.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_21
Run by Andrew at 14:53:55 on 2011-10-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3999.2764 [GMT -5:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Internet Security *Disabled/Outdated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Users\Andrew\AppData\Roaming\6168E\24714.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\LP\1476\004.exe
C:\Program Files (x86)\8EC9E\lvvm.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
hxxp://www.globasearch.com/uDefault_Page_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbuWindow Title = Microsoft Internet Explorer provided by CenturyLink
mDefault_Page_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbmStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbuInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:58889
mURLSearchHooks: FroggyBoss Class: {539f76fd-084e-4858-86d5-62f02f54ae86} - C:\Program Files (x86)\Minibar\Froggy.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=explorer.exe,C:\Users\Andrew\AppData\Roaming\6168E\24714.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MinibarBHO: {aa74d58f-acd0-450d-a85e-6c04b171c044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: C:\Windows\SysWow64\m45xwacq.dll: {d3a152c1-a201-90bd-b821-04b53a2c8952} - C:\Windows\SysWow64\m45xwacq.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Alive Text to Speech: {954f618b-0dec-4d1a-9317-e0fc96f87865} - C:\PROGRA~2\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [pipolka] C:\Program Files (x86)\NetNucleous\ActiveCollector\ACRecover.exe
uRun: [ActiveCollector] C:\Program Files\NetNucleous\ActiveCollector\ActiveCollector.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [cftmon] C:\Windows\system32\wrjy.exe
mRun: [Windows Auto Config] C:\Windows\TEMP\winsett.exe
mRun: [MqmPea] C:\Windows\TEMP\r5pcin.exe
mRun: [004.exe] C:\Program Files (x86)\LP\1476\004.exe
dRun: [BFwoCYFrNlwR.exe] C:\ProgramData\BFwoCYFrNlwR.exe
dRun: [4Y3Y0C3AVF7W0HWDXLKID] C:\Recycle.Bin\B6232F3AEAC.exe /q
dRun: [Windows Auto Config] C:\Windows\TEMP\winsett.exe
dRun: [MqmPea] C:\Windows\TEMP\r5pcin.exe
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CLEANA~1.LNK - C:\Program Files (x86)\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: WallpaperStyle = 2
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\MinibarButton.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611}\14E646275677 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611}\249727E65637 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611}\25F6E637 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611}\348647271323237316 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611}\430383E413134786 : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{ACE8A8EE-C406-4A53-A6B9-76296EF7B611}\E45445745414257373 : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: MinibarBHO: {AA74D58F-ACD0-450D-A85E-6C04B171C044} - C:\Program Files (x86)\Minibar\Kango.dll
BHO-X64: Minibar BHO - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: C:\Windows\SysWow64\m45xwacq.dll: {D3A152C1-A201-90BD-B821-04B53A2C8952} - C:\Windows\SysWow64\m45xwacq.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Alive Text to Speech: {954F618B-0DEC-4D1A-9317-E0FC96F87865} - C:\PROGRA~2\ALIVEM~1\TEXTTO~1\IETOOL~1.DLL
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [cftmon] C:\Windows\system32\wrjy.exe
mRun-x64: [Windows Auto Config] C:\Windows\TEMP\winsett.exe
mRun-x64: [MqmPea] C:\Windows\TEMP\r5pcin.exe
mRun-x64: [004.exe] C:\Program Files (x86)\LP\1476\004.exe
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\kwjxkuqu.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.globasearch.com/FF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?pc=Z206&form ... 0110926&q=FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 58889
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?]
R0 tclondrv;tclondrv;C:\Windows\system32\DRIVERS\tclondrv.sys --> C:\Windows\system32\DRIVERS\tclondrv.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-9-25 89600]
S2 AVP;Kaspersky Internet Security;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe [2009-10-20 340520]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-18 136176]
S2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2009-11-21 2560]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-18 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);C:\Windows\system32\drivers\lmvac.sys --> C:\Windows\system32\drivers\lmvac.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw1v64.sys --> C:\Windows\system32\DRIVERS\NETw1v64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TunRAudio;TunRAudio;C:\Windows\system32\drivers\TunRAudio.sys --> C:\Windows\system32\drivers\TunRAudio.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
SUnknown aswFsBlk;aswFsBlk; [x]
SUnknown aswSnx;aswSnx; [x]
SUnknown aswSP;aswSP; [x]
.
=============== Created Last 30 ================
.
2011-10-20 14:55:08 -------- d-----w- C:\Program Files (x86)\LP
2011-10-20 14:32:43 176128 ----a-w- C:\Users\Andrew\AppData\Roaming\firefox.exe
2011-10-20 14:24:37 -------- d-----w- C:\Users\Andrew\AppData\Roaming\8EC9E
2011-10-20 14:24:19 -------- d-----w- C:\Users\Andrew\AppData\Local\{F6913D69-4D18-4B49-B1DC-ABCF755F76BD}
2011-10-20 14:23:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{F3E96FDD-5ACE-4D0C-BDDC-460C724CDE1F}
2011-10-20 14:23:07 -------- d-----w- C:\Users\Andrew\AppData\Roaming\6168E
2011-10-19 01:50:13 0 ---ha-w- C:\Users\Andrew\AppData\Local\BITEF3E.tmp
2011-10-19 01:41:20 0 ---ha-w- C:\Users\Andrew\AppData\Local\BITE58D.tmp
2011-10-18 15:01:59 796160 ----a-w- C:\Windows\SysWow64\wobabtxf.dll
2011-10-18 14:50:55 103936 ----a-w- C:\Program Files (x86)\Internet Explorer\1476\E3BA.tmp
2011-10-18 14:50:25 -------- d-----w- C:\Program Files (x86)\8EC9E
2011-10-18 14:50:13 100000 ---h--w- C:\Windows\SysWow64\winsett.exe
2011-10-18 14:50:12 50000 ----a-w- C:\Windows\SysWow64\m45xwacq.dll
2011-10-18 14:50:11 -------- d-----w- C:\ProgramData\WSTB
2011-10-18 14:49:56 176128 ----a-w- C:\Program Files (x86)\Internet Explorer\1476\004.exe
2011-10-18 13:37:41 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{05F20979-952E-47D3-AD87-AFA0B82CD7D8}\mpengine.dll
2011-10-18 13:22:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{28795538-8359-4425-9C20-1609D28FE7F0}
2011-10-17 20:19:12 -------- d-----w- C:\ProgramData\Recovery
2011-10-17 17:29:25 -------- d-----w- C:\Users\Andrew\AppData\Local\{1D1F166D-B361-4669-9BA7-2B53B6BF1B41}
2011-10-16 17:13:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{C31AD6F2-8F1D-41D4-8E6A-A525432BAFB5}
2011-10-16 17:11:47 -------- d-----w- C:\Users\Andrew\AppData\Local\{BB47B9D5-AEC0-4C7D-B7D9-4497E7B7EAC9}
2011-10-16 16:32:28 0 ----a-w- C:\Users\Andrew\AppData\Local\BIT7DB9.tmp
2011-10-16 16:21:51 -------- d-----w- C:\Users\Andrew\AppData\Local\{C7FDD381-F893-4B5A-BDFE-52ABD72000E6}
2011-10-16 15:59:58 -------- d-----w- C:\Users\Andrew\AppData\Local\{CFA8AD04-25BF-498D-810D-AA037FA4586B}
2011-10-05 14:34:21 -------- d-----w- C:\Users\Andrew\AppData\Local\{887DD179-E441-4E42-BCA3-63F9A7024E8D}
2011-10-04 00:59:24 -------- d-----w- C:\Users\Andrew\AppData\Local\{DD14CD22-58E7-4F75-A888-52EA6F2376A6}
2011-10-04 00:59:13 -------- d-----w- C:\Users\Andrew\AppData\Local\{137D2759-F865-4102-92C4-882A94F5D8F2}
2011-09-29 20:58:01 -------- d-----w- C:\Users\Andrew\AppData\Local\{3D88CAB0-CD53-4F44-8E8D-879094EBA533}
2011-09-29 20:12:46 -------- d-----w- C:\Users\Andrew\AppData\Local\{F02B9432-4442-49FF-BAD8-AE6D22DC289B}
2011-09-29 14:34:47 -------- d-----w- C:\Users\Andrew\AppData\Local\{5F2B037F-9422-4CA5-B25C-E1FD88A02A8E}
2011-09-29 05:28:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{669F261D-AC4D-45FC-AFBD-437FFBA622C2}
2011-09-29 04:44:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{688A4FB4-104A-418B-A9F5-205FC60D2E14}
2011-09-28 16:18:37 -------- d-----w- C:\Users\Andrew\AppData\Local\{A3D27AA0-08BE-44CB-97C4-468DEDC3A0ED}
2011-09-28 16:18:18 -------- d-----w- C:\Users\Andrew\AppData\Local\{52EA8CFE-C13A-4058-AC3D-DE262EB899E6}
2011-09-27 08:29:19 -------- d-----w- C:\Users\Andrew\AppData\Local\{68EAD59D-C558-401F-891D-56CE2C490BF8}
2011-09-27 07:45:48 -------- d-----w- C:\Users\Andrew\AppData\Local\{732C5CD4-4F6D-484C-97EE-BB3CFE728CCC}
2011-09-26 14:41:07 -------- d-----w- C:\Windows\System32\EventProviders
2011-09-26 14:40:56 -------- d-----w- C:\689989a045105e0804
2011-09-26 14:22:42 -------- d-----w- C:\Users\Andrew\AppData\Local\{5AF70C19-6C94-4942-BD82-C959EA5194EF}
2011-09-26 01:35:18 -------- d-----w- C:\Users\Andrew\AppData\Local\{2C524618-8F97-4E2B-8678-47A1F001ACC5}
2011-09-26 00:24:54 -------- d-----w- C:\ProgramData\AVAST Software
2011-09-26 00:24:54 -------- d-----w- C:\Program Files\AVAST Software
2011-09-25 06:48:30 -------- d-----w- C:\Users\Andrew\AppData\Local\{D992F63C-BE20-4512-8C95-BE6C47BDC90F}
2011-09-25 06:47:46 -------- d-----w- C:\Users\Andrew\AppData\Local\{C4A394BF-2203-4777-AA37-A6F71262C98B}
2011-09-24 00:27:59 -------- d-----w- C:\Users\Andrew\AppData\Local\{24E50ED1-8B86-414C-82D2-F1873B9F9602}
2011-09-24 00:27:32 -------- d-----w- C:\Users\Andrew\AppData\Local\{8A753C7E-E491-45C8-B9A6-113D62FC58F0}
2011-09-24 00:05:14 -------- d-----w- C:\Users\Andrew\AppData\Local\{ECCE55BD-54B4-456A-8912-81564270FA14}
2011-09-24 00:04:45 -------- d-----w- C:\Users\Andrew\AppData\Local\{A2E09DD7-D1F4-4D8C-BCAA-ABC26D5E4890}
2011-09-23 23:42:02 -------- d-----w- C:\Users\Andrew\AppData\Local\{B4CB7B60-77DE-4DFE-9F91-0742421D037E}
2011-09-23 23:41:25 -------- d-----w- C:\Users\Andrew\AppData\Local\{EEB4FD5F-D120-4F4F-81CF-B0956BD62307}
2011-09-23 23:20:10 -------- d-----w- C:\Users\Andrew\AppData\Local\{01747D93-709D-438F-AAD3-B454C1B04713}
2011-09-23 23:19:22 -------- d-----w- C:\Users\Andrew\AppData\Local\{5E118304-24A1-445B-9F5F-6048BB3FFA20}
2011-09-23 22:51:39 -------- d-----w- C:\Users\Andrew\AppData\Local\{1CBE95B4-896D-4971-99E6-C8C47CC8B032}
2011-09-23 22:51:07 -------- d-----w- C:\Users\Andrew\AppData\Local\{9F8ED942-8A54-4718-A51C-54964C6B84AD}
2011-09-23 22:29:06 -------- d-----w- C:\Users\Andrew\AppData\Local\{A704FF55-E7B1-4C8E-91CB-451D77E6B5F9}
2011-09-23 22:28:48 -------- d-----w- C:\Users\Andrew\AppData\Local\{2AA2D945-3BF4-4C12-9B25-8BED50B0FDC4}
2011-09-23 22:06:32 -------- d-----w- C:\Users\Andrew\AppData\Local\{4BA64D68-BEA5-4F4C-AF1A-8DEF0C2B67DC}
2011-09-23 22:06:13 -------- d-----w- C:\Users\Andrew\AppData\Local\{CA369F55-E0E2-4F2B-B40E-F3662B0D146E}
2011-09-23 21:44:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{2E92AFCD-A771-4217-AE7B-92512F3938FF}
2011-09-23 21:43:50 -------- d-----w- C:\Users\Andrew\AppData\Local\{ED778039-DF5B-44B4-A2DC-48E41BFE3A23}
2011-09-23 21:35:55 -------- d-----w- C:\Program Files (x86)\Minibar
2011-09-23 21:35:40 -------- d-----w- C:\ProgramData\Babylon
2011-09-23 20:49:10 504320 ----a-w- C:\ProgramData\BFwoCYFrNlwR.exe
2011-09-23 20:39:00 -------- d-----w- C:\Users\Andrew\AppData\Local\{6E7868C0-D206-4685-9FB2-9892A31DB40E}
2011-09-23 20:38:46 -------- d-----w- C:\Users\Andrew\AppData\Local\{76A0EB9D-4086-4313-88DC-D640753758A7}
2011-09-23 20:30:23 -------- d-----we C:\Windows\system64
2011-09-21 07:05:36 -------- d-----w- C:\Users\Andrew\AppData\Local\{8CAF09EC-052B-49D9-853F-3E4D7A0E7F7E}
2011-09-21 07:04:15 -------- d-----w- C:\Users\Andrew\AppData\Local\{C0D1B88C-F880-4351-814C-9741B302EA03}
.
==================== Find3M ====================
.
2011-10-20 14:23:17 1225 --sha-w- C:\Windows\SysWow64\mmf.sys
2011-08-08 20:55:39 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-08 20:01:11 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:54:30.35 ===============