Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected malware disables Windows Security & site redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected malware disables Windows Security & site redirects

Unread postby ssantola » May 10th, 2012, 5:44 am

Hello,

A few days ago my Windows Security Center Service flag came up with a red X and when I open the Operative Center to activate it, I get an error message saying it can't be started. Furthermore, when I click on a link (after googling something) I get redirected to a wrong site, usually an ad site but also other types. I found this happens the first time but if I go back and reclick on the link, I eventually get to the site I wanted in the first place.

I tried running TrendMicro HiJack This but the cursor flickers and I get another error message stating the Host scripting has been blocked. Then, however, it goes on to complete the scan but I don't know what to do next. Anyway, I'm copying my two logs here below.

Thanks in advance for your help!
Sheila

Contents of DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Sheila at 11:19:52 on 2012-05-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.1911.862 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\dell\DBRM\Reminder\DbrmTrayicon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
C:\Windows\system32\conhost.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Sheila\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\client server security agent\bho\1009\TmIEPlg.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Google Update] "c:\users\sheila\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometer\FF_Protection.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [DBRMTray] c:\dell\dbrm\reminder\DbrmTrayIcon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [c:\program files\free video zilla\FVZilla.exe]
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRunOnce: [DBRMTray] c:\dell\dbrm\reminder\TrayApp.exe
StartupFolder: c:\users\sheila\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/ ... emLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4FF36590-FACB-4DD2-AC80-5B7827175BE3} : DhcpNameServer = 192.168.1.1 8.8.8.8
TCP: Interfaces\{C91CA12B-6D6E-4458-9624-76BBD466BEE2} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C91CA12B-6D6E-4458-9624-76BBD466BEE2}\34F6E616769647F5F43707964796 : DhcpNameServer = 192.1.2.1 192.1.2.2 192.1.2.14
TCP: Interfaces\{C91CA12B-6D6E-4458-9624-76BBD466BEE2}\94D45445 : DhcpNameServer = 192.168.10.1 192.168.10.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdflt.sys [2010-10-12 16176]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe [2010-8-28 81920]
R2 AntiVirScheduler;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-31 66616]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometer\InstallFilterService.exe [2010-10-12 60928]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2010-8-28 41648]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-10 29472]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-10-12 143968]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-8-28 132480]
R3 IntcDAud;Audio schermo Intel(R);c:\windows\system32\drivers\IntcDAud.sys [2010-8-28 232960]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-8-28 277536]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-10-12 134144]
S3 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-29 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\drivers\Ondausbmdm6k.sys [2011-12-5 105088]
S3 ONDAusbnet;ONDA USB-NDIS miniport;c:\windows\system32\drivers\ONDAusbnet.sys [2011-12-5 114688]
S3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\drivers\Ondausbnmea.sys [2011-12-5 105088]
S3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\drivers\Ondausbser6k.sys [2011-12-5 105088]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-8-28 171520]
.
=============== Created Last 30 ================
.
2012-05-10 07:02:04 86056 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-05-10 07:02:04 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-05-10 07:02:04 18472 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-05-10 07:02:04 108072 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-05-10 06:31:21 388096 ----a-r- c:\users\sheila\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-10 06:31:21 -------- d-----w- c:\program files\Trend Micro
2012-05-08 06:55:34 0 ----a-w- c:\windows\system32\shoA5E.tmp
2012-05-08 05:03:17 141312 --sha-r- c:\windows\system32\cmifwm.dll
2012-05-06 10:03:26 -------- d-----w- c:\users\sheila\appdata\local\HTC
2012-05-06 10:03:25 -------- d-----w- c:\users\sheila\appdata\roaming\Teleca
2012-05-06 10:02:56 -------- d-----w- c:\programdata\HTC
2012-05-06 10:02:55 -------- d-----w- c:\programdata\Teleca
2012-05-06 10:02:55 -------- d-----w- c:\program files\common files\Teleca Shared
2012-05-06 10:02:19 -------- d-----w- c:\program files\Spirent Communications
2012-05-06 10:02:11 -------- d-----w- c:\program files\HTC
2012-05-05 02:34:05 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c06a746d-1908-4d11-9d8f-c744c5b7b682}\mpengine.dll
2012-04-29 07:46:03 -------- d-----w- c:\users\sheila\appdata\roaming\KodakCredentialStore
2012-04-28 15:32:34 -------- d-----w- c:\users\sheila\appdata\local\KodakGallery
2012-04-28 15:31:49 -------- d-----w- c:\users\sheila\appdata\roaming\Skinux
2012-04-28 15:31:41 -------- d-----w- c:\users\sheila\appdata\local\Programs
2012-04-28 15:31:08 -------- d-----w- c:\users\sheila\appdata\local\ArcSoft
2012-04-28 15:30:58 -------- d-----w- c:\programdata\ArcSoft
2012-04-28 15:29:30 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-04-28 15:29:30 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-04-28 15:29:30 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2012-04-28 15:29:30 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-04-28 15:29:29 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-04-28 15:28:07 -------- d-----w- c:\program files\common files\Kodak
2012-04-28 15:27:43 -------- d-----w- c:\program files\common files\MSSoap
2012-04-28 15:27:42 -------- d-----w- c:\program files\Kodak
2012-04-28 15:18:16 -------- d-----w- c:\programdata\Kodak
2012-04-18 11:54:27 0 ----a-w- c:\windows\system32\sho5279.tmp
2012-04-12 07:13:10 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:13:10 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:13:10 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:13:10 158720 ----a-w- c:\windows\system32\imagehlp.dll
.
==================== Find3M ====================
.
2012-05-05 10:00:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 10:00:07 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-05 13:06:00 0 ----a-w- c:\windows\system32\sho3672.tmp
2012-04-02 04:46:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 02:43:16 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 10:29:05 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-20 09:58:42 0 ----a-w- c:\windows\system32\sho545A.tmp
2012-03-17 23:13:13 0 ----a-w- c:\windows\system32\shoAAB2.tmp
2012-03-17 07:20:17 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-14 13:09:39 0 ----a-w- c:\windows\system32\shoF539.tmp
2012-03-11 07:46:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-03 05:40:21 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-28 05:40:21 981504 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38:16 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-28 04:31:46 386048 ----a-w- c:\windows\system32\html.iec
2012-02-28 03:57:55 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-20 11:47:40 0 ----a-w- c:\windows\system32\shoD0BC.tmp
2012-02-19 04:11:22 0 ----a-w- c:\windows\system32\shoEF4E.tmp
2012-02-15 10:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 05:44:57 826368 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 04:22:43 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:22:18 24064 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
============= FINISH: 11:21:28,25 ===============



Contents of Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 18/10/2010 23:06:58
System Uptime: 10/05/2012 09:05:45 (2 hours ago)
.
Motherboard: Dell Inc. | | 0G2R51
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | CPU 1 | 927/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 218,88 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Accelerometer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 - Italiano
Advanced Audio FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Audacity 1.3.13 (Unicode)
Avira AntiVir Personal - Free Antivirus
BitZipper 2010
Bonjour
CCScore
Chiavetta Internet MT191UP
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 9.5
D3DX10
Dell Backup and Recovery Manager
Dell Edoc Viewer
Dell Photo AIO Printer 944
Dell Touchpad
Dell Webcam Central
DivX Setup
DW WLAN Card Utility
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
fflink
Freecorder
Freecorder Toolbar
Google Chrome
HiDownloadPlatinum
HiJackThis
HTC Driver Installer
HTC Sync
In Company Second Edition Elementary CD-ROM
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
iTunes
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
LAME v3.98.3 for Audacity
Live! Cam Avatar Creator
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse Mischief
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office a portata di clic 2010
Microsoft Office Access MUI (Italian) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help - Aggiornamento (KB963678)
Microsoft Office Excel MUI (Italian) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Italian) 2007
Microsoft Office InfoPath MUI (Italian) 2007
Microsoft Office OneNote MUI (Italian) 2007
Microsoft Office Outlook 2007 Help - Aggiornamento (KB963677)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Italian) 2007
Microsoft Office Powerpoint 2007 Help - Aggiornamento (KB963669)
Microsoft Office PowerPoint MUI (Italian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (Italian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Italian) 2007
Microsoft Office Shared MUI (Italian) 2007
Microsoft Office Word 2007 Help - Aggiornamento (KB963665)
Microsoft Office Word MUI (Italian) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
Octoshape add-in for Adobe Flash Player
OfotoXMI
OGA Notifier 2.0.0048.0
Poedit
PrimoPDF -- brought to you by Nitro PDF Software
QuickSet32
QuickTime
Raccolta foto di Windows Live
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Recuva
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SFR
SHASTA
skin0001
SKINXSDK
Skype Click to Call
Skype™ 5.8
Software Kodak EasyShare
staticcr
Uniblue RegistryBooster 2010
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Visual Studio Tools for the Office system 3.0 Runtime
VLC media player 1.1.11
VPRINTOL
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinRAR 4.01 (32-bit)
WIRELESS
.
==== End Of File ===========================
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am
Advertisement
Register to Remove

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 10th, 2012, 10:45 am

Hello ssantola,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 10th, 2012, 2:53 pm

Hello ssantola,

Thank you for your patience... :)

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...

Step 0.
Create System Restore Point
  1. Right-click on Computer ... select Properties.
  2. In the left pane under Tasks ... click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.


Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Ask Toolbar
    Searchqu Toolbar
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
    [-HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar]
    "{99079a25-328f-4bd4-be04-00955acaa0a7}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
    "{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
    "{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
    "{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
    "{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
    "{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
    "{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{3B0118C8-8D12-46CD-A083-2116D587A11F}"=-
    "{C39DB3DF-7935-4821-9BD7-170D277DA935}"=-
    "{6B2163BE-A595-4E6E-AAF0-E22A29D38262}"=-
    "{A49227EB-05C7-449A-9BB6-18F653936F32}"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
    @="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
    @="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    @="ISearchQueryHelper"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32]
    @="{B056521A-9B10-425E-B616-1FCD828DB3B1}"
    
    :Files
    %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
    %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
    %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
    %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
    %LOCALAPPDATA%\Ilivid Player /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
    %TEMP%\BandooFiles
    %TEMP%\BandooV6.exe
    %TEMP%\SetupDataMngr_Searchqu.exe
    %TEMP%\SweetIMReinstall
    %TEMP%\SweetIMReinstall\SweetImSetup.exe
    %TEMP%\ilivid.7z
    %TEMP%\searchqu.ini
    %TEMP%\searchqutoolbar-manifest.xml
    %USERPROFILE%\AppData\LocalLow\searchquband
    %USERPROFILE%\AppData\LocalLow\searchqutoolbar
    %USERPROFILE%\Downloads\SweetImSetup.exe
    %USERPROFILE%\Downloads\iLividSetupV1.exe
    %USERPROFILE%\AppData\LocalLow\DataMngr
    %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml
    %USERPROFILE%\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml
    C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf
    C:\Program Files\Windows iLivid Toolbar
    C:\Program Files\iLivid
    C:\Windows\Prefetch\ILIVID*
    C:\Windows\Prefetch\SEARCHQUMEDIABAR*
    C:\Windows\Prefetch\SETUPDATAMNGR*
    C:\Program Files (x86)\iLivid
    C:\Program Files (x86)\Windows Savevid Toolbar
    C:\Program Files (x86)\Savevid
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right click on SystemLook.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 10th, 2012, 6:30 pm

Hi pgmigg,

First of all, thanks so much for replying to me so quickly!

Ok, I'm trying to follow the directions you sent me but I already ran into a snag: step 3 of the SRP process.

When I'm in the System Protection window, Create isn't enabled but Configure is. (BTW, I've got Windows 7, but you probably already knew that...) Next to the grayed-out Create button, it reads: "To create a system restore point, first enable the protection by choosing a unit then click on Configure". The window above shows me two items I can choose from under Protection Settings : RECOVERY and OS (C:) SYSTEM. I guess I should choose the 2nd one? And if I then press Configure will that enable the Create button??

I haven't done anything yet but when I clicked on Configure, it took me to a second window where I must choose between 1) Restore system settings and previous file versions, 2) Restore only previous file versions, 3) Deactivate system protection (this one is chosen by default). Again, I haven't done anything--instead I just cancelled out of all the windows.

Thanks,
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 11th, 2012, 12:33 am

Hello Sheila,
I haven't done anything yet but when I clicked on Configure, it took me to a second window where I must choose between 1) Restore system settings and previous file versions, 2) Restore only previous file versions, 3) Deactivate system protection (this one is chosen by default). Again, I haven't done anything--instead I just cancelled out of all the windows.
It is very well that you stopped and did not continue! :)
Looks like your System Protection functionality is Off.

Turn On System Protection & Create System Restore Point
  1. Right-click on Computer, select Properties.
  2. In the left pane click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. In the opened System Properties window, please select System Protection tab.
  4. Under label Protection Setting, below of Available Drives, please select System (C:) with protection status Off and click Configure button.
  5. Make enable Restore system settings and previous versions of file instead of previously selected Turn off system protection.
  6. Under label Disk Space Usage please set it to 5% by sliding marker to the right.
  7. Click Apply and then OK. Now you should see that protection status Off was changed to On for System (C:) drive. The gray button Create should change color to black.
  8. Click Create button.
  9. In the System Restore dialog box, type a description for the restore point, then click Create again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  10. Click OK, then close the System Restore dialog.
Unless you use some other method to create system restore points...
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

If you have successfully created a System Restore Point...we can proceed.
If you have NOT successfully created a System Restore Point...do not go any further!
Please post back so we can determine why it was unsuccessful.


Then please proceed with Steps 1, 2, and 3 from my previous post.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 14th, 2012, 8:04 am

Hi again ngpigg,

I was just wondering if you received my latest post ( May 11th) where I sent you the contents of the OTL log. If need be, I can run it again and resend it or can I go ahead with the remaining steps you outlined?

Thanks,
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 14th, 2012, 11:49 am

Hello Sheila,
I was just wondering if you received my latest post ( May 11th) where I sent you the contents of the OTL log. If need be, I can run it again and resend it or can I go ahead with the remaining steps you outlined?
I did not receive any logs from you yet excluding initial DDS logs. All posts from both sides are kept in this topic sequentially and it looks like you forget to place your logs - I cannot see them. :?

Please let me know could you make Restore Point or not, and then re-post you OTL and SystemLookup logs. Or you can rerun all Step (1, 2, and 3) from my post at May 10th - see HERE

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 14th, 2012, 4:53 pm

Hi ngpigg,

I guess you're right--I mustn't have copied the OTL result text over to you as I thought. Anyway, here is the text. I'll wait for you to get back to me before proceeding. Thx!

Text from OTL.txt:


All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Save video on Savevid.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ not found.
Registry key HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\WhiteSmoke\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFA942DEC3AFA384B94ECC932BD3DC5A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CFE82A48FED40644C984C808A1785C7F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFB5D9F3E46440D4A9C379467CEADEBB\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toobar not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E : value set successfully!
========== FILES ==========
File/Folder C:\Users\Sheila\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\Sheila\AppData\Local\Ilivid Player not found.
File/Folder C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Sheila\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\Sheila\AppData\LocalLow\searchquband not found.
File/Folder C:\Users\Sheila\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Users\Sheila\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Sheila\Downloads\iLividSetupV1.exe not found.
File/Folder C:\Users\Sheila\AppData\LocalLow\DataMngr not found.
File/Folder C:\Users\Sheila\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Sheila\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
File\Folder C:\Program Files (x86)\Windows Savevid Toolbar not found.
File\Folder C:\Program Files (x86)\Savevid not found.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Sheila\Desktop\cmd.bat deleted successfully.
C:\Users\Sheila\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sheila
->Temp folder emptied: 197851 bytes
->Temporary Internet Files folder emptied: 9510527 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 56985686 bytes
->Flash cache emptied: 9535 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4864 bytes
RecycleBin emptied: 221865625 bytes

Total Files Cleaned = 275,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05142012_224547

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 14th, 2012, 5:12 pm

Hello Sheila,

Thank you, but I am still waiting for SystemLookup log from that Step 3.
Please post it too. I need it to provide next set of instructions...

pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 15th, 2012, 1:28 am

Hi ngpigg,

Sorry, I wasn't sure if I could proceed to the SystemLookUp or if you needed to OK the OTL info first. Here are the results of the SystemLookUp:

SystemLook 30.07.11 by jpshortstuff
Log created at 07:22 on 15/05/2012 by Sheila
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Temp\searchqu.ini --a---- 427 bytes [19:52 23/12/2011] [19:52 23/12/2011] 4AC79A382697187BD78B150EEAA10D38
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:37 31/10/2011] [13:37 31/10/2011] 28A352E64F4374BBC6774AD3473A413C
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [19:52 23/12/2011] [19:52 23/12/2011] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Temp\ilivid.7z --a---- 901399 bytes [19:53 23/12/2011] [19:53 23/12/2011] B38425304D8D2AAA300A7ECC2F9741BC

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 3527048 bytes [19:52 23/12/2011] [19:52 23/12/2011] 3F3542ADB8EFD061DBB15CCEABDCE735

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Ilivid Player d------ [19:53 23/12/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
"@"="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE0FF727-8864-47F3-B931-C2402FA9BC53}]
"AppPath"="C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 15th, 2012, 12:59 pm

Hello ssantola,

Good! :) Let continue...

Step 1.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Right click on TDSSKiller.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 2.
Run aswMBR scanner
Please download aswMBR and save it to your Desktop.
  1. Right click on aswMBR.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  3. With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  4. After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  5. Click OK > Exit.
  6. Note: Do not attempt to fix anything at this stage!
  7. Two files will be created, aswMBR.txt & a file named MBR.dat.
  8. MBR.dat is a backup of the MBR(master boot record), do not delete it..
  9. I strongly suggest you keep a copy of this backup stored on an external device.
  10. Copy & Paste the contents of aswMBR.txt into your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of TDSSKiller report file.
  3. Contents of scan results from aswMBR.txt file.

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 12:19 am

Good morning pgmigg,
I completed both Steps 1 and 2. TDSSKiller found nothing, so there's no text to post. Here is the text from aswMBR:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-16 05:54:30
-----------------------------
05:54:30.284 OS Version: Windows 6.1.7600
05:54:30.284 Number of processors: 4 586 0x2505
05:54:30.285 ComputerName: SHEILA-PC UserName: Sheila
05:54:31.200 Initialize success
05:57:49.160 AVAST engine defs: 12051501
05:58:47.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:58:47.598 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 305245MB BusType: 3
05:58:47.621 Disk 0 MBR read successfully
05:58:47.624 Disk 0 MBR scan
05:58:47.639 Disk 0 Windows VISTA default MBR code
05:58:47.643 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
05:58:47.686 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
05:58:47.725 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
05:58:47.757 Disk 0 scanning sectors +625140400
05:58:47.852 Disk 0 scanning C:\Windows\system32\drivers
05:59:01.706 Service scanning
05:59:25.495 Modules scanning
05:59:33.877 Disk 0 trace - called modules:
05:59:33.907 ntkrnlpa.exe CLASSPNP.SYS disk.sys stdflt.sys ACPI.sys halmacpi.dll iaStor.sys
05:59:33.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8763a6e0]
05:59:33.919 3 CLASSPNP.SYS[88f9e59e] -> nt!IofCallDriver -> [0x87639108]
05:59:33.925 5 stdflt.sys[891d9274] -> nt!IofCallDriver -> [0x85aa9a80]
05:59:33.931 7 ACPI.sys[888a43b2] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85a62028]
05:59:34.371 AVAST engine scan C:\Windows
05:59:36.835 AVAST engine scan C:\Windows\system32
06:04:02.514 AVAST engine scan C:\Windows\system32\drivers
06:04:18.027 AVAST engine scan C:\Users\Sheila
06:09:54.638 AVAST engine scan C:\ProgramData
06:12:35.294 Scan finished successfully
06:14:20.671 Disk 0 MBR has been saved successfully to "C:\Users\Sheila\Desktop\MBR.dat"
06:14:20.680 The log file has been saved successfully to "C:\Users\Sheila\Desktop\aswMBR.txt"

Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 12:23 am

Hi again pgmigg,

Sorry, I was just re-reading your instructions and found that, in fact, there was text after running TDSSKiller. Here it is:


00:29:48.0461 7260 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
00:29:48.0732 7260 ============================================================
00:29:48.0732 7260 Current date / time: 2012/05/16 00:29:48.0732
00:29:48.0732 7260 SystemInfo:
00:29:48.0732 7260
00:29:48.0732 7260 OS Version: 6.1.7600 ServicePack: 0.0
00:29:48.0732 7260 Product type: Workstation
00:29:48.0732 7260 ComputerName: SHEILA-PC
00:29:48.0732 7260 UserName: Sheila
00:29:48.0732 7260 Windows directory: C:\Windows
00:29:48.0732 7260 System windows directory: C:\Windows
00:29:48.0732 7260 Processor architecture: Intel x86
00:29:48.0732 7260 Number of processors: 4
00:29:48.0732 7260 Page size: 0x1000
00:29:48.0732 7260 Boot type: Normal boot
00:29:48.0732 7260 ============================================================
00:29:49.0109 7260 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:29:49.0113 7260 ============================================================
00:29:49.0113 7260 \Device\Harddisk0\DR0:
00:29:49.0114 7260 MBR partitions:
00:29:49.0114 7260 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
00:29:49.0114 7260 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
00:29:49.0114 7260 ============================================================
00:29:49.0162 7260 C: <-> \Device\Harddisk0\DR0\Partition1
00:29:49.0162 7260 ============================================================
00:29:49.0162 7260 Initialize success
00:29:49.0162 7260 ============================================================
00:29:55.0670 6444 ============================================================
00:29:55.0670 6444 Scan started
00:29:55.0670 6444 Mode: Manual;
00:29:55.0670 6444 ============================================================
00:29:55.0929 6444 1394ohci (d01e0b1cef9ee82100c2bb07294880ef) C:\Windows\system32\DRIVERS\1394ohci.sys
00:29:55.0931 6444 1394ohci - ok
00:29:55.0972 6444 Acceler (3c189400c996a4301c3f1bd93c9c1a17) C:\Windows\system32\DRIVERS\Acceler.sys
00:29:55.0972 6444 Acceler - ok
00:29:56.0118 6444 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
00:29:56.0119 6444 ACDaemon - ok
00:29:56.0170 6444 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
00:29:56.0172 6444 ACPI - ok
00:29:56.0195 6444 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
00:29:56.0195 6444 AcpiPmi - ok
00:29:56.0273 6444 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:29:56.0277 6444 AdobeFlashPlayerUpdateSvc - ok
00:29:56.0329 6444 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
00:29:56.0334 6444 adp94xx - ok
00:29:56.0373 6444 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
00:29:56.0375 6444 adpahci - ok
00:29:56.0412 6444 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
00:29:56.0414 6444 adpu320 - ok
00:29:56.0443 6444 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
00:29:56.0444 6444 AeLookupSvc - ok
00:29:56.0517 6444 AESTFilters (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
00:29:56.0519 6444 AESTFilters - ok
00:29:56.0609 6444 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
00:29:56.0614 6444 AFD - ok
00:29:56.0649 6444 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
00:29:56.0650 6444 agp440 - ok
00:29:56.0707 6444 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
00:29:56.0708 6444 aic78xx - ok
00:29:56.0744 6444 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
00:29:56.0744 6444 ALG - ok
00:29:56.0779 6444 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
00:29:56.0779 6444 aliide - ok
00:29:56.0826 6444 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
00:29:56.0827 6444 amdagp - ok
00:29:56.0837 6444 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
00:29:56.0838 6444 amdide - ok
00:29:56.0932 6444 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
00:29:56.0934 6444 AmdK8 - ok
00:29:56.0941 6444 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
00:29:56.0943 6444 AmdPPM - ok
00:29:56.0985 6444 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
00:29:56.0987 6444 amdsata - ok
00:29:57.0007 6444 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
00:29:57.0009 6444 amdsbs - ok
00:29:57.0024 6444 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
00:29:57.0025 6444 amdxata - ok
00:29:57.0138 6444 AntiVirScheduler (349a0e0039141c9b32e1f6bea860560f) C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:29:57.0139 6444 AntiVirScheduler - ok
00:29:57.0170 6444 AntiVirService (445c1a3f7a5a8d0454c8944115e69f18) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:29:57.0172 6444 AntiVirService - ok
00:29:57.0209 6444 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
00:29:57.0211 6444 AppID - ok
00:29:57.0269 6444 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
00:29:57.0270 6444 AppIDSvc - ok
00:29:57.0289 6444 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
00:29:57.0290 6444 Appinfo - ok
00:29:57.0359 6444 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:29:57.0361 6444 Apple Mobile Device - ok
00:29:57.0414 6444 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
00:29:57.0415 6444 arc - ok
00:29:57.0435 6444 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
00:29:57.0436 6444 arcsas - ok
00:29:57.0459 6444 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
00:29:57.0461 6444 AsyncMac - ok
00:29:57.0531 6444 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
00:29:57.0533 6444 atapi - ok
00:29:57.0566 6444 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
00:29:57.0572 6444 AudioEndpointBuilder - ok
00:29:57.0581 6444 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
00:29:57.0584 6444 Audiosrv - ok
00:29:57.0616 6444 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
00:29:57.0617 6444 avgntflt - ok
00:29:57.0667 6444 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
00:29:57.0668 6444 avipbb - ok
00:29:57.0703 6444 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
00:29:57.0704 6444 AxInstSV - ok
00:29:57.0757 6444 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
00:29:57.0761 6444 b06bdrv - ok
00:29:57.0799 6444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
00:29:57.0801 6444 b57nd60x - ok
00:29:57.0832 6444 BCM42RLY (94f2dc372163d520d7b1dad78ae40b5e) C:\Windows\system32\drivers\BCM42RLY.sys
00:29:57.0833 6444 BCM42RLY - ok
00:29:57.0955 6444 BCM43XX (f689c5965cefad780a2948546703bd5d) C:\Windows\system32\DRIVERS\bcmwl6.sys
00:29:57.0977 6444 BCM43XX - ok
00:29:58.0090 6444 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
00:29:58.0091 6444 BDESVC - ok
00:29:58.0144 6444 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
00:29:58.0144 6444 Beep - ok
00:29:58.0204 6444 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
00:29:58.0207 6444 BFE - ok
00:29:58.0255 6444 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
00:29:58.0261 6444 BITS - ok
00:29:58.0274 6444 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
00:29:58.0274 6444 blbdrive - ok
00:29:58.0414 6444 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
00:29:58.0417 6444 Bonjour Service - ok
00:29:58.0450 6444 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
00:29:58.0452 6444 bowser - ok
00:29:58.0490 6444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:29:58.0491 6444 BrFiltLo - ok
00:29:58.0518 6444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:29:58.0519 6444 BrFiltUp - ok
00:29:58.0543 6444 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
00:29:58.0545 6444 Browser - ok
00:29:58.0568 6444 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
00:29:58.0571 6444 Brserid - ok
00:29:58.0586 6444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
00:29:58.0586 6444 BrSerWdm - ok
00:29:58.0641 6444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:29:58.0642 6444 BrUsbMdm - ok
00:29:58.0662 6444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
00:29:58.0663 6444 BrUsbSer - ok
00:29:58.0710 6444 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
00:29:58.0711 6444 BthEnum - ok
00:29:58.0730 6444 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
00:29:58.0731 6444 BTHMODEM - ok
00:29:58.0777 6444 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
00:29:58.0778 6444 BthPan - ok
00:29:58.0827 6444 BTHPORT (88059ff1ded4472acd17eebabd393069) C:\Windows\system32\Drivers\BTHport.sys
00:29:58.0833 6444 BTHPORT - ok
00:29:58.0899 6444 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
00:29:58.0902 6444 bthserv - ok
00:29:58.0926 6444 BTHUSB (80e6384beec03b8bd45edea29802d657) C:\Windows\system32\Drivers\BTHUSB.sys
00:29:58.0927 6444 BTHUSB - ok
00:29:58.0971 6444 btwaudio (7e826be3b3558208d5c9b00034e51be5) C:\Windows\system32\drivers\btwaudio.sys
00:29:58.0971 6444 btwaudio - ok
00:29:59.0001 6444 btwavdt (af9148c3e844131ac954cb53ff43d971) C:\Windows\system32\DRIVERS\btwavdt.sys
00:29:59.0003 6444 btwavdt - ok
00:29:59.0128 6444 btwdins (45f36763576b8ae91e809337dc7ce4e6) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
00:29:59.0133 6444 btwdins - ok
00:29:59.0142 6444 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
00:29:59.0143 6444 btwl2cap - ok
00:29:59.0156 6444 btwrchid (480b3d195854b2e55299cddddc50bcf9) C:\Windows\system32\DRIVERS\btwrchid.sys
00:29:59.0156 6444 btwrchid - ok
00:29:59.0194 6444 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
00:29:59.0195 6444 cdfs - ok
00:29:59.0259 6444 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
00:29:59.0261 6444 cdrom - ok
00:29:59.0307 6444 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
00:29:59.0309 6444 CertPropSvc - ok
00:29:59.0330 6444 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
00:29:59.0331 6444 circlass - ok
00:29:59.0366 6444 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
00:29:59.0368 6444 CLFS - ok
00:29:59.0448 6444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:29:59.0451 6444 clr_optimization_v2.0.50727_32 - ok
00:29:59.0548 6444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:29:59.0549 6444 clr_optimization_v4.0.30319_32 - ok
00:29:59.0560 6444 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
00:29:59.0560 6444 CmBatt - ok
00:29:59.0598 6444 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
00:29:59.0599 6444 cmdide - ok
00:29:59.0652 6444 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
00:29:59.0657 6444 CNG - ok
00:29:59.0700 6444 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
00:29:59.0701 6444 Compbatt - ok
00:29:59.0711 6444 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
00:29:59.0712 6444 CompositeBus - ok
00:29:59.0732 6444 COMSysApp - ok
00:29:59.0755 6444 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
00:29:59.0756 6444 crcdisk - ok
00:29:59.0819 6444 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
00:29:59.0823 6444 CryptSvc - ok
00:29:59.0896 6444 CtAudDrv (0f538df1673e5216f3baacb6911d9d0f) C:\Windows\system32\Drivers\CtAudDrv.sys
00:29:59.0897 6444 CtAudDrv - ok
00:29:59.0926 6444 CtClsFlt (9a6ca307151505730dbfc91d97f01c7e) C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:29:59.0929 6444 CtClsFlt - ok
00:30:00.0077 6444 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:30:00.0082 6444 cvhsvc - ok
00:30:00.0132 6444 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
00:30:00.0136 6444 DcomLaunch - ok
00:30:00.0172 6444 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
00:30:00.0176 6444 defragsvc - ok
00:30:00.0253 6444 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
00:30:00.0255 6444 DfsC - ok
00:30:00.0307 6444 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
00:30:00.0315 6444 Dhcp - ok
00:30:00.0339 6444 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
00:30:00.0340 6444 discache - ok
00:30:00.0418 6444 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
00:30:00.0419 6444 Disk - ok
00:30:00.0436 6444 dlcd_device - ok
00:30:00.0476 6444 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
00:30:00.0478 6444 Dnscache - ok
00:30:00.0502 6444 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
00:30:00.0506 6444 dot3svc - ok
00:30:00.0547 6444 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
00:30:00.0550 6444 DPS - ok
00:30:00.0572 6444 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
00:30:00.0574 6444 drmkaud - ok
00:30:00.0628 6444 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
00:30:00.0633 6444 DXGKrnl - ok
00:30:00.0674 6444 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
00:30:00.0677 6444 EapHost - ok
00:30:00.0816 6444 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
00:30:00.0833 6444 ebdrv - ok
00:30:00.0949 6444 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
00:30:00.0955 6444 EFS - ok
00:30:01.0034 6444 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
00:30:01.0037 6444 ehRecvr - ok
00:30:01.0066 6444 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
00:30:01.0067 6444 ehSched - ok
00:30:01.0165 6444 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
00:30:01.0167 6444 elxstor - ok
00:30:01.0187 6444 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
00:30:01.0188 6444 ErrDev - ok
00:30:01.0244 6444 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
00:30:01.0254 6444 EventSystem - ok
00:30:01.0282 6444 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
00:30:01.0284 6444 exfat - ok
00:30:01.0299 6444 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
00:30:01.0300 6444 fastfat - ok
00:30:01.0339 6444 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
00:30:01.0347 6444 Fax - ok
00:30:01.0366 6444 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
00:30:01.0367 6444 fdc - ok
00:30:01.0381 6444 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
00:30:01.0383 6444 fdPHost - ok
00:30:01.0397 6444 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
00:30:01.0399 6444 FDResPub - ok
00:30:01.0418 6444 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
00:30:01.0419 6444 FileInfo - ok
00:30:01.0436 6444 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
00:30:01.0437 6444 Filetrace - ok
00:30:01.0449 6444 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
00:30:01.0450 6444 flpydisk - ok
00:30:01.0486 6444 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
00:30:01.0488 6444 FltMgr - ok
00:30:01.0539 6444 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
00:30:01.0544 6444 FontCache - ok
00:30:01.0653 6444 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:30:01.0654 6444 FontCache3.0.0.0 - ok
00:30:01.0686 6444 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
00:30:01.0687 6444 FsDepends - ok
00:30:01.0729 6444 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
00:30:01.0730 6444 fssfltr - ok
00:30:01.0857 6444 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
00:30:01.0869 6444 fsssvc - ok
00:30:01.0984 6444 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
00:30:01.0986 6444 Fs_Rec - ok
00:30:02.0044 6444 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
00:30:02.0049 6444 fvevol - ok
00:30:02.0092 6444 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:30:02.0093 6444 gagp30kx - ok
00:30:02.0143 6444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:30:02.0144 6444 GEARAspiWDM - ok
00:30:02.0199 6444 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
00:30:02.0206 6444 gpsvc - ok
00:30:02.0241 6444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
00:30:02.0242 6444 hcw85cir - ok
00:30:02.0295 6444 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:30:02.0296 6444 HDAudBus - ok
00:30:02.0326 6444 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
00:30:02.0327 6444 HECI - ok
00:30:02.0342 6444 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
00:30:02.0343 6444 HidBatt - ok
00:30:02.0382 6444 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
00:30:02.0383 6444 HidBth - ok
00:30:02.0418 6444 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
00:30:02.0419 6444 HidIr - ok
00:30:02.0437 6444 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
00:30:02.0441 6444 hidserv - ok
00:30:02.0496 6444 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
00:30:02.0497 6444 HidUsb - ok
00:30:02.0528 6444 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
00:30:02.0534 6444 hkmsvc - ok
00:30:02.0550 6444 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
00:30:02.0553 6444 HomeGroupListener - ok
00:30:02.0586 6444 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
00:30:02.0591 6444 HomeGroupProvider - ok
00:30:02.0606 6444 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
00:30:02.0607 6444 HpSAMD - ok
00:30:02.0640 6444 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
00:30:02.0648 6444 HTTP - ok
00:30:02.0668 6444 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
00:30:02.0669 6444 hwpolicy - ok
00:30:02.0710 6444 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
00:30:02.0711 6444 i8042prt - ok
00:30:02.0752 6444 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
00:30:02.0755 6444 iaStor - ok
00:30:02.0798 6444 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
00:30:02.0800 6444 iaStorV - ok
00:30:02.0928 6444 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:30:02.0934 6444 idsvc - ok
00:30:03.0249 6444 igfx (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys
00:30:03.0299 6444 igfx - ok
00:30:03.0458 6444 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
00:30:03.0459 6444 iirsp - ok
00:30:03.0525 6444 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
00:30:03.0534 6444 IKEEXT - ok
00:30:03.0564 6444 Impcd (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys
00:30:03.0565 6444 Impcd - ok
00:30:03.0657 6444 InstallFilterService (36944f997af08dd85985acbd17e8eda5) C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
00:30:03.0658 6444 InstallFilterService - ok
00:30:03.0714 6444 IntcDAud (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:30:03.0717 6444 IntcDAud - ok
00:30:03.0759 6444 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
00:30:03.0760 6444 intelide - ok
00:30:03.0790 6444 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
00:30:03.0790 6444 intelppm - ok
00:30:03.0800 6444 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
00:30:03.0802 6444 IPBusEnum - ok
00:30:03.0822 6444 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:30:03.0823 6444 IpFilterDriver - ok
00:30:03.0868 6444 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
00:30:03.0880 6444 iphlpsvc - ok
00:30:03.0909 6444 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
00:30:03.0910 6444 IPMIDRV - ok
00:30:03.0926 6444 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
00:30:03.0927 6444 IPNAT - ok
00:30:04.0041 6444 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
00:30:04.0046 6444 iPod Service - ok
00:30:04.0067 6444 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
00:30:04.0069 6444 IRENUM - ok
00:30:04.0095 6444 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
00:30:04.0097 6444 isapnp - ok
00:30:04.0154 6444 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
00:30:04.0157 6444 iScsiPrt - ok
00:30:04.0182 6444 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:30:04.0183 6444 kbdclass - ok
00:30:04.0214 6444 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
00:30:04.0214 6444 kbdhid - ok
00:30:04.0240 6444 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:30:04.0242 6444 KeyIso - ok
00:30:04.0277 6444 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
00:30:04.0278 6444 KSecDD - ok
00:30:04.0314 6444 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
00:30:04.0316 6444 KSecPkg - ok
00:30:04.0378 6444 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
00:30:04.0381 6444 KtmRm - ok
00:30:04.0455 6444 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
00:30:04.0462 6444 LanmanServer - ok
00:30:04.0499 6444 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
00:30:04.0503 6444 LanmanWorkstation - ok
00:30:04.0584 6444 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
00:30:04.0585 6444 lltdio - ok
00:30:04.0611 6444 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
00:30:04.0617 6444 lltdsvc - ok
00:30:04.0632 6444 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
00:30:04.0635 6444 lmhosts - ok
00:30:04.0755 6444 LMS (5460828f8951d310b42b442877603b8d) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
00:30:04.0756 6444 LMS - ok
00:30:04.0815 6444 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:30:04.0817 6444 LSI_FC - ok
00:30:04.0851 6444 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:30:04.0853 6444 LSI_SAS - ok
00:30:04.0872 6444 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:30:04.0873 6444 LSI_SAS2 - ok
00:30:04.0900 6444 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:30:04.0901 6444 LSI_SCSI - ok
00:30:04.0922 6444 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
00:30:04.0923 6444 luafv - ok
00:30:04.0951 6444 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
00:30:04.0953 6444 Mcx2Svc - ok
00:30:04.0961 6444 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
00:30:04.0962 6444 megasas - ok
00:30:04.0995 6444 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
00:30:04.0996 6444 MegaSR - ok
00:30:05.0064 6444 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
00:30:05.0066 6444 Microsoft Office Groove Audit Service - ok
00:30:05.0095 6444 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:30:05.0099 6444 MMCSS - ok
00:30:05.0143 6444 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
00:30:05.0144 6444 Modem - ok
00:30:05.0166 6444 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
00:30:05.0168 6444 monitor - ok
00:30:05.0201 6444 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
00:30:05.0202 6444 mouclass - ok
00:30:05.0224 6444 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
00:30:05.0225 6444 mouhid - ok
00:30:05.0266 6444 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
00:30:05.0268 6444 mountmgr - ok
00:30:05.0294 6444 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
00:30:05.0296 6444 mpio - ok
00:30:05.0314 6444 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
00:30:05.0317 6444 mpsdrv - ok
00:30:05.0347 6444 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
00:30:05.0356 6444 MpsSvc - ok
00:30:05.0384 6444 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
00:30:05.0387 6444 MRxDAV - ok
00:30:05.0417 6444 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:30:05.0419 6444 mrxsmb - ok
00:30:05.0452 6444 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:30:05.0454 6444 mrxsmb10 - ok
00:30:05.0467 6444 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:30:05.0469 6444 mrxsmb20 - ok
00:30:05.0494 6444 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
00:30:05.0495 6444 msahci - ok
00:30:05.0516 6444 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
00:30:05.0517 6444 msdsm - ok
00:30:05.0544 6444 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
00:30:05.0546 6444 MSDTC - ok
00:30:05.0585 6444 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
00:30:05.0586 6444 Msfs - ok
00:30:05.0602 6444 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
00:30:05.0603 6444 mshidkmdf - ok
00:30:05.0611 6444 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
00:30:05.0613 6444 msisadrv - ok
00:30:05.0646 6444 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
00:30:05.0650 6444 MSiSCSI - ok
00:30:05.0657 6444 msiserver - ok
00:30:05.0685 6444 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
00:30:05.0686 6444 MSKSSRV - ok
00:30:05.0691 6444 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
00:30:05.0692 6444 MSPCLOCK - ok
00:30:05.0700 6444 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
00:30:05.0701 6444 MSPQM - ok
00:30:05.0721 6444 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
00:30:05.0723 6444 MsRPC - ok
00:30:05.0739 6444 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
00:30:05.0739 6444 mssmbios - ok
00:30:05.0754 6444 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
00:30:05.0755 6444 MSTEE - ok
00:30:05.0788 6444 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
00:30:05.0789 6444 MTConfig - ok
00:30:05.0805 6444 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
00:30:05.0807 6444 Mup - ok
00:30:05.0842 6444 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
00:30:05.0851 6444 napagent - ok
00:30:05.0901 6444 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
00:30:05.0904 6444 NativeWifiP - ok
00:30:05.0958 6444 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
00:30:05.0963 6444 NDIS - ok
00:30:05.0974 6444 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
00:30:05.0975 6444 NdisCap - ok
00:30:05.0991 6444 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
00:30:05.0992 6444 NdisTapi - ok
00:30:05.0997 6444 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
00:30:05.0999 6444 Ndisuio - ok
00:30:06.0015 6444 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
00:30:06.0017 6444 NdisWan - ok
00:30:06.0031 6444 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
00:30:06.0032 6444 NDProxy - ok
00:30:06.0071 6444 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
00:30:06.0073 6444 NetBIOS - ok
00:30:06.0099 6444 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
00:30:06.0101 6444 NetBT - ok
00:30:06.0129 6444 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:30:06.0133 6444 Netlogon - ok
00:30:06.0205 6444 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
00:30:06.0210 6444 Netman - ok
00:30:06.0241 6444 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
00:30:06.0246 6444 netprofm - ok
00:30:06.0343 6444 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:30:06.0346 6444 NetTcpPortSharing - ok
00:30:06.0370 6444 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
00:30:06.0371 6444 nfrd960 - ok
00:30:06.0415 6444 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
00:30:06.0425 6444 NlaSvc - ok
00:30:06.0479 6444 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
00:30:06.0480 6444 npf - ok
00:30:06.0493 6444 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
00:30:06.0495 6444 Npfs - ok
00:30:06.0536 6444 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
00:30:06.0538 6444 nsi - ok
00:30:06.0547 6444 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
00:30:06.0549 6444 nsiproxy - ok
00:30:06.0608 6444 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
00:30:06.0617 6444 Ntfs - ok
00:30:06.0640 6444 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
00:30:06.0641 6444 Null - ok
00:30:06.0668 6444 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
00:30:06.0669 6444 nvraid - ok
00:30:06.0686 6444 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
00:30:06.0687 6444 nvstor - ok
00:30:06.0720 6444 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
00:30:06.0721 6444 nv_agp - ok
00:30:06.0811 6444 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:30:06.0816 6444 odserv - ok
00:30:06.0853 6444 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
00:30:06.0854 6444 ohci1394 - ok
00:30:06.0896 6444 ONDAusbmdm6k (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbmdm6k.sys
00:30:06.0898 6444 ONDAusbmdm6k - ok
00:30:06.0912 6444 ONDAusbnet (e8b90d32a56e8cb811b4086fdcdcaa50) C:\Windows\system32\DRIVERS\ONDAusbnet.sys
00:30:06.0914 6444 ONDAusbnet - ok
00:30:06.0957 6444 ONDAusbnmea (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbnmea.sys
00:30:06.0958 6444 ONDAusbnmea - ok
00:30:06.0978 6444 ONDAusbser6k (6899bdba16765bf728983917a80f7926) C:\Windows\system32\DRIVERS\ONDAusbser6k.sys
00:30:06.0979 6444 ONDAusbser6k - ok
00:30:07.0031 6444 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:30:07.0034 6444 ose - ok
00:30:07.0244 6444 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:30:07.0270 6444 osppsvc - ok
00:30:07.0391 6444 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:30:07.0401 6444 p2pimsvc - ok
00:30:07.0440 6444 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
00:30:07.0444 6444 p2psvc - ok
00:30:07.0499 6444 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
00:30:07.0501 6444 Parport - ok
00:30:07.0528 6444 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
00:30:07.0529 6444 partmgr - ok
00:30:07.0544 6444 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
00:30:07.0546 6444 Parvdm - ok
00:30:07.0571 6444 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
00:30:07.0576 6444 PcaSvc - ok
00:30:07.0606 6444 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
00:30:07.0608 6444 pci - ok
00:30:07.0630 6444 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
00:30:07.0631 6444 pciide - ok
00:30:07.0654 6444 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
00:30:07.0655 6444 pcmcia - ok
00:30:07.0671 6444 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
00:30:07.0672 6444 pcw - ok
00:30:07.0699 6444 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
00:30:07.0703 6444 PEAUTH - ok
00:30:07.0800 6444 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
00:30:07.0814 6444 pla - ok
00:30:07.0925 6444 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
00:30:07.0934 6444 PlugPlay - ok
00:30:07.0951 6444 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
00:30:07.0954 6444 PNRPAutoReg - ok
00:30:07.0971 6444 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
00:30:07.0974 6444 PNRPsvc - ok
00:30:08.0014 6444 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
00:30:08.0018 6444 PolicyAgent - ok
00:30:08.0079 6444 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
00:30:08.0086 6444 Power - ok
00:30:08.0148 6444 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
00:30:08.0150 6444 PptpMiniport - ok
00:30:08.0187 6444 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
00:30:08.0188 6444 Processor - ok
00:30:08.0227 6444 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
00:30:08.0231 6444 ProfSvc - ok
00:30:08.0256 6444 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:30:08.0258 6444 ProtectedStorage - ok
00:30:08.0281 6444 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
00:30:08.0283 6444 Psched - ok
00:30:08.0314 6444 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
00:30:08.0315 6444 PxHelp20 - ok
00:30:08.0386 6444 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
00:30:08.0405 6444 ql2300 - ok
00:30:08.0496 6444 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
00:30:08.0499 6444 ql40xx - ok
00:30:08.0538 6444 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
00:30:08.0542 6444 QWAVE - ok
00:30:08.0557 6444 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
00:30:08.0558 6444 QWAVEdrv - ok
00:30:08.0569 6444 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
00:30:08.0570 6444 RasAcd - ok
00:30:08.0612 6444 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:30:08.0613 6444 RasAgileVpn - ok
00:30:08.0632 6444 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
00:30:08.0638 6444 RasAuto - ok
00:30:08.0664 6444 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:30:08.0668 6444 Rasl2tp - ok
00:30:08.0690 6444 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
00:30:08.0694 6444 RasMan - ok
00:30:08.0735 6444 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
00:30:08.0736 6444 RasPppoe - ok
00:30:08.0764 6444 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
00:30:08.0765 6444 RasSstp - ok
00:30:08.0789 6444 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
00:30:08.0794 6444 rdbss - ok
00:30:08.0811 6444 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
00:30:08.0813 6444 rdpbus - ok
00:30:08.0825 6444 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:30:08.0826 6444 RDPCDD - ok
00:30:08.0897 6444 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
00:30:08.0899 6444 RDPENCDD - ok
00:30:08.0917 6444 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
00:30:08.0920 6444 RDPREFMP - ok
00:30:08.0952 6444 RDPWD (0399c725a9c95a6f1862b93f008ddf4a) C:\Windows\system32\drivers\RDPWD.sys
00:30:08.0954 6444 RDPWD - ok
00:30:08.0994 6444 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
00:30:09.0004 6444 rdyboost - ok
00:30:09.0039 6444 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
00:30:09.0044 6444 RemoteAccess - ok
00:30:09.0080 6444 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
00:30:09.0086 6444 RemoteRegistry - ok
00:30:09.0138 6444 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
00:30:09.0139 6444 RFCOMM - ok
00:30:09.0219 6444 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
00:30:09.0221 6444 rpcapd - ok
00:30:09.0268 6444 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
00:30:09.0271 6444 RpcEptMapper - ok
00:30:09.0281 6444 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
00:30:09.0285 6444 RpcLocator - ok
00:30:09.0311 6444 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
00:30:09.0315 6444 RpcSs - ok
00:30:09.0367 6444 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
00:30:09.0368 6444 rspndr - ok
00:30:09.0398 6444 RSUSBSTOR (31d45eca63884ff5f7aecc50f7d1bae0) C:\Windows\system32\Drivers\RtsUStor.sys
00:30:09.0402 6444 RSUSBSTOR - ok
00:30:09.0439 6444 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
00:30:09.0441 6444 RTL8167 - ok
00:30:09.0486 6444 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:30:09.0488 6444 SamSs - ok
00:30:09.0533 6444 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
00:30:09.0535 6444 sbp2port - ok
00:30:09.0563 6444 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
00:30:09.0565 6444 SCardSvr - ok
00:30:09.0580 6444 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
00:30:09.0581 6444 scfilter - ok
00:30:09.0638 6444 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
00:30:09.0645 6444 Schedule - ok
00:30:09.0678 6444 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
00:30:09.0679 6444 SCPolicySvc - ok
00:30:09.0722 6444 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
00:30:09.0729 6444 SDRSVC - ok
00:30:09.0759 6444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:30:09.0761 6444 secdrv - ok
00:30:09.0780 6444 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
00:30:09.0786 6444 seclogon - ok
00:30:09.0842 6444 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
00:30:09.0849 6444 SENS - ok
00:30:09.0873 6444 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
00:30:09.0880 6444 SensrSvc - ok
00:30:09.0905 6444 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
00:30:09.0907 6444 Serenum - ok
00:30:09.0941 6444 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
00:30:09.0942 6444 Serial - ok
00:30:09.0973 6444 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
00:30:09.0975 6444 sermouse - ok
00:30:10.0026 6444 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
00:30:10.0029 6444 SessionEnv - ok
00:30:10.0049 6444 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
00:30:10.0051 6444 sffdisk - ok
00:30:10.0065 6444 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
00:30:10.0067 6444 sffp_mmc - ok
00:30:10.0096 6444 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:30:10.0099 6444 sffp_sd - ok
00:30:10.0117 6444 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
00:30:10.0119 6444 sfloppy - ok
00:30:10.0174 6444 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
00:30:10.0177 6444 Sftfs - ok
00:30:10.0288 6444 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
00:30:10.0295 6444 sftlist - ok
00:30:10.0311 6444 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:30:10.0312 6444 Sftplay - ok
00:30:10.0327 6444 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:30:10.0328 6444 Sftredir - ok
00:30:10.0340 6444 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
00:30:10.0342 6444 Sftvol - ok
00:30:10.0363 6444 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
00:30:10.0365 6444 sftvsa - ok
00:30:10.0405 6444 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
00:30:10.0408 6444 SharedAccess - ok
00:30:10.0444 6444 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
00:30:10.0449 6444 ShellHWDetection - ok
00:30:10.0481 6444 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
00:30:10.0482 6444 sisagp - ok
00:30:10.0510 6444 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:30:10.0511 6444 SiSRaid2 - ok
00:30:10.0535 6444 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
00:30:10.0537 6444 SiSRaid4 - ok
00:30:10.0594 6444 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
00:30:10.0597 6444 SkypeUpdate - ok
00:30:10.0624 6444 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
00:30:10.0626 6444 Smb - ok
00:30:10.0675 6444 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
00:30:10.0678 6444 SNMPTRAP - ok
00:30:10.0692 6444 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
00:30:10.0695 6444 spldr - ok
00:30:10.0765 6444 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
00:30:10.0775 6444 Spooler - ok
00:30:10.0900 6444 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
00:30:10.0920 6444 sppsvc - ok
00:30:11.0027 6444 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
00:30:11.0029 6444 sppuinotify - ok
00:30:11.0093 6444 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
00:30:11.0098 6444 srv - ok
00:30:11.0123 6444 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
00:30:11.0125 6444 srv2 - ok
00:30:11.0142 6444 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
00:30:11.0144 6444 srvnet - ok
00:30:11.0195 6444 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
00:30:11.0198 6444 SSDPSRV - ok
00:30:11.0227 6444 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:30:11.0228 6444 ssmdrv - ok
00:30:11.0241 6444 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
00:30:11.0244 6444 SstpSvc - ok
00:30:11.0336 6444 STacSV (fbaa145c28074c853529050914d405c6) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
00:30:11.0339 6444 STacSV - ok
00:30:11.0363 6444 stdflt (972f577308b006070de8d09573dbae53) C:\Windows\system32\DRIVERS\stdflt.sys
00:30:11.0364 6444 stdflt - ok
00:30:11.0386 6444 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
00:30:11.0387 6444 stexstor - ok
00:30:11.0432 6444 STHDA (06cbb271f42ef70fb6ef372c491ba9aa) C:\Windows\system32\DRIVERS\stwrt.sys
00:30:11.0436 6444 STHDA - ok
00:30:11.0501 6444 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
00:30:11.0509 6444 StiSvc - ok
00:30:11.0605 6444 stllssvr (e476c66713c842f58e61a95826ed1d57) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:30:11.0607 6444 stllssvr - ok
00:30:11.0623 6444 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
00:30:11.0624 6444 swenum - ok
00:30:11.0674 6444 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
00:30:11.0678 6444 swprv - ok
00:30:11.0730 6444 SynTP (cf196a45fd61118c95585489fad5b2aa) C:\Windows\system32\DRIVERS\SynTP.sys
00:30:11.0734 6444 SynTP - ok
00:30:11.0790 6444 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
00:30:11.0799 6444 SysMain - ok
00:30:11.0819 6444 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
00:30:11.0823 6444 TabletInputService - ok
00:30:11.0861 6444 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
00:30:11.0866 6444 TapiSrv - ok
00:30:11.0886 6444 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
00:30:11.0888 6444 TBS - ok
00:30:11.0985 6444 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
00:30:11.0993 6444 Tcpip - ok
00:30:12.0028 6444 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
00:30:12.0035 6444 TCPIP6 - ok
00:30:12.0069 6444 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
00:30:12.0069 6444 tcpipreg - ok
00:30:12.0093 6444 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
00:30:12.0095 6444 TDPIPE - ok
00:30:12.0126 6444 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
00:30:12.0127 6444 TDTCP - ok
00:30:12.0141 6444 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
00:30:12.0142 6444 tdx - ok
00:30:12.0152 6444 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
00:30:12.0152 6444 TermDD - ok
00:30:12.0180 6444 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
00:30:12.0188 6444 TermService - ok
00:30:12.0211 6444 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
00:30:12.0215 6444 Themes - ok
00:30:12.0257 6444 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
00:30:12.0262 6444 THREADORDER - ok
00:30:12.0304 6444 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
00:30:12.0310 6444 TrkWks - ok
00:30:12.0410 6444 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
00:30:12.0413 6444 TrustedInstaller - ok
00:30:12.0432 6444 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:30:12.0434 6444 tssecsrv - ok
00:30:12.0468 6444 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
00:30:12.0471 6444 tunnel - ok
00:30:12.0492 6444 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
00:30:12.0493 6444 uagp35 - ok
00:30:12.0534 6444 udfs (eb0a7bd4d471ac3ce55564a4c55b9d8e) C:\Windows\system32\DRIVERS\udfs.sys
00:30:12.0536 6444 udfs - ok
00:30:12.0559 6444 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
00:30:12.0562 6444 UI0Detect - ok
00:30:12.0583 6444 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
00:30:12.0583 6444 uliagpkx - ok
00:30:12.0638 6444 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
00:30:12.0639 6444 umbus - ok
00:30:12.0653 6444 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
00:30:12.0656 6444 UmPass - ok
00:30:12.0845 6444 UNS (9e89c2d6945389270de067ce51ff7425) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
00:30:12.0858 6444 UNS - ok
00:30:12.0963 6444 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
00:30:12.0971 6444 upnphost - ok
00:30:13.0029 6444 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
00:30:13.0030 6444 USBAAPL - ok
00:30:13.0077 6444 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
00:30:13.0078 6444 usbccgp - ok
00:30:13.0103 6444 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
00:30:13.0104 6444 usbcir - ok
00:30:13.0121 6444 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
00:30:13.0122 6444 usbehci - ok
00:30:13.0165 6444 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
00:30:13.0169 6444 usbhub - ok
00:30:13.0192 6444 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
00:30:13.0194 6444 usbohci - ok
00:30:13.0210 6444 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
00:30:13.0213 6444 usbprint - ok
00:30:13.0248 6444 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
00:30:13.0249 6444 usbscan - ok
00:30:13.0296 6444 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:30:13.0297 6444 USBSTOR - ok
00:30:13.0321 6444 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
00:30:13.0321 6444 usbuhci - ok
00:30:13.0370 6444 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\system32\Drivers\usbvideo.sys
00:30:13.0373 6444 usbvideo - ok
00:30:13.0426 6444 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
00:30:13.0433 6444 UxSms - ok
00:30:13.0464 6444 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
00:30:13.0465 6444 VaultSvc - ok
00:30:13.0491 6444 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
00:30:13.0492 6444 vdrvroot - ok
00:30:13.0519 6444 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
00:30:13.0525 6444 vds - ok
00:30:13.0548 6444 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
00:30:13.0549 6444 vga - ok
00:30:13.0564 6444 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
00:30:13.0565 6444 VgaSave - ok
00:30:13.0592 6444 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
00:30:13.0593 6444 vhdmp - ok
00:30:13.0627 6444 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
00:30:13.0628 6444 viaagp - ok
00:30:13.0646 6444 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
00:30:13.0648 6444 ViaC7 - ok
00:30:13.0698 6444 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
00:30:13.0700 6444 viaide - ok
00:30:13.0717 6444 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
00:30:13.0718 6444 volmgr - ok
00:30:13.0760 6444 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
00:30:13.0764 6444 volmgrx - ok
00:30:13.0847 6444 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
00:30:13.0851 6444 volsnap - ok
00:30:13.0881 6444 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
00:30:13.0882 6444 vsmraid - ok
00:30:13.0942 6444 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
00:30:13.0952 6444 VSS - ok
00:30:13.0970 6444 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
00:30:13.0972 6444 vwifibus - ok
00:30:13.0987 6444 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
00:30:13.0989 6444 vwififlt - ok
00:30:14.0020 6444 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
00:30:14.0021 6444 vwifimp - ok
00:30:14.0054 6444 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
00:30:14.0060 6444 W32Time - ok
00:30:14.0076 6444 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
00:30:14.0077 6444 WacomPen - ok
00:30:14.0100 6444 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:30:14.0101 6444 WANARP - ok
00:30:14.0105 6444 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
00:30:14.0107 6444 Wanarpv6 - ok
00:30:14.0185 6444 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
00:30:14.0199 6444 WatAdminSvc - ok
00:30:14.0255 6444 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
00:30:14.0265 6444 wbengine - ok
00:30:14.0281 6444 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
00:30:14.0287 6444 WbioSrvc - ok
00:30:14.0327 6444 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
00:30:14.0336 6444 wcncsvc - ok
00:30:14.0353 6444 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
00:30:14.0356 6444 WcsPlugInService - ok
00:30:14.0403 6444 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
00:30:14.0406 6444 Wd - ok
00:30:14.0441 6444 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
00:30:14.0447 6444 Wdf01000 - ok
00:30:14.0461 6444 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:30:14.0466 6444 WdiServiceHost - ok
00:30:14.0471 6444 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
00:30:14.0475 6444 WdiSystemHost - ok
00:30:14.0502 6444 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
00:30:14.0506 6444 WebClient - ok
00:30:14.0538 6444 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
00:30:14.0543 6444 Wecsvc - ok
00:30:14.0551 6444 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
00:30:14.0555 6444 wercplsupport - ok
00:30:14.0587 6444 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
00:30:14.0591 6444 WerSvc - ok
00:30:14.0620 6444 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
00:30:14.0623 6444 WfpLwf - ok
00:30:14.0640 6444 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
00:30:14.0642 6444 WIMMount - ok
00:30:14.0740 6444 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
00:30:14.0745 6444 WinDefend - ok
00:30:14.0751 6444 WinHttpAutoProxySvc - ok
00:30:14.0807 6444 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
00:30:14.0809 6444 Winmgmt - ok
00:30:14.0874 6444 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
00:30:14.0893 6444 WinRM - ok
00:30:14.0964 6444 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
00:30:14.0965 6444 WinUsb - ok
00:30:15.0012 6444 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
00:30:15.0019 6444 Wlansvc - ok
00:30:15.0176 6444 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:30:15.0178 6444 wlcrasvc - ok
00:30:15.0302 6444 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:30:15.0315 6444 wlidsvc - ok
00:30:15.0347 6444 wltrysvc (7fff34ae69dfb80f7b190aba31e00610) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
00:30:15.0348 6444 wltrysvc - ok
00:30:15.0464 6444 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:30:15.0465 6444 WmiAcpi - ok
00:30:15.0548 6444 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
00:30:15.0549 6444 wmiApSrv - ok
00:30:15.0647 6444 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:30:15.0664 6444 WMPNetworkSvc - ok
00:30:15.0699 6444 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
00:30:15.0707 6444 WPCSvc - ok
00:30:15.0738 6444 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
00:30:15.0741 6444 WPDBusEnum - ok
00:30:15.0777 6444 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
00:30:15.0778 6444 ws2ifsl - ok
00:30:15.0809 6444 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
00:30:15.0816 6444 wscsvc - ok
00:30:15.0823 6444 WSearch - ok
00:30:15.0925 6444 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
00:30:15.0960 6444 wuauserv - ok
00:30:16.0036 6444 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
00:30:16.0039 6444 WudfPf - ok
00:30:16.0069 6444 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:30:16.0071 6444 WUDFRd - ok
00:30:16.0121 6444 wudfsvc (f1fcb56102a8373ed86b6ff08fb17d67) C:\Windows\System32\WUDFSvc.dll
00:30:16.0128 6444 wudfsvc - ok
00:30:16.0164 6444 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
00:30:16.0170 6444 WwanSvc - ok
00:30:16.0252 6444 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
00:30:16.0301 6444 \Device\Harddisk0\DR0 - ok
00:30:16.0307 6444 Boot (0x1200) (64b2ae974880a5610612996a9b13e955) \Device\Harddisk0\DR0\Partition0
00:30:16.0308 6444 \Device\Harddisk0\DR0\Partition0 - ok
00:30:16.0323 6444 Boot (0x1200) (7ead853f32ebf10d84084bc42002ba31) \Device\Harddisk0\DR0\Partition1
00:30:16.0325 6444 \Device\Harddisk0\DR0\Partition1 - ok
00:30:16.0326 6444 ============================================================
00:30:16.0326 6444 Scan finished
00:30:16.0326 6444 ============================================================
00:30:16.0342 7472 Detected object count: 0
00:30:16.0343 7472 Actual detected object count: 0
00:32:01.0400 8180 Deinitialize success
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 16th, 2012, 12:38 am

Thank you, Sheila! :)

Good job! :D Yes, every log, even a clear one is important!
Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE0FF727-8864-47F3-B931-C2402FA9BC53}]
    "AppPath"=-
    
    :Files
    c:\windows\system32\shoA5E.tmp
    c:\windows\system32\sho5279.tmp
    c:\windows\system32\sho3672.tmp
    c:\windows\system32\sho545A.tmp
    c:\windows\system32\shoAAB2.tmp
    c:\windows\system32\shoD0BC.tmp
    c:\windows\system32\shoEF4E.tmp
    c:\windows\system32\shoF539.tmp
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

  1. Firstly please Disable any Antivirus you have active, as shown in This topic.
  2. Note: Don't forget to re-enable it after the scan.
  3. Next please click on the following link to open a new window to ESET online scannner
  4. Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  5. Select the option YES, I accept the Terms of Use then click on: Image
  6. When prompted allow the Add-On/Active X to install.
  7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  8. Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  9. Now click on: Image
  10. The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  11. When completed the Online Scan will begin automatically.
  12. Do not touch either the mouse or keyboard during the scan otherwise it may stall.
  13. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  14. Now click on: Image
  15. Use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  16. Copy and paste that log as a reply to this topic.

Step 3.
Fresh OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click on Run Scan at the top left hand corner.
  4. When done, one Notepad file OTL.txt will be opened, maximized.
  5. Please post the content of OTL.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file.
  4. Contents of OTL.txt log file after OTL Fresh Scan run
  5. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3183
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 5:45 am

Hi pgmigg,

Ok, looks like we've finally caught the culprit! There were some threats found but here are the first two logs for you to check yourself--there were too many characters when I tried posting all three so I'll post the third one separately:

First OTL.txt log file OTL FixScript:

OTL logfile created on: 16/05/2012 08:43:57 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Sheila\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 47,08% Memory free
3,73 Gb Paging File | 2,54 Gb Available in Paging File | 68,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 222,42 Gb Free Space | 78,48% Space Free | Partition Type: NTFS

Computer Name: SHEILA-PC | User Name: Sheila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 17:49:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/26 23:12:04 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/12 09:05:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/03 06:43:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 17:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 03:28:18 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/10/12 03:28:18 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/10/12 03:28:14 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/06/26 20:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Programmi\Freecorder\FLVSrvc.exe
PRC - [2010/05/20 02:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/04/06 22:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programmi\IDT\WDM\sttray.exe
PRC - [2010/04/06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010/03/30 15:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Programmi\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 16:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/15 17:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\QuickSet\quickset.exe
PRC - [2010/01/14 23:11:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programmi\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/30 05:41:08 | 000,060,928 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\InstallFilterService.exe
PRC - [2009/11/19 17:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Programmi\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/20 09:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/20 09:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/06 21:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Programmi\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programmi\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programmi\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 11:32:59 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/09 11:32:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 11:32:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/09 11:32:19 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/09 11:31:57 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/09 11:31:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/28 17:31:26 | 002,236,416 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2012/04/28 17:31:26 | 001,396,736 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2012/04/28 17:31:26 | 000,868,352 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2012/04/28 17:31:26 | 000,847,872 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2012/04/28 17:31:26 | 000,782,336 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2012/04/28 17:31:26 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2012/04/28 17:31:26 | 000,528,384 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2012/04/28 17:31:26 | 000,462,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2012/04/28 17:31:26 | 000,237,568 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2012/04/28 17:31:26 | 000,155,648 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2012/04/28 17:31:26 | 000,143,360 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2012/04/28 17:31:25 | 001,564,672 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2012/04/28 17:31:25 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2012/04/28 17:31:25 | 000,471,040 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2012/04/28 17:31:25 | 000,406,016 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2012/04/28 17:31:25 | 000,356,352 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2012/04/28 17:31:25 | 000,315,392 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2012/04/28 17:31:25 | 000,264,192 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2012/04/28 17:31:25 | 000,217,088 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
MOD - [2012/04/28 17:31:25 | 000,163,840 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
MOD - [2012/04/28 17:31:25 | 000,151,552 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2012/04/28 17:31:25 | 000,129,536 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2012/04/28 17:31:25 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2012/04/28 17:31:25 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2012/04/28 17:31:25 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2012/04/28 17:31:25 | 000,062,464 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2012/04/28 17:31:25 | 000,052,224 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2012/04/28 17:31:25 | 000,044,544 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2012/04/28 17:31:25 | 000,010,752 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2012/04/28 17:31:25 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2012/04/28 17:31:25 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2012/04/28 17:31:24 | 011,503,616 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2012/04/28 17:31:24 | 000,761,856 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2012/04/28 17:31:24 | 000,684,032 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2012/04/28 17:31:24 | 000,339,968 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2012/04/28 17:31:24 | 000,234,496 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2012/04/28 17:31:24 | 000,171,520 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2012/04/28 17:31:24 | 000,152,576 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2012/04/28 17:31:24 | 000,098,304 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2012/04/28 17:31:24 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2012/04/28 17:31:24 | 000,078,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 23:04:56 | 000,140,800 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010/03/17 16:20:30 | 000,139,264 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/10/20 09:12:10 | 000,132,384 | ---- | M] () -- C:\Programmi\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2007/01/11 18:33:20 | 000,106,496 | R--- | M] () -- C:\Programmi\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 12:00:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/12 09:05:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/03 06:43:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2011/02/11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/19 07:44:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 03:28:18 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/04/06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/30 05:41:08 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Programmi\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/03/02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/06/21 22:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/12 09:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/12 09:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/10/12 06:12:56 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/12 03:28:13 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/09/02 12:08:56 | 000,114,688 | ---- | M] (ONDA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ONDAusbnet.sys -- (ONDAusbnet)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2010/06/17 16:28:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/06 22:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/26 10:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 00:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Audio schermo Intel(R)
DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 05:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{AAB8CC18-CCC2-47E3-BCFE-1F7FD48BCBB3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/11
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/26 23:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 20:20:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programmi\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programmi\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programmi\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/ ... emLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FF36590-FACB-4DD2-AC80-5B7827175BE3}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91CA12B-6D6E-4458-9624-76BBD466BEE2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programmi\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c16be3c-3774-11e1-89fb-5cac4ceb56f5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c16be3c-3774-11e1-89fb-5cac4ceb56f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 05:41:37 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/05/11 17:52:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/11 17:48:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
[2012/05/10 09:03:22 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\InstallShield
[2012/05/10 08:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/10 08:31:21 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/09 08:12:19 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 08:12:19 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 08:12:18 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 08:12:17 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 08:12:17 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 08:12:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 08:12:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 08:12:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/06 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\HTC
[2012/05/06 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Teleca
[2012/05/06 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2012/05/06 12:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2012/05/06 12:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2012/05/06 12:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/05/06 12:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2012/05/06 12:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2012/04/29 09:46:03 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\KodakCredentialStore
[2012/04/28 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\KodakGallery
[2012/04/28 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Skinux
[2012/04/28 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\Programs
[2012/04/28 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\ArcSoft
[2012/04/28 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Documents\My Print Creations
[2012/04/28 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Arcsoft
[2012/04/28 17:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/04/28 17:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
[2012/04/28 17:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/04/28 17:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/04/28 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/28 17:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/04/28 17:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/04/28 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/04/28 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/04/28 17:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/04/26 16:45:16 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Desktop\Linda
[1 C:\Users\Sheila\Desktop\*.tmp files -> C:\Users\Sheila\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 08:46:34 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 08:46:34 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 08:43:29 | 011,770,166 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/05/16 08:43:29 | 004,212,624 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/16 08:43:29 | 004,047,218 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/05/16 08:43:29 | 003,536,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 08:39:09 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\hlwttfy.job
[2012/05/16 08:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 08:39:01 | 1502,617,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 06:29:00 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48174127-2646268663-3363889633-1001UA.job
[2012/05/16 06:14:20 | 000,000,512 | ---- | M] () -- C:\Users\Sheila\Desktop\MBR.dat
[2012/05/16 06:00:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 07:29:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48174127-2646268663-3363889633-1001Core.job
[2012/05/12 20:56:44 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/05/11 17:49:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
[2012/05/10 09:02:26 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/05/10 08:58:38 | 000,002,569 | ---- | M] () -- C:\Users\Public\Desktop\Dell Backup and Recovery Manager.lnk
[2012/05/10 08:31:21 | 000,002,969 | ---- | M] () -- C:\Users\Sheila\Desktop\HiJackThis.lnk
[2012/05/09 11:30:32 | 000,440,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 07:03:17 | 000,141,312 | RHS- | M] () -- C:\Windows\System32\cmifwm.dll
[2012/05/05 12:00:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 12:00:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 14:30:22 | 000,002,407 | ---- | M] () -- C:\Users\Sheila\Desktop\Google Chrome.lnk
[2012/04/28 17:38:43 | 000,027,648 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012/04/28 17:38:43 | 000,003,072 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/04/28 17:28:07 | 000,002,100 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[1 C:\Users\Sheila\Desktop\*.tmp files -> C:\Users\Sheila\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 06:14:20 | 000,000,512 | ---- | C] () -- C:\Users\Sheila\Desktop\MBR.dat
[2012/05/10 08:31:21 | 000,002,969 | ---- | C] () -- C:\Users\Sheila\Desktop\HiJackThis.lnk
[2012/05/08 07:03:17 | 000,141,312 | RHS- | C] () -- C:\Windows\System32\cmifwm.dll
[2012/05/08 07:03:17 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\hlwttfy.job
[2012/04/28 17:31:52 | 000,027,648 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2012/04/28 17:31:52 | 000,003,072 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/04/28 17:28:07 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2012/04/28 17:20:03 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/04/10 12:30:50 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/17 21:16:20 | 000,000,128 | ---- | C] () -- C:\Windows\AVIATION.DAT
[2011/09/15 15:38:24 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/17 14:29:42 | 000,013,312 | ---- | C] () -- C:\Users\Sheila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/11/22 10:41:32 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/10/19 15:59:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcdcfg.dll
[2010/10/18 23:27:57 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 03:35:48 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/10/12 03:28:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/08/28 03:42:51 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/28 02:23:25 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/08/28 02:23:25 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/28 02:23:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/28 02:23:24 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/08/28 02:23:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/08/28 02:23:24 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/28 02:23:24 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >


Contents of scan results from C:\Program Files\ESET\EsetOnlineScanner\log.txt file:
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe a variant of Win32/RegistryBooster application
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application
C:\_OTL\MovedFiles\05112012_175240\C_Users\Sheila\AppData\Local\Temp\SetupDataMngr_Searchqu.exe Win32/Toolbar.SearchSuite application


Thanks,
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware