/26 15:38:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative
[2010/04/26 15:37:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Creative Live! Cam
[2010/04/26 15:31:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2010/04/26 15:57:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DELL
[2011/05/17 07:11:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Local Backup
[2010/04/26 15:16:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell DataSafe Online
[2010/04/26 15:38:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2012/05/15 22:27:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2010/04/26 15:38:47 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010/04/26 16:50:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/04/11 17:06:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/04/11 16:30:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/04/26 15:11:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/02/21 21:44:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Juniper Networks
[2010/05/05 11:56:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark
[2010/05/05 11:59:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series
[2010/05/05 11:56:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lexmark Toolbar
[2012/04/11 16:30:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee
[2009/06/30 01:27:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\McAfee.com
[2011/12/08 04:01:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2010/04/26 15:16:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2010/04/26 15:29:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2012/05/15 13:14:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/04/26 15:35:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/04/26 15:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/04/11 16:30:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/11/25 04:02:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/04/11 16:30:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/01/31 17:39:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010/04/26 15:52:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Roxio
[2011/10/29 19:09:44 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2011/10/25 16:07:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2012/01/25 12:04:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TurboTax
[2009/07/13 23:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2010/05/26 21:24:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Western Digital
[2010/04/26 15:17:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/12/15 04:29:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2010/04/26 15:33:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/12/24 10:09:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/10/14 03:19:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 00:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009/07/14 00:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009/07/14 00:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2010/08/30 23:01:33 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Zero G Registry

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: DISK.SYS >
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 08:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 07:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 01:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 01:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 08:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/21 04:04:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/21 04:04:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/21 04:04:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/02/21 04:04:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/02/21 04:04:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/05/08 22:04:54 | 001,240,048 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/21 04:03:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/21 04:03:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/21 04:03:54 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/02/21 04:04:02 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/02/21 04:04:02 | 000,748,336 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 1235 bytes -> C:\Users\Nisha Stone\Desktop\Your Weekly Travel Preferences.eml:OECustomProperty

< End of report >

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Hi there pjackson7!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

I have looked through your logs and all seems to be completely fine, except that you have two antivirus programs installed. This is really a bad idea: it does not improve security of your PC, but slows it down instead and may cause instability issues. You should proceed to uninstall either AVG or McAfee.

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Thanks so much for your help! McAfee is uninstalled.

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
btw when you say sarch engine redirect, do you mean you click a link and get redirected to unexpected website?

I that case you should do the following:

  • Download TDSSKiller by Kaspersky from here and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Sorry for the delay. I was out of town for a bit. I ran the TDSSKiller. Here's the report:

10:38:52.0009 5412 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
10:38:52.0472 5412 ============================================================
10:38:52.0472 5412 Current date / time: 2012/05/29 10:38:52.0472
10:38:52.0472 5412 SystemInfo:
10:38:52.0472 5412
10:38:52.0472 5412 OS Version: 6.1.7600 ServicePack: 0.0
10:38:52.0472 5412 Product type: Workstation
10:38:52.0473 5412 ComputerName: NISHASTONE-PC
10:38:52.0473 5412 UserName: Nisha Stone
10:38:52.0473 5412 Windows directory: C:\Windows
10:38:52.0473 5412 System windows directory: C:\Windows
10:38:52.0473 5412 Running under WOW64
10:38:52.0473 5412 Processor architecture: Intel x64
10:38:52.0473 5412 Number of processors: 4
10:38:52.0473 5412 Page size: 0x1000
10:38:52.0473 5412 Boot type: Normal boot
10:38:52.0473 5412 ============================================================
10:38:53.0764 5412 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:38:53.0769 5412 ============================================================
10:38:53.0770 5412 \Device\Harddisk0\DR0:
10:38:53.0770 5412 MBR partitions:
10:38:53.0770 5412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
10:38:53.0770 5412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38621030
10:38:53.0770 5412 ============================================================
10:38:53.0788 5412 C: <-> \Device\Harddisk0\DR0\Partition1
10:38:53.0788 5412 ============================================================
10:38:53.0788 5412 Initialize success
10:38:53.0788 5412 ============================================================

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Is that all you got? Because it is only the header of the report. Can you retry, please?

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
09:38:38.0514 5132 ============================================================
09:38:38.0514 5132 Scan started
09:38:38.0514 5132 Mode: Manual;
09:38:38.0514 5132 ============================================================
09:38:39.0741 5132 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
09:38:39.0755 5132 1394ohci - ok
09:38:39.0782 5132 Acceler (c49c56b35bfc6cda8d1fdcad2885568f) C:\Windows\system32\DRIVERS\Acceler.sys
09:38:39.0785 5132 Acceler - ok
09:38:39.0830 5132 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
09:38:39.0848 5132 ACPI - ok
09:38:39.0881 5132 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
09:38:39.0884 5132 AcpiPmi - ok
09:38:39.0939 5132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
09:38:39.0985 5132 adp94xx - ok
09:38:40.0039 5132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
09:38:40.0056 5132 adpahci - ok
09:38:40.0083 5132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
09:38:40.0097 5132 adpu320 - ok
09:38:40.0129 5132 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:38:40.0132 5132 AeLookupSvc - ok
09:38:40.0232 5132 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\AESTSr64.exe
09:38:40.0236 5132 AESTFilters - ok
09:38:40.0302 5132 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
09:38:40.0323 5132 AFD - ok
09:38:40.0356 5132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
09:38:40.0362 5132 agp440 - ok
09:38:40.0388 5132 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:38:40.0392 5132 ALG - ok
09:38:40.0432 5132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
09:38:40.0434 5132 aliide - ok
09:38:40.0461 5132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
09:38:40.0464 5132 amdide - ok
09:38:40.0499 5132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
09:38:40.0504 5132 AmdK8 - ok
09:38:40.0532 5132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:38:40.0540 5132 AmdPPM - ok
09:38:40.0574 5132 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
09:38:40.0609 5132 amdsata - ok
09:38:40.0668 5132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
09:38:40.0683 5132 amdsbs - ok
09:38:40.0708 5132 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
09:38:40.0711 5132 amdxata - ok
09:38:40.0745 5132 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
09:38:40.0748 5132 AppID - ok
09:38:40.0774 5132 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:38:40.0776 5132 AppIDSvc - ok
09:38:40.0802 5132 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
09:38:40.0805 5132 Appinfo - ok
09:38:40.0926 5132 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:38:40.0930 5132 Apple Mobile Device - ok
09:38:40.0953 5132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
09:38:40.0959 5132 arc - ok
09:38:40.0988 5132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
09:38:40.0993 5132 arcsas - ok
09:38:41.0024 5132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:38:41.0027 5132 AsyncMac - ok
09:38:41.0053 5132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
09:38:41.0054 5132 atapi - ok
09:38:41.0127 5132 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:38:41.0165 5132 AudioEndpointBuilder - ok
09:38:41.0191 5132 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
09:38:41.0200 5132 AudioSrv - ok
09:38:41.0259 5132 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
09:38:41.0262 5132 Avgfwfd - ok
09:38:41.0473 5132 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
09:38:41.0502 5132 avgfws - ok
09:38:41.0861 5132 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:38:42.0007 5132 AVGIDSAgent - ok
09:38:42.0203 5132 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:38:42.0214 5132 AVGIDSDriver - ok
09:38:42.0239 5132 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:38:42.0242 5132 AVGIDSEH - ok
09:38:42.0252 5132 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:38:42.0253 5132 AVGIDSFilter - ok
09:38:42.0312 5132 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:38:42.0324 5132 Avgldx64 - ok
09:38:42.0341 5132 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:38:42.0344 5132 Avgmfx64 - ok
09:38:42.0402 5132 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:38:42.0405 5132 Avgrkx64 - ok
09:38:42.0446 5132 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:38:42.0462 5132 Avgtdia - ok
09:38:42.0561 5132 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:38:42.0564 5132 avgwd - ok
09:38:42.0632 5132 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
09:38:42.0636 5132 AxInstSV - ok
09:38:42.0696 5132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
09:38:42.0733 5132 b06bdrv - ok
09:38:42.0786 5132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:38:42.0802 5132 b57nd60a - ok
09:38:42.0899 5132 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:38:42.0912 5132 BBSvc - ok
09:38:42.0994 5132 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:38:43.0006 5132 BBUpdate - ok
09:38:43.0026 5132 BCM42RLY (5c0f919666954885d7760dffe4b29a25) C:\Windows\system32\drivers\BCM42RLY.sys
09:38:43.0029 5132 BCM42RLY - ok
09:38:43.0270 5132 BCM43XX (bab887a2b2786310a966881f074f4a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:38:43.0339 5132 BCM43XX - ok
09:38:43.0467 5132 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:38:43.0471 5132 BDESVC - ok
09:38:43.0523 5132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:38:43.0526 5132 Beep - ok
09:38:43.0587 5132 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
09:38:43.0629 5132 BFE - ok
09:38:43.0700 5132 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
09:38:43.0730 5132 BITS - ok
09:38:43.0767 5132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
09:38:43.0770 5132 blbdrive - ok
09:38:43.0884 5132 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:38:43.0890 5132 Bonjour Service - ok
09:38:43.0938 5132 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
09:38:43.0948 5132 bowser - ok
09:38:43.0982 5132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:38:43.0985 5132 BrFiltLo - ok
09:38:43.0999 5132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:38:44.0001 5132 BrFiltUp - ok
09:38:44.0043 5132 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
09:38:44.0053 5132 Browser - ok
09:38:44.0093 5132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:38:44.0109 5132 Brserid - ok
09:38:44.0150 5132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:38:44.0155 5132 BrSerWdm - ok
09:38:44.0169 5132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:38:44.0173 5132 BrUsbMdm - ok
09:38:44.0187 5132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:38:44.0190 5132 BrUsbSer - ok
09:38:44.0213 5132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
09:38:44.0217 5132 BTHMODEM - ok
09:38:44.0270 5132 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:38:44.0273 5132 bthserv - ok
09:38:44.0299 5132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:38:44.0303 5132 cdfs - ok
09:38:44.0336 5132 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
09:38:44.0347 5132 cdrom - ok
09:38:44.0399 5132 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:38:44.0399 5132 CertPropSvc - ok
09:38:44.0422 5132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:38:44.0426 5132 circlass - ok
09:38:44.0462 5132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:38:44.0477 5132 CLFS - ok
09:38:44.0580 5132 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:38:44.0584 5132 clr_optimization_v2.0.50727_32 - ok
09:38:44.0626 5132 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:38:44.0630 5132 clr_optimization_v2.0.50727_64 - ok
09:38:44.0726 5132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:38:44.0736 5132 clr_optimization_v4.0.30319_32 - ok
09:38:44.0775 5132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:38:44.0790 5132 clr_optimization_v4.0.30319_64 - ok
09:38:44.0820 5132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
09:38:44.0824 5132 CmBatt - ok
09:38:44.0845 5132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
09:38:44.0848 5132 cmdide - ok
09:38:44.0915 5132 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
09:38:44.0953 5132 CNG - ok
09:38:44.0979 5132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
09:38:44.0982 5132 Compbatt - ok
09:38:45.0020 5132 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
09:38:45.0023 5132 CompositeBus - ok
09:38:45.0038 5132 COMSysApp - ok
09:38:45.0058 5132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
09:38:45.0060 5132 crcdisk - ok
09:38:45.0103 5132 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
09:38:45.0118 5132 CryptSvc - ok
09:38:45.0160 5132 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
09:38:45.0173 5132 CtClsFlt - ok
09:38:45.0232 5132 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
09:38:45.0237 5132 ctxusbm - ok
09:38:45.0288 5132 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:38:45.0319 5132 DcomLaunch - ok
09:38:45.0388 5132 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:38:45.0404 5132 defragsvc - ok
09:38:45.0425 5132 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
09:38:45.0435 5132 DfsC - ok
09:38:45.0490 5132 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
09:38:45.0506 5132 Dhcp - ok
09:38:45.0529 5132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:38:45.0532 5132 discache - ok
09:38:45.0579 5132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
09:38:45.0584 5132 Disk - ok
09:38:45.0626 5132 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
09:38:45.0640 5132 Dnscache - ok
09:38:45.0686 5132 DockLoginService - ok
09:38:45.0720 5132 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
09:38:45.0733 5132 dot3svc - ok
09:38:45.0760 5132 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
09:38:45.0775 5132 DPS - ok
09:38:45.0806 5132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:38:45.0809 5132 drmkaud - ok
09:38:45.0899 5132 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
09:38:45.0941 5132 DXGKrnl - ok
09:38:45.0983 5132 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:38:45.0991 5132 EapHost - ok
09:38:46.0232 5132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
09:38:46.0315 5132 ebdrv - ok
09:38:46.0446 5132 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
09:38:46.0449 5132 EFS - ok
09:38:46.0528 5132 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
09:38:46.0577 5132 ehRecvr - ok
09:38:46.0606 5132 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:38:46.0615 5132 ehSched - ok
09:38:46.0695 5132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
09:38:46.0736 5132 elxstor - ok
09:38:46.0803 5132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
09:38:46.0806 5132 ErrDev - ok
09:38:46.0892 5132 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:38:46.0908 5132 EventSystem - ok
09:38:46.0939 5132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:38:46.0954 5132 exfat - ok
09:38:47.0001 5132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:38:47.0016 5132 fastfat - ok
09:38:47.0078 5132 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
09:38:47.0100 5132 Fax - ok
09:38:47.0127 5132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
09:38:47.0130 5132 fdc - ok
09:38:47.0145 5132 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:38:47.0148 5132 fdPHost - ok
09:38:47.0157 5132 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:38:47.0160 5132 FDResPub - ok
09:38:47.0173 5132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:38:47.0177 5132 FileInfo - ok
09:38:47.0196 5132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:38:47.0199 5132 Filetrace - ok
09:38:47.0213 5132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
09:38:47.0215 5132 flpydisk - ok
09:38:47.0251 5132 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
09:38:47.0268 5132 FltMgr - ok
09:38:47.0389 5132 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
09:38:47.0431 5132 FontCache - ok
09:38:47.0489 5132 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:38:47.0491 5132 FontCache3.0.0.0 - ok
09:38:47.0528 5132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:38:47.0532 5132 FsDepends - ok
09:38:47.0576 5132 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
09:38:47.0589 5132 fssfltr - ok
09:38:47.0695 5132 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
09:38:47.0718 5132 fsssvc - ok
09:38:47.0760 5132 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
09:38:47.0763 5132 Fs_Rec - ok
09:38:47.0816 5132 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:38:47.0830 5132 fvevol - ok
09:38:47.0874 5132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
09:38:47.0878 5132 gagp30kx - ok
09:38:47.0933 5132 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
09:38:47.0947 5132 GameConsoleService - ok
09:38:47.0992 5132 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:38:47.0996 5132 GEARAspiWDM - ok
09:38:48.0004 5132 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
09:38:48.0006 5132 GoToAssist - ok
09:38:48.0069 5132 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
09:38:48.0097 5132 gpsvc - ok
09:38:48.0198 5132 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:48.0200 5132 gupdate - ok
09:38:48.0223 5132 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:38:48.0225 5132 gupdatem - ok
09:38:48.0242 5132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:38:48.0247 5132 hcw85cir - ok
09:38:48.0284 5132 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:38:48.0294 5132 HDAudBus - ok
09:38:48.0329 5132 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:38:48.0333 5132 HECIx64 - ok
09:38:48.0347 5132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
09:38:48.0350 5132 HidBatt - ok
09:38:48.0370 5132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
09:38:48.0374 5132 HidBth - ok
09:38:48.0433 5132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
09:38:48.0437 5132 HidIr - ok
09:38:48.0459 5132 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
09:38:48.0463 5132 hidserv - ok
09:38:48.0489 5132 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
09:38:48.0492 5132 HidUsb - ok
09:38:48.0528 5132 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
09:38:48.0532 5132 hkmsvc - ok
09:38:48.0567 5132 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
09:38:48.0579 5132 HomeGroupListener - ok
09:38:48.0607 5132 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
09:38:48.0617 5132 HomeGroupProvider - ok
09:38:48.0649 5132 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
09:38:48.0653 5132 HpSAMD - ok
09:38:48.0711 5132 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
09:38:48.0733 5132 HTTP - ok
09:38:48.0756 5132 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
09:38:48.0757 5132 hwpolicy - ok
09:38:48.0800 5132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:38:48.0805 5132 i8042prt - ok
09:38:48.0894 5132 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
09:38:48.0927 5132 iaStorV - ok
09:38:49.0059 5132 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:38:49.0088 5132 idsvc - ok
09:38:49.0762 5132 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:38:49.0953 5132 igfx - ok
09:38:50.0064 5132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
09:38:50.0068 5132 iirsp - ok
09:38:50.0150 5132 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
09:38:50.0177 5132 IKEEXT - ok
09:38:50.0209 5132 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
09:38:50.0223 5132 Impcd - ok
09:38:50.0283 5132 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:38:50.0296 5132 IntcDAud - ok
09:38:50.0309 5132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
09:38:50.0312 5132 intelide - ok
09:38:50.0347 5132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:38:50.0351 5132 intelppm - ok
09:38:50.0473 5132 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
09:38:50.0474 5132 IntuitUpdateService - ok
09:38:50.0544 5132 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
09:38:50.0545 5132 IntuitUpdateServiceV4 - ok
09:38:50.0588 5132 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:38:50.0592 5132 IPBusEnum - ok
09:38:50.0614 5132 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:38:50.0618 5132 IpFilterDriver - ok
09:38:50.0664 5132 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
09:38:50.0714 5132 iphlpsvc - ok
09:38:50.0743 5132 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
09:38:50.0747 5132 IPMIDRV - ok
09:38:50.0771 5132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:38:50.0786 5132 IPNAT - ok
09:38:50.0919 5132 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
09:38:50.0946 5132 iPod Service - ok
09:38:50.0970 5132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:38:50.0974 5132 IRENUM - ok
09:38:50.0992 5132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
09:38:50.0995 5132 isapnp - ok
09:38:51.0041 5132 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
09:38:51.0055 5132 iScsiPrt - ok
09:38:51.0079 5132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:38:51.0083 5132 kbdclass - ok
09:38:51.0105 5132 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
09:38:51.0108 5132 kbdhid - ok
09:38:51.0150 5132 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:38:51.0152 5132 KeyIso - ok
09:38:51.0174 5132 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
09:38:51.0178 5132 KSecDD - ok
09:38:51.0196 5132 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
09:38:51.0211 5132 KSecPkg - ok
09:38:51.0242 5132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:38:51.0245 5132 ksthunk - ok
09:38:51.0289 5132 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:38:51.0306 5132 KtmRm - ok
09:38:51.0359 5132 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
09:38:51.0375 5132 LanmanServer - ok
09:38:51.0403 5132 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
09:38:51.0419 5132 LanmanWorkstation - ok
09:38:51.0459 5132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:38:51.0462 5132 lltdio - ok
09:38:51.0493 5132 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:38:51.0509 5132 lltdsvc - ok
09:38:51.0526 5132 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:38:51.0530 5132 lmhosts - ok
09:38:51.0574 5132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
09:38:51.0585 5132 LSI_FC - ok
09:38:51.0600 5132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
09:38:51.0612 5132 LSI_SAS - ok
09:38:51.0635 5132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:38:51.0639 5132 LSI_SAS2 - ok
09:38:51.0656 5132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:38:51.0660 5132 LSI_SCSI - ok
09:38:51.0710 5132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:38:51.0721 5132 luafv - ok
09:38:51.0800 5132 lxecCATSCustConnectService (1f02b554ddc4086d786537a3bf6488f1) C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
09:38:51.0811 5132 lxecCATSCustConnectService - ok
09:38:51.0817 5132 lxec_device - ok
09:38:51.0853 5132 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
09:38:51.0857 5132 Mcx2Svc - ok
09:38:51.0887 5132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
09:38:51.0891 5132 megasas - ok
09:38:51.0921 5132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
09:38:51.0934 5132 MegaSR - ok
09:38:51.0961 5132 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:38:51.0973 5132 MMCSS - ok
09:38:52.0008 5132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:38:52.0012 5132 Modem - ok
09:38:52.0038 5132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:38:52.0041 5132 monitor - ok
09:38:52.0056 5132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:38:52.0059 5132 mouclass - ok
09:38:52.0082 5132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:38:52.0085 5132 mouhid - ok
09:38:52.0120 5132 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
09:38:52.0123 5132 mountmgr - ok
09:38:52.0146 5132 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
09:38:52.0160 5132 mpio - ok
09:38:52.0183 5132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:38:52.0187 5132 mpsdrv - ok
09:38:52.0247 5132 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
09:38:52.0274 5132 MpsSvc - ok
09:38:52.0294 5132 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
09:38:52.0303 5132 MRxDAV - ok
09:38:52.0348 5132 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:38:52.0363 5132 mrxsmb - ok
09:38:52.0424 5132 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:38:52.0436 5132 mrxsmb10 - ok
09:38:52.0458 5132 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:38:52.0462 5132 mrxsmb20 - ok
09:38:52.0503 5132 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
09:38:52.0504 5132 msahci - ok
09:38:52.0524 5132 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
09:38:52.0534 5132 msdsm - ok
09:38:52.0556 5132 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:38:52.0563 5132 MSDTC - ok
09:38:52.0601 5132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:38:52.0604 5132 Msfs - ok
09:38:52.0630 5132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:38:52.0633 5132 mshidkmdf - ok
09:38:52.0657 5132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
09:38:52.0660 5132 msisadrv - ok
09:38:52.0689 5132 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:38:52.0703 5132 MSiSCSI - ok
09:38:52.0708 5132 msiserver - ok
09:38:52.0734 5132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:38:52.0737 5132 MSKSSRV - ok
09:38:52.0771 5132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:38:52.0774 5132 MSPCLOCK - ok
09:38:52.0793 5132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:38:52.0796 5132 MSPQM - ok
09:38:52.0826 5132 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
09:38:52.0846 5132 MsRPC - ok
09:38:52.0876 5132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
09:38:52.0887 5132 mssmbios - ok
09:38:52.0901 5132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:38:52.0904 5132 MSTEE - ok
09:38:52.0921 5132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
09:38:52.0924 5132 MTConfig - ok
09:38:52.0941 5132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:38:52.0946 5132 Mup - ok
09:38:52.0991 5132 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
09:38:53.0012 5132 napagent - ok
09:38:53.0052 5132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:38:53.0071 5132 NativeWifiP - ok
09:38:53.0152 5132 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
09:38:53.0210 5132 NDIS - ok
09:38:53.0259 5132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:38:53.0262 5132 NdisCap - ok
09:38:53.0286 5132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:38:53.0290 5132 NdisTapi - ok
09:38:53.0329 5132 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
09:38:53.0334 5132 Ndisuio - ok
09:38:53.0354 5132 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:38:53.0358 5132 NdisWan - ok
09:38:53.0409 5132 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
09:38:53.0414 5132 NDProxy - ok
09:38:53.0453 5132 NEOFLTR_650_15507 (1eea69952c10ff338e166a9aec834895) C:\Windows\system32\Drivers\NEOFLTR_650_15507.SYS
09:38:53.0458 5132 NEOFLTR_650_15507 - ok
09:38:53.0479 5132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:38:53.0483 5132 NetBIOS - ok
09:38:53.0513 5132 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
09:38:53.0525 5132 NetBT - ok
09:38:53.0582 5132 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:38:53.0584 5132 Netlogon - ok
09:38:53.0627 5132 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:38:53.0642 5132 Netman - ok
09:38:53.0677 5132 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:38:53.0694 5132 netprofm - ok
09:38:53.0775 5132 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:38:53.0779 5132 NetTcpPortSharing - ok
09:38:53.0806 5132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
09:38:53.0810 5132 nfrd960 - ok
09:38:53.0856 5132 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
09:38:53.0871 5132 NlaSvc - ok
09:38:53.0881 5132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:38:53.0891 5132 Npfs - ok
09:38:53.0921 5132 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:38:53.0925 5132 nsi - ok
09:38:53.0939 5132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:38:53.0942 5132 nsiproxy - ok
09:38:54.0091 5132 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
09:38:54.0132 5132 Ntfs - ok
09:38:54.0212 5132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:38:54.0215 5132 Null - ok
09:38:54.0259 5132 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
09:38:54.0274 5132 nvraid - ok
09:38:54.0332 5132 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
09:38:54.0347 5132 nvstor - ok
09:38:54.0371 5132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
09:38:54.0382 5132 nv_agp - ok
09:38:54.0472 5132 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\Windows\system32\DRIVERS\o2flash.exe
09:38:54.0475 5132 O2FLASH - ok
09:38:54.0506 5132 O2MDGRDR (a3c51527dfd788880c2ece6e9fb68355) C:\Windows\system32\DRIVERS\o2mdgx64.sys
09:38:54.0511 5132 O2MDGRDR - ok
09:38:54.0612 5132 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:38:54.0629 5132 odserv - ok
09:38:54.0655 5132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
09:38:54.0659 5132 ohci1394 - ok
09:38:54.0690 5132 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:38:54.0700 5132 ose - ok
09:38:54.0754 5132 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:38:54.0772 5132 p2pimsvc - ok
09:38:54.0823 5132 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:38:54.0844 5132 p2psvc - ok
09:38:54.0865 5132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
09:38:54.0875 5132 Parport - ok
09:38:54.0926 5132 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
09:38:54.0926 5132 partmgr - ok
09:38:54.0956 5132 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:38:54.0976 5132 PcaSvc - ok
09:38:55.0006 5132 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
09:38:55.0020 5132 pci - ok
09:38:55.0041 5132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
09:38:55.0044 5132 pciide - ok
09:38:55.0083 5132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
09:38:55.0097 5132 pcmcia - ok
09:38:55.0114 5132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:38:55.0117 5132 pcw - ok
09:38:55.0175 5132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:38:55.0197 5132 PEAUTH - ok
09:38:55.0278 5132 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:38:55.0282 5132 PerfHost - ok
09:38:55.0397 5132 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
09:38:55.0436 5132 pla - ok
09:38:55.0497 5132 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
09:38:55.0517 5132 PlugPlay - ok
09:38:55.0639 5132 PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
09:38:55.0658 5132 PMBDeviceInfoProvider - ok
09:38:55.0676 5132 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:38:55.0680 5132 PNRPAutoReg - ok
09:38:55.0713 5132 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:38:55.0720 5132 PNRPsvc - ok
09:38:55.0776 5132 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
09:38:55.0795 5132 PolicyAgent - ok
09:38:55.0840 5132 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:38:55.0855 5132 Power - ok
09:38:55.0912 5132 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
09:38:55.0917 5132 PptpMiniport - ok
09:38:55.0959 5132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
09:38:55.0962 5132 Processor - ok
09:38:55.0979 5132 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
09:38:55.0999 5132 ProfSvc - ok
09:38:56.0029 5132 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:38:56.0029 5132 ProtectedStorage - ok
09:38:56.0072 5132 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
09:38:56.0082 5132 Psched - ok
09:38:56.0128 5132 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
09:38:56.0132 5132 PxHlpa64 - ok
09:38:56.0262 5132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
09:38:56.0305 5132 ql2300 - ok
09:38:56.0402 5132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
09:38:56.0411 5132 ql40xx - ok
09:38:56.0453 5132 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:38:56.0471 5132 QWAVE - ok
09:38:56.0489 5132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:38:56.0493 5132 QWAVEdrv - ok
09:38:56.0511 5132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:38:56.0514 5132 RasAcd - ok
09:38:56.0547 5132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:38:56.0551 5132 RasAgileVpn - ok
09:38:56.0569 5132 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:38:56.0580 5132 RasAuto - ok
09:38:56.0597 5132 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:38:56.0607 5132 Rasl2tp - ok
09:38:56.0642 5132 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
09:38:56.0659 5132 RasMan - ok
09:38:56.0686 5132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:38:56.0690 5132 RasPppoe - ok
09:38:56.0711 5132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:38:56.0715 5132 RasSstp - ok
09:38:56.0749 5132 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
09:38:56.0766 5132 rdbss - ok
09:38:56.0785 5132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
09:38:56.0790 5132 rdpbus - ok
09:38:56.0808 5132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:38:56.0809 5132 RDPCDD - ok
09:38:56.0848 5132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:38:56.0849 5132 RDPENCDD - ok
09:38:56.0859 5132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:38:56.0861 5132 RDPREFMP - ok
09:38:56.0907 5132 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
09:38:56.0943 5132 RDPWD - ok
09:38:56.0979 5132 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
09:38:56.0993 5132 rdyboost - ok
09:38:57.0033 5132 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:38:57.0033 5132 RemoteAccess - ok
09:38:57.0053 5132 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:38:57.0073 5132 RemoteRegistry - ok
09:38:57.0100 5132 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:38:57.0105 5132 RpcEptMapper - ok
09:38:57.0128 5132 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:38:57.0132 5132 RpcLocator - ok
09:38:57.0182 5132 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
09:38:57.0190 5132 RpcSs - ok
09:38:57.0233 5132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:38:57.0237 5132 rspndr - ok
09:38:57.0273 5132 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:38:57.0287 5132 RTL8167 - ok
09:38:57.0321 5132 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:38:57.0323 5132 SamSs - ok
09:38:57.0361 5132 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
09:38:57.0372 5132 sbp2port - ok
09:38:57.0401 5132 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:38:57.0416 5132 SCardSvr - ok
09:38:57.0446 5132 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
09:38:57.0450 5132 scfilter - ok
09:38:57.0551 5132 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
09:38:57.0587 5132 Schedule - ok
09:38:57.0614 5132 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
09:38:57.0616 5132 SCPolicySvc - ok
09:38:57.0646 5132 sdbus (4e54822ed2350eb1f31f95f0fd674ef3) C:\Windows\system32\DRIVERS\sdbus.sys
09:38:57.0657 5132 sdbus - ok
09:38:57.0682 5132 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
09:38:57.0697 5132 SDRSVC - ok
09:38:57.0720 5132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:38:57.0724 5132 secdrv - ok
09:38:57.0740 5132 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
09:38:57.0744 5132 seclogon - ok
09:38:57.0764 5132 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
09:38:57.0769 5132 SENS - ok
09:38:57.0786 5132 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:38:57.0790 5132 SensrSvc - ok
09:38:57.0802 5132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
09:38:57.0805 5132 Serenum - ok
09:38:57.0824 5132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
09:38:57.0828 5132 Serial - ok
09:38:57.0858 5132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
09:38:57.0861 5132 sermouse - ok
09:38:57.0890 5132 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
09:38:57.0902 5132 SessionEnv - ok
09:38:57.0920 5132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
09:38:57.0923 5132 sffdisk - ok
09:38:57.0941 5132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
09:38:57.0944 5132 sffp_mmc - ok
09:38:57.0973 5132 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
09:38:57.0976 5132 sffp_sd - ok
09:38:57.0982 5132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
09:38:57.0984 5132 sfloppy - ok
09:38:58.0091 5132 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
09:38:58.0121 5132 SftService - ok
09:38:58.0176 5132 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:38:58.0192 5132 SharedAccess - ok
09:38:58.0225 5132 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
09:38:58.0242 5132 ShellHWDetection - ok
09:38:58.0294 5132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:38:58.0297 5132 SiSRaid2 - ok
09:38:58.0311 5132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
09:38:58.0315 5132 SiSRaid4 - ok
09:38:58.0370 5132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:38:58.0378 5132 Smb - ok
09:38:58.0410 5132 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:38:58.0413 5132 SNMPTRAP - ok
09:38:58.0445 5132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:38:58.0448 5132 spldr - ok
09:38:58.0507 5132 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
09:38:58.0556 5132 Spooler - ok
09:38:58.0785 5132 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
09:38:58.0845 5132 sppsvc - ok
09:38:58.0915 5132 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:38:58.0921 5132 sppuinotify - ok
09:38:59.0007 5132 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
09:38:59.0025 5132 srv - ok
09:38:59.0067 5132 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
09:38:59.0087 5132 srv2 - ok
09:38:59.0117 5132 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
09:38:59.0130 5132 srvnet - ok
09:38:59.0170 5132 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:38:59.0180 5132 SSDPSRV - ok
09:38:59.0227 5132 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:38:59.0232 5132 SstpSvc - ok
09:38:59.0339 5132 STacSV (7aa12db4bb2cb414c3525e1c02da911f) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d29e7c5b1ea33de7\STacSV64.exe
09:38:59.0351 5132 STacSV - ok
09:38:59.0383 5132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
09:38:59.0386 5132 stexstor - ok
09:38:59.0450 5132 STHDA (2d7c3ca0fdb0f438671c89fa1804674f) C:\Windows\system32\DRIVERS\stwrt64.sys
09:38:59.0467 5132 STHDA - ok
09:38:59.0524 5132 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
09:38:59.0546 5132 stisvc - ok
09:38:59.0562 5132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
09:38:59.0565 5132 swenum - ok
09:38:59.0610 5132 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:38:59.0629 5132 swprv - ok
09:38:59.0674 5132 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
09:38:59.0690 5132 SynTP - ok
09:38:59.0816 5132 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
09:38:59.0868 5132 SysMain - ok
09:38:59.0958 5132 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
09:38:59.0970 5132 TabletInputService - ok
09:39:00.0011 5132 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
09:39:00.0029 5132 TapiSrv - ok
09:39:00.0045 5132 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:39:00.0051 5132 TBS - ok
09:39:00.0210 5132 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
09:39:00.0250 5132 Tcpip - ok
09:39:00.0454 5132 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
09:39:00.0477 5132 TCPIP6 - ok
09:39:00.0572 5132 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
09:39:00.0575 5132 tcpipreg - ok
09:39:00.0609 5132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:39:00.0612 5132 TDPIPE - ok
09:39:00.0653 5132 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
09:39:00.0669 5132 TDTCP - ok
09:39:00.0702 5132 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
09:39:00.0714 5132 tdx - ok
09:39:00.0743 5132 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
09:39:00.0748 5132 TermDD - ok
09:39:00.0815 5132 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
09:39:00.0840 5132 TermService - ok
09:39:00.0862 5132 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:39:00.0867 5132 Themes - ok
09:39:00.0896 5132 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:39:00.0900 5132 THREADORDER - ok
09:39:00.0922 5132 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:39:00.0938 5132 TrkWks - ok
09:39:01.0015 5132 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
09:39:01.0027 5132 TrustedInstaller - ok
09:39:01.0046 5132 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:39:01.0052 5132 tssecsrv - ok
09:39:01.0089 5132 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
09:39:01.0100 5132 tunnel - ok
09:39:01.0116 5132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
09:39:01.0120 5132 uagp35 - ok
09:39:01.0166 5132 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
09:39:01.0183 5132 udfs - ok
09:39:01.0215 5132 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:39:01.0220 5132 UI0Detect - ok
09:39:01.0243 5132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
09:39:01.0247 5132 uliagpkx - ok
09:39:01.0275 5132 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
09:39:01.0285 5132 umbus - ok
09:39:01.0311 5132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
09:39:01.0314 5132 UmPass - ok
09:39:01.0349 5132 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:39:01.0368 5132 upnphost - ok
09:39:01.0429 5132 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
09:39:01.0446 5132 USBAAPL64 - ok
09:39:01.0475 5132 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
09:39:01.0487 5132 usbccgp - ok
09:39:01.0518 5132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
09:39:01.0530 5132 usbcir - ok
09:39:01.0547 5132 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
09:39:01.0551 5132 usbehci - ok
09:39:01.0586 5132 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
09:39:01.0605 5132 usbhub - ok
09:39:01.0621 5132 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
09:39:01.0624 5132 usbohci - ok
09:39:01.0637 5132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:39:01.0641 5132 usbprint - ok
09:39:01.0663 5132 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:39:01.0666 5132 usbscan - ok
09:39:01.0705 5132 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:39:01.0710 5132 USBSTOR - ok
09:39:01.0726 5132 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
09:39:01.0729 5132 usbuhci - ok
09:39:01.0776 5132 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
09:39:01.0790 5132 usbvideo - ok
09:39:01.0825 5132 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:39:01.0831 5132 UxSms - ok
09:39:01.0855 5132 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
09:39:01.0857 5132 VaultSvc - ok
09:39:01.0883 5132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
09:39:01.0887 5132 vdrvroot - ok
09:39:01.0931 5132 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
09:39:01.0953 5132 vds - ok
09:39:01.0967 5132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:39:01.0971 5132 vga - ok
09:39:01.0993 5132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:39:01.0996 5132 VgaSave - ok
09:39:02.0028 5132 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
09:39:02.0044 5132 vhdmp - ok
09:39:02.0064 5132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
09:39:02.0067 5132 viaide - ok
09:39:02.0083 5132 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
09:39:02.0093 5132 volmgr - ok
09:39:02.0130 5132 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
09:39:02.0145 5132 volmgrx - ok
09:39:02.0195 5132 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
09:39:02.0211 5132 volsnap - ok
09:39:02.0246 5132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
09:39:02.0261 5132 vsmraid - ok
09:39:02.0385 5132 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
09:39:02.0449 5132 VSS - ok
09:39:02.0632 5132 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
09:39:02.0644 5132 vToolbarUpdater10.2.0 - ok
09:39:02.0779 5132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:39:02.0782 5132 vwifibus - ok
09:39:02.0797 5132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:39:02.0803 5132 vwififlt - ok
09:39:02.0838 5132 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:39:02.0841 5132 vwifimp - ok
09:39:02.0896 5132 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:39:02.0919 5132 W32Time - ok
09:39:02.0942 5132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
09:39:02.0946 5132 WacomPen - ok
09:39:02.0976 5132 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:39:02.0980 5132 WANARP - ok
09:39:02.0996 5132 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
09:39:02.0998 5132 Wanarpv6 - ok
09:39:03.0115 5132 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:39:03.0171 5132 WatAdminSvc - ok
09:39:03.0291 5132 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
09:39:03.0339 5132 wbengine - ok
09:39:03.0444 5132 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:39:03.0459 5132 WbioSrvc - ok
09:39:03.0513 5132 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
09:39:03.0531 5132 wcncsvc - ok
09:39:03.0545 5132 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:39:03.0550 5132 WcsPlugInService - ok
09:39:03.0590 5132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
09:39:03.0593 5132 Wd - ok
09:39:03.0618 5132 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
09:39:03.0621 5132 WDC_SAM - ok
09:39:03.0694 5132 WDDMService (334e5ed94d3faff3c44f4d36b1fe1c90) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
09:39:03.0698 5132 WDDMService - ok
09:39:03.0752 5132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:39:03.0774 5132 Wdf01000 - ok
09:39:03.0812 5132 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:39:03.0824 5132 WdiServiceHost - ok
09:39:03.0833 5132 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:39:03.0838 5132 WdiSystemHost - ok
09:39:03.0877 5132 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
09:39:03.0882 5132 WDSmartWareBackgroundService - ok
09:39:03.0936 5132 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
09:39:03.0953 5132 WebClient - ok
09:39:03.0978 5132 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:39:03.0992 5132 Wecsvc - ok
09:39:04.0025 5132 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:39:04.0030 5132 wercplsupport - ok
09:39:04.0061 5132 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:39:04.0066 5132 WerSvc - ok
09:39:04.0121 5132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:39:04.0124 5132 WfpLwf - ok
09:39:04.0176 5132 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
09:39:04.0190 5132 WimFltr - ok
09:39:04.0210 5132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:39:04.0214 5132 WIMMount - ok
09:39:04.0241 5132 WinDefend - ok
09:39:04.0253 5132 WinHttpAutoProxySvc - ok
09:39:04.0317 5132 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:39:04.0330 5132 Winmgmt - ok
09:39:04.0478 5132 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
09:39:04.0551 5132 WinRM - ok
09:39:04.0704 5132 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
09:39:04.0709 5132 WinUsb - ok
09:39:04.0777 5132 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:39:04.0804 5132 Wlansvc - ok
09:39:04.0850 5132 wltrysvc (a96d6c0613dcf84f2d07faeb75663072) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
09:39:04.0852 5132 wltrysvc - ok
09:39:04.0877 5132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
09:39:04.0882 5132 WmiAcpi - ok
09:39:04.0952 5132 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:39:04.0968 5132 wmiApSrv - ok
09:39:05.0013 5132 WMPNetworkSvc - ok
09:39:05.0030 5132 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:39:05.0035 5132 WPCSvc - ok
09:39:05.0077 5132 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
09:39:05.0088 5132 WPDBusEnum - ok
09:39:05.0114 5132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:39:05.0117 5132 ws2ifsl - ok
09:39:05.0155 5132 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
09:39:05.0161 5132 wscsvc - ok
09:39:05.0199 5132 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
09:39:05.0203 5132 WSDPrintDevice - ok
09:39:05.0211 5132 WSearch - ok
09:39:05.0382 5132 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
09:39:05.0443 5132 wuauserv - ok
09:39:05.0557 5132 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
09:39:05.0569 5132 WudfPf - ok
09:39:05.0605 5132 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:39:05.0620 5132 WUDFRd - ok
09:39:05.0637 5132 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
09:39:05.0642 5132 wudfsvc - ok
09:39:05.0670 5132 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:39:05.0683 5132 WwanSvc - ok
09:39:05.0729 5132 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:39:06.0001 5132 \Device\Harddisk0\DR0 - ok
09:39:06.0006 5132 Boot (0x1200) (2e99b19df472993559266e317c26f17c) \Device\Harddisk0\DR0\Partition0
09:39:06.0009 5132 \Device\Harddisk0\DR0\Partition0 - ok
09:39:06.0023 5132 Boot (0x1200) (f61ee7a11be6849261ec63f519e2238d) \Device\Harddisk0\DR0\Partition1
09:39:06.0026 5132 \Device\Harddisk0\DR0\Partition1 - ok
09:39:06.0027 5132 ============================================================
09:39:06.0027 5132 Scan finished
09:39:06.0027 5132 ============================================================
09:39:06.0045 4816 Detected object count: 0
09:39:06.0046 4816 Actual detected object count: 0

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\ProgramData\sDO4peyxSUZ9aO

:otl
O4 - Startup: C:\Users\Nisha Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Are you still experiencing symptoms of being infected, like for example, being redirected to unsolicited web pages when you click a link?

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
I think that fixed it all!! Thanks for your help!!!

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
There is no fix when I click on it.

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
pjackson7 wrote:
There is no fix when I click on it.


eeehhhhmmm. I'm not sure what you are saying here?

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Sorry about the second message, don't quite know how I pasted that there. Anyway the problem seems to be fixed. Here's the log:
========== FILES ==========
C:\ProgramData\sDO4peyxSUZ9aO moved successfully.
========== OTL ==========
C:\Users\Nisha Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

OTL by OldTimer - Version 3.2.42.1 log created on 06192012_092917

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
So you are not experiencing any problems at the moment?

If that is so, we can proceed to cleanup Smile...

descriptionRe: Search engine redirect/admin privledges hijacked

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum