Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Odd exe commands setting off firewall/registry tampered?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 17th, 2013, 1:04 am

Hi gang,

The compy is doing some odd things. First I was unable to open files that had been downloaded such as open office, pdf, etc from the little toolbar. I could manually go to the downloads folder and get them, but did not have access when it would download to the toolbar to click on. Second, I can't connect to my printer wirelessly. Third, my comodo firewall is going off all the time lately with .exe files. Your help is greatly appreciated. Thank you so much for all you do in advance!

See logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:
Run by Palmer at 0:51:13 on 2013-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3686.1886 [GMT -4:00]
.
AV: COMODO Antivirus *Enabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
mStart Page = hxxp://lenovo.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [Best Buy pc app] C:\Users\Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Palmer\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{9915F6B5-1BB7-4E4A-8E81-998459FA3C76} : DHCPNameServer = 4.2.2.2
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98} : DHCPNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98}\16474777966696 : DHCPNameServer = 192.168.16.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98}\8456E62797 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E3703603-99B8-417C-A789-65E52D052B98}\96E6E666C65787 : DHCPNameServer = 10.59.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-7-28 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-7-28 39008]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-7-28 13408]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\windows\System32\drivers\cmderd.sys [2011-10-7 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\System32\drivers\cmdGuard.sys [2011-10-7 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\System32\drivers\cmdhlp.sys [2011-10-7 38144]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-6-7 203776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2011-7-28 198784]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-3-12 2074768]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-6-7 115216]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2011-4-21 36656]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\windows\System32\drivers\netr28x.sys [2011-7-28 1353280]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-28 436840]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2009-12-2 721768]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2009-12-2 269672]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2009-12-2 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2009-12-2 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-7-28 44672]
S2 MsDepSvc;Web Deployment Agent Service;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2012-7-18 80448]
S3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe --> c:\PROGRA~1\mcafee\msc\mcawfwk.exe [?]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-7-28 307304]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-12 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2013-03-13 02:21:49 -------- d-----w- C:\ProgramData\VirtualizedApplications
2013-03-10 18:17:04 -------- d-----w- C:\Users\Palmer\AppData\Local\SoftGrid Client
2013-03-10 18:17:01 -------- d-----w- C:\Users\Palmer\AppData\Roaming\SoftGrid Client
2013-03-10 18:15:10 47368 ----a-w- C:\windows\SysWow64\certsentry.dll
2013-03-10 18:14:46 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-03-10 18:13:01 -------- d-----w- C:\Users\Palmer\AppData\Roaming\TP
2013-02-24 08:04:24 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-24 08:04:24 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M ====================
.
2013-03-14 02:46:34 56072 ----a-w- C:\windows\System32\certsentry.dll
2013-02-08 05:05:44 74096 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 05:05:44 697712 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 05:05:20 16365936 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 0:55:48.23 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2011 7:05:15 PM
System Uptime: 3/17/2013 12:37:14 AM (0 hours ago)
.
Motherboard: LENOVO | | Inagua
Processor: AMD E-350 Processor | Socket FT1 | 1280/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 189 GiB total, 146.844 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 27.146 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP65: 11/23/2012 12:43:41 PM - OTL Restore Point - 11/23/2012 12:43:41 PM
RP66: 1/7/2013 4:10:49 AM - Windows Update
RP67: 1/10/2013 7:44:02 AM - Windows Update
RP68: 2/24/2013 3:00:21 AM - Windows Update
RP69: 3/10/2013 2:05:32 PM - Windows Update
RP70: 3/10/2013 2:53:56 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
RP71: 3/12/2013 8:22:17 AM - Removed Microsoft Office Click-to-Run 2010
RP72: 3/12/2013 8:23:21 AM - Removed Microsoft Office 2010
RP73: 3/12/2013 11:00:46 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
AudibleManager
Best Buy pc app
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comodo Dragon
COMODO Internet Security
Conexant HD Audio
D3DX10
EgisTec ES603 WDM Driver
Energy Management
Eraser 6.0.10.2620
ES603 WDM Driver
FileZilla Client 3.5.3
HP Photosmart Plus B210 series Basic Device Software
HP Photosmart Plus B210 series Help
iCloud
IIS 7.5 Express
iTunes
Java 7 Update 9 (64-bit)
Lenovo EE Boot Optimizer
Lenovo OneKey Recovery
Lenovo Security Suite
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages 2
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
Microsoft SQL Server Compact 4.0 Web Tools ENU
Microsoft SQL Server System CLR Types
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Web Deploy 3.0
Microsoft Web Platform Installer 4.0
Microsoft WebMatrix 2
MSVCRT
MySQL Connector Net 6.5.4
MySQL Server 5.1
OpenOffice.org 3.3
PowerXpressHybrid
QuickTime
Ralink RT2860 Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek USB 2.0 Reader Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Synaptics Pointing Device Driver
UserGuide
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WMV9/VC-1 Video Playback
.
==== Event Viewer Messages From Past Week ========
.
3/17/2013 12:56:49 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: Access is denied.
3/17/2013 12:39:09 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/17/2013 12:39:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Web Deployment Agent Service service to connect.
3/17/2013 12:39:00 AM, Error: Service Control Manager [7000] - The Web Deployment Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm
Advertisement
Register to Remove

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 17th, 2013, 11:25 am

Hello boondoc, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.
I am a MRU Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher.
Because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 20th, 2013, 8:52 pm

I have read all instructions and have backed up what I needed to. Thanks!
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 21st, 2013, 12:59 am

Hello boondoc,

I have some questions for you to answer along with a scan to run.

The compy is doing some odd things. First I was unable to open files that had been downloaded such as open office, pdf, etc from the little toolbar.
I could manually go to the downloads folder and get them, but did not have access when it would download to the toolbar to click on.
What toolbar are you using?

Second, I can't connect to my printer wirelessly.
This printer? (HP Photosmart Plus B210)

Third, my comodo firewall is going off all the time lately with .exe files.
Can you provide me with a list or log of files from your firewall program showing which files and what they are trying to do?



Step 1.
TDSSKiller

Please download TDSSKiller.exe and save it to your Desktop.
  1. Right click on TDSSKiller.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click on Start Scan, the scan will run.
  3. When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  4. Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  5. To find the log go to Start > Computer > C:
  6. A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  7. Post the contents of that log in your next reply please.
  8. DO NOT TRY TO FIX ANYTHING AT THIS POINT



Step 2.
OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  1. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Click the Scan All Users checkbox.
  3. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.



Please include in your next reply:
  1. Answers to my questions.
  2. Contents of TDSSKiller.X.X.X.X.XX.XX.XXXX
  3. Contents of OTL.txt
  4. Contents of Extras.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 23rd, 2013, 12:14 am

Hi boondoc,

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response.
  • If you do not reply within the next 24 hours, this topic will be closed.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 23rd, 2013, 5:14 pm

Sorry, just catching up.

1) I'm not using a specific toolbar. Files download to a toolbar (I guess more of a "download" bar) looking thing in Comodo Dragon which I can click instead of going directly to the file where ever it saved.
2) Yes, that printer.
3) Currently, I can't find anything in the firewall logs and I have it disabled.

Here is the TDSS log you requested:

16:38:44.0966 1704 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:38:46.0973 1704 ============================================================
16:38:46.0973 1704 Current date / time: 2013/03/23 16:38:46.0973
16:38:46.0974 1704 SystemInfo:
16:38:46.0974 1704
16:38:46.0974 1704 OS Version: 6.1.7601 ServicePack: 1.0
16:38:46.0974 1704 Product type: Workstation
16:38:46.0974 1704 ComputerName: PALMER-PC
16:38:46.0975 1704 UserName: Palmer
16:38:46.0975 1704 Windows directory: C:\windows
16:38:46.0975 1704 System windows directory: C:\windows
16:38:46.0975 1704 Running under WOW64
16:38:46.0975 1704 Processor architecture: Intel x64
16:38:46.0975 1704 Number of processors: 2
16:38:46.0976 1704 Page size: 0x1000
16:38:46.0976 1704 Boot type: Normal boot
16:38:46.0976 1704 ============================================================
16:38:49.0625 1704 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:38:49.0635 1704 ============================================================
16:38:49.0635 1704 \Device\Harddisk0\DR0:
16:38:49.0636 1704 MBR partitions:
16:38:49.0636 1704 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
16:38:49.0636 1704 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x179E0800
16:38:49.0663 1704 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x17A45800, BlocksNum 0x39FD800
16:38:49.0663 1704 ============================================================
16:38:49.0745 1704 C: <-> \Device\Harddisk0\DR0\Partition2
16:38:49.0783 1704 D: <-> \Device\Harddisk0\DR0\Partition3
16:38:49.0784 1704 ============================================================
16:38:49.0784 1704 Initialize success
16:38:49.0784 1704 ============================================================
16:39:02.0288 6796 ============================================================
16:39:02.0289 6796 Scan started
16:39:02.0289 6796 Mode: Manual;
16:39:02.0289 6796 ============================================================
16:39:03.0259 6796 ================ Scan system memory ========================
16:39:03.0259 6796 System memory - ok
16:39:03.0261 6796 ================ Scan services =============================
16:39:03.0530 6796 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
16:39:03.0544 6796 1394ohci - ok
16:39:03.0583 6796 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
16:39:03.0591 6796 ACPI - ok
16:39:03.0605 6796 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
16:39:03.0611 6796 AcpiPmi - ok
16:39:03.0652 6796 [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
16:39:03.0656 6796 ACPIVPC - ok
16:39:03.0759 6796 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:39:03.0765 6796 AdobeARMservice - ok
16:39:03.0944 6796 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:39:04.0208 6796 AdobeFlashPlayerUpdateSvc - ok
16:39:04.0269 6796 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
16:39:04.0282 6796 adp94xx - ok
16:39:04.0312 6796 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
16:39:04.0322 6796 adpahci - ok
16:39:04.0336 6796 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
16:39:04.0343 6796 adpu320 - ok
16:39:04.0375 6796 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
16:39:04.0379 6796 AeLookupSvc - ok
16:39:04.0447 6796 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
16:39:04.0472 6796 AFD - ok
16:39:04.0496 6796 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
16:39:04.0502 6796 agp440 - ok
16:39:04.0527 6796 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
16:39:04.0532 6796 ALG - ok
16:39:04.0553 6796 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
16:39:04.0557 6796 aliide - ok
16:39:04.0600 6796 [ C907240FE95DE405E40342419B9D2AFE ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:39:04.0608 6796 AMD External Events Utility - ok
16:39:04.0618 6796 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
16:39:04.0622 6796 amdide - ok
16:39:04.0641 6796 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
16:39:04.0648 6796 AmdK8 - ok
16:39:04.0884 6796 [ 76310C6DC018CE6310E4520789B9E40A ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
16:39:05.0134 6796 amdkmdag - ok
16:39:05.0164 6796 [ 3CBD33B1903C0A10FB746388EED91370 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
16:39:05.0172 6796 amdkmdap - ok
16:39:05.0204 6796 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
16:39:05.0206 6796 AmdPPM - ok
16:39:05.0217 6796 [ CC3021D064EB6D3C2F949530E2B0BA47 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
16:39:05.0220 6796 amdsata - ok
16:39:05.0247 6796 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
16:39:05.0254 6796 amdsbs - ok
16:39:05.0265 6796 [ FFC5A0F6263574EF0D5467496B721F77 ] amdxata C:\windows\system32\drivers\amdxata.sys
16:39:05.0269 6796 amdxata - ok
16:39:05.0289 6796 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
16:39:05.0295 6796 AppID - ok
16:39:05.0321 6796 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
16:39:05.0326 6796 AppIDSvc - ok
16:39:05.0349 6796 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
16:39:05.0354 6796 Appinfo - ok
16:39:05.0527 6796 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:39:05.0535 6796 Apple Mobile Device - ok
16:39:05.0569 6796 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
16:39:05.0574 6796 arc - ok
16:39:05.0595 6796 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
16:39:05.0602 6796 arcsas - ok
16:39:05.0983 6796 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:39:06.0040 6796 aspnet_state - ok
16:39:06.0077 6796 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
16:39:06.0082 6796 AsyncMac - ok
16:39:06.0133 6796 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
16:39:06.0136 6796 atapi - ok
16:39:06.0198 6796 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys
16:39:06.0206 6796 AtiHDAudioService - ok
16:39:06.0278 6796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:39:06.0292 6796 AudioEndpointBuilder - ok
16:39:06.0311 6796 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
16:39:06.0319 6796 AudioSrv - ok
16:39:06.0379 6796 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
16:39:06.0385 6796 AxInstSV - ok
16:39:06.0439 6796 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
16:39:06.0453 6796 b06bdrv - ok
16:39:06.0493 6796 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
16:39:06.0502 6796 b57nd60a - ok
16:39:06.0544 6796 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
16:39:06.0552 6796 BDESVC - ok
16:39:06.0563 6796 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
16:39:06.0566 6796 Beep - ok
16:39:06.0614 6796 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
16:39:06.0640 6796 BFE - ok
16:39:06.0697 6796 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
16:39:06.0728 6796 BITS - ok
16:39:06.0746 6796 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
16:39:06.0751 6796 blbdrive - ok
16:39:06.0921 6796 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:39:06.0950 6796 Bonjour Service - ok
16:39:06.0978 6796 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
16:39:06.0986 6796 bowser - ok
16:39:07.0035 6796 [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv C:\windows\system32\drivers\BPntDrv.sys
16:39:07.0039 6796 BPntDrv - ok
16:39:07.0057 6796 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
16:39:07.0063 6796 BrFiltLo - ok
16:39:07.0072 6796 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
16:39:07.0078 6796 BrFiltUp - ok
16:39:07.0141 6796 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
16:39:07.0147 6796 Browser - ok
16:39:07.0179 6796 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
16:39:07.0188 6796 Brserid - ok
16:39:07.0200 6796 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
16:39:07.0205 6796 BrSerWdm - ok
16:39:07.0216 6796 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
16:39:07.0219 6796 BrUsbMdm - ok
16:39:07.0230 6796 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
16:39:07.0234 6796 BrUsbSer - ok
16:39:07.0283 6796 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
16:39:07.0288 6796 BthEnum - ok
16:39:07.0315 6796 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
16:39:07.0322 6796 BTHMODEM - ok
16:39:07.0333 6796 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
16:39:07.0339 6796 BthPan - ok
16:39:07.0372 6796 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
16:39:07.0385 6796 BTHPORT - ok
16:39:07.0415 6796 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
16:39:07.0421 6796 bthserv - ok
16:39:07.0450 6796 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
16:39:07.0455 6796 BTHUSB - ok
16:39:07.0483 6796 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
16:39:07.0489 6796 cdfs - ok
16:39:07.0544 6796 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
16:39:07.0557 6796 cdrom - ok
16:39:07.0601 6796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
16:39:07.0607 6796 CertPropSvc - ok
16:39:07.0630 6796 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
16:39:07.0635 6796 circlass - ok
16:39:07.0661 6796 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
16:39:07.0672 6796 CLFS - ok
16:39:07.0749 6796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:39:07.0773 6796 clr_optimization_v2.0.50727_32 - ok
16:39:07.0814 6796 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:39:07.0821 6796 clr_optimization_v2.0.50727_64 - ok
16:39:08.0077 6796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:39:08.0199 6796 clr_optimization_v4.0.30319_32 - ok
16:39:08.0229 6796 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:39:08.0279 6796 clr_optimization_v4.0.30319_64 - ok
16:39:08.0306 6796 clwvd - ok
16:39:08.0348 6796 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
16:39:08.0352 6796 CmBatt - ok
16:39:08.0499 6796 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:39:08.0526 6796 cmdAgent - ok
16:39:08.0631 6796 [ 2D6DC31AA55BFF702519235DEF0DA68E ] cmderd C:\windows\system32\DRIVERS\cmderd.sys
16:39:08.0633 6796 cmderd - ok
16:39:08.0694 6796 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\windows\system32\DRIVERS\cmdguard.sys
16:39:08.0701 6796 cmdGuard - ok
16:39:08.0747 6796 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\windows\system32\DRIVERS\cmdhlp.sys
16:39:08.0749 6796 cmdHlp - ok
16:39:08.0767 6796 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
16:39:08.0771 6796 cmdide - ok
16:39:08.0821 6796 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
16:39:08.0845 6796 CNG - ok
16:39:08.0930 6796 [ A260BE645DD096D90318C8CF98536720 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:39:08.0987 6796 CnxtHdAudService - ok
16:39:09.0044 6796 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
16:39:09.0048 6796 Compbatt - ok
16:39:09.0065 6796 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
16:39:09.0069 6796 CompositeBus - ok
16:39:09.0084 6796 COMSysApp - ok
16:39:09.0099 6796 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
16:39:09.0103 6796 crcdisk - ok
16:39:09.0161 6796 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
16:39:09.0168 6796 CryptSvc - ok
16:39:09.0279 6796 [ 61A86809B62769643892BC0812B204AA ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:39:09.0626 6796 cvhsvc - ok
16:39:09.0671 6796 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\windows\system32\CxAudMsg64.exe
16:39:09.0678 6796 CxAudMsg - ok
16:39:09.0738 6796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
16:39:09.0769 6796 DcomLaunch - ok
16:39:09.0803 6796 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
16:39:09.0813 6796 defragsvc - ok
16:39:09.0852 6796 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
16:39:09.0861 6796 DfsC - ok
16:39:09.0904 6796 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
16:39:09.0914 6796 Dhcp - ok
16:39:09.0923 6796 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
16:39:09.0929 6796 discache - ok
16:39:09.0955 6796 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
16:39:09.0961 6796 Disk - ok
16:39:09.0985 6796 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
16:39:09.0993 6796 Dnscache - ok
16:39:10.0020 6796 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
16:39:10.0030 6796 dot3svc - ok
16:39:10.0046 6796 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
16:39:10.0053 6796 DPS - ok
16:39:10.0312 6796 [ F8BCE77F950E5112D7087DCA2A2174D8 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
16:39:10.0561 6796 DragonUpdater - ok
16:39:10.0619 6796 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
16:39:10.0622 6796 drmkaud - ok
16:39:10.0667 6796 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
16:39:10.0714 6796 DXGKrnl - ok
16:39:10.0756 6796 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
16:39:10.0762 6796 EapHost - ok
16:39:10.0863 6796 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
16:39:10.0968 6796 ebdrv - ok
16:39:11.0006 6796 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
16:39:11.0011 6796 EFS - ok
16:39:11.0077 6796 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
16:39:11.0107 6796 ehRecvr - ok
16:39:11.0127 6796 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
16:39:11.0133 6796 ehSched - ok
16:39:11.0169 6796 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
16:39:11.0183 6796 elxstor - ok
16:39:11.0193 6796 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
16:39:11.0197 6796 ErrDev - ok
16:39:11.0283 6796 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
16:39:11.0294 6796 EventSystem - ok
16:39:11.0314 6796 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
16:39:11.0321 6796 exfat - ok
16:39:11.0352 6796 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
16:39:11.0375 6796 fastfat - ok
16:39:11.0415 6796 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
16:39:11.0442 6796 Fax - ok
16:39:11.0472 6796 [ 0BDD7984DB7AAFF6DFEFD11D82D473DB ] fbfmon C:\windows\system32\drivers\fbfmon.sys
16:39:11.0478 6796 fbfmon - ok
16:39:11.0497 6796 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
16:39:11.0501 6796 fdc - ok
16:39:11.0529 6796 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
16:39:11.0533 6796 fdPHost - ok
16:39:11.0557 6796 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
16:39:11.0563 6796 FDResPub - ok
16:39:11.0607 6796 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
16:39:11.0612 6796 FileInfo - ok
16:39:11.0621 6796 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
16:39:11.0627 6796 Filetrace - ok
16:39:11.0652 6796 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
16:39:11.0656 6796 flpydisk - ok
16:39:11.0696 6796 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
16:39:11.0711 6796 FltMgr - ok
16:39:11.0754 6796 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
16:39:11.0797 6796 FontCache - ok
16:39:11.0846 6796 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:39:12.0016 6796 FontCache3.0.0.0 - ok
16:39:12.0052 6796 [ 721A1C957BD23829C6D2BE5C7CDC1012 ] FPSensor C:\windows\system32\Drivers\FPSensor.sys
16:39:12.0057 6796 FPSensor - ok
16:39:12.0091 6796 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
16:39:12.0096 6796 FsDepends - ok
16:39:12.0148 6796 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
16:39:12.0153 6796 Fs_Rec - ok
16:39:12.0195 6796 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
16:39:12.0221 6796 fvevol - ok
16:39:12.0245 6796 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
16:39:12.0251 6796 gagp30kx - ok
16:39:12.0284 6796 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:39:12.0289 6796 GEARAspiWDM - ok
16:39:12.0349 6796 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
16:39:12.0383 6796 gpsvc - ok
16:39:12.0413 6796 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
16:39:12.0418 6796 hcw85cir - ok
16:39:12.0448 6796 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:39:12.0466 6796 HdAudAddService - ok
16:39:12.0505 6796 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
16:39:12.0509 6796 HDAudBus - ok
16:39:12.0519 6796 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
16:39:12.0525 6796 HidBatt - ok
16:39:12.0538 6796 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
16:39:12.0545 6796 HidBth - ok
16:39:12.0574 6796 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
16:39:12.0581 6796 HidIr - ok
16:39:12.0613 6796 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
16:39:12.0621 6796 hidserv - ok
16:39:12.0635 6796 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
16:39:12.0640 6796 HidUsb - ok
16:39:12.0676 6796 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
16:39:12.0684 6796 hkmsvc - ok
16:39:12.0708 6796 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:39:12.0718 6796 HomeGroupListener - ok
16:39:12.0759 6796 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:39:12.0768 6796 HomeGroupProvider - ok
16:39:12.0780 6796 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
16:39:12.0786 6796 HpSAMD - ok
16:39:12.0834 6796 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
16:39:12.0883 6796 HTTP - ok
16:39:12.0894 6796 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
16:39:12.0899 6796 hwpolicy - ok
16:39:12.0923 6796 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
16:39:12.0929 6796 i8042prt - ok
16:39:12.0975 6796 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\windows\system32\drivers\iaStorV.sys
16:39:12.0987 6796 iaStorV - ok
16:39:13.0066 6796 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:39:13.0102 6796 idsvc - ok
16:39:13.0160 6796 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
16:39:13.0167 6796 iirsp - ok
16:39:13.0231 6796 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
16:39:13.0276 6796 IKEEXT - ok
16:39:13.0326 6796 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\windows\system32\DRIVERS\inspect.sys
16:39:13.0329 6796 inspect - ok
16:39:13.0346 6796 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
16:39:13.0350 6796 intelide - ok
16:39:13.0376 6796 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
16:39:13.0383 6796 intelppm - ok
16:39:13.0429 6796 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
16:39:13.0436 6796 IPBusEnum - ok
16:39:13.0453 6796 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
16:39:13.0460 6796 IpFilterDriver - ok
16:39:13.0493 6796 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
16:39:13.0517 6796 iphlpsvc - ok
16:39:13.0539 6796 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
16:39:13.0547 6796 IPMIDRV - ok
16:39:13.0575 6796 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
16:39:13.0582 6796 IPNAT - ok
16:39:13.0647 6796 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:39:13.0693 6796 iPod Service - ok
16:39:13.0729 6796 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
16:39:13.0733 6796 IRENUM - ok
16:39:13.0744 6796 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
16:39:13.0748 6796 isapnp - ok
16:39:13.0991 6796 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
16:39:14.0006 6796 iScsiPrt - ok
16:39:14.0040 6796 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
16:39:14.0045 6796 kbdclass - ok
16:39:14.0066 6796 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
16:39:14.0071 6796 kbdhid - ok
16:39:14.0098 6796 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
16:39:14.0100 6796 KeyIso - ok
16:39:14.0142 6796 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
16:39:14.0152 6796 KSecDD - ok
16:39:14.0187 6796 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
16:39:14.0198 6796 KSecPkg - ok
16:39:14.0241 6796 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
16:39:14.0245 6796 ksthunk - ok
16:39:14.0281 6796 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
16:39:14.0303 6796 KtmRm - ok
16:39:14.0357 6796 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
16:39:14.0375 6796 LanmanServer - ok
16:39:14.0413 6796 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:39:14.0421 6796 LanmanWorkstation - ok
16:39:14.0451 6796 [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
16:39:14.0456 6796 LHDmgr - ok
16:39:14.0483 6796 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
16:39:14.0488 6796 lltdio - ok
16:39:14.0533 6796 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
16:39:14.0543 6796 lltdsvc - ok
16:39:14.0562 6796 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
16:39:14.0566 6796 lmhosts - ok
16:39:14.0608 6796 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
16:39:14.0616 6796 LSI_FC - ok
16:39:14.0626 6796 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
16:39:14.0632 6796 LSI_SAS - ok
16:39:14.0643 6796 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
16:39:14.0649 6796 LSI_SAS2 - ok
16:39:14.0671 6796 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
16:39:14.0678 6796 LSI_SCSI - ok
16:39:14.0692 6796 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
16:39:14.0698 6796 luafv - ok
16:39:14.0714 6796 McAWFwk - ok
16:39:14.0753 6796 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
16:39:14.0760 6796 Mcx2Svc - ok
16:39:14.0784 6796 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
16:39:14.0789 6796 megasas - ok
16:39:14.0825 6796 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
16:39:14.0835 6796 MegaSR - ok
16:39:14.0871 6796 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
16:39:14.0877 6796 MMCSS - ok
16:39:14.0888 6796 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
16:39:14.0892 6796 Modem - ok
16:39:14.0919 6796 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
16:39:14.0922 6796 monitor - ok
16:39:14.0934 6796 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
16:39:14.0939 6796 mouclass - ok
16:39:14.0958 6796 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
16:39:14.0963 6796 mouhid - ok
16:39:14.0984 6796 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
16:39:14.0992 6796 mountmgr - ok
16:39:15.0011 6796 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
16:39:15.0021 6796 mpio - ok
16:39:15.0033 6796 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
16:39:15.0038 6796 mpsdrv - ok
16:39:15.0091 6796 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
16:39:15.0124 6796 MpsSvc - ok
16:39:15.0137 6796 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
16:39:15.0146 6796 MRxDAV - ok
16:39:15.0185 6796 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
16:39:15.0196 6796 mrxsmb - ok
16:39:15.0225 6796 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
16:39:15.0241 6796 mrxsmb10 - ok
16:39:15.0259 6796 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
16:39:15.0269 6796 mrxsmb20 - ok
16:39:15.0308 6796 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
16:39:15.0312 6796 msahci - ok
16:39:15.0362 6796 [ B7A248E6BCAE3B17791A51A836DAE264 ] MsDepSvc C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
16:39:15.0535 6796 MsDepSvc - ok
16:39:15.0557 6796 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
16:39:15.0567 6796 msdsm - ok
16:39:15.0594 6796 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
16:39:15.0602 6796 MSDTC - ok
16:39:15.0624 6796 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
16:39:15.0629 6796 Msfs - ok
16:39:15.0651 6796 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
16:39:15.0655 6796 mshidkmdf - ok
16:39:15.0665 6796 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
16:39:15.0669 6796 msisadrv - ok
16:39:15.0712 6796 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
16:39:15.0720 6796 MSiSCSI - ok
16:39:15.0730 6796 msiserver - ok
16:39:15.0760 6796 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
16:39:15.0767 6796 MSKSSRV - ok
16:39:15.0776 6796 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
16:39:15.0781 6796 MSPCLOCK - ok
16:39:15.0791 6796 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
16:39:15.0796 6796 MSPQM - ok
16:39:15.0826 6796 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
16:39:15.0837 6796 MsRPC - ok
16:39:15.0854 6796 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
16:39:15.0857 6796 mssmbios - ok
16:39:15.0866 6796 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
16:39:15.0870 6796 MSTEE - ok
16:39:15.0881 6796 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
16:39:15.0885 6796 MTConfig - ok
16:39:15.0899 6796 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
16:39:15.0904 6796 Mup - ok
16:39:15.0956 6796 MySQL - ok
16:39:16.0033 6796 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
16:39:16.0056 6796 napagent - ok
16:39:16.0118 6796 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
16:39:16.0128 6796 NativeWifiP - ok
16:39:16.0179 6796 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\windows\system32\drivers\ndis.sys
16:39:16.0196 6796 NDIS - ok
16:39:16.0207 6796 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
16:39:16.0214 6796 NdisCap - ok
16:39:16.0229 6796 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
16:39:16.0233 6796 NdisTapi - ok
16:39:16.0250 6796 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
16:39:16.0256 6796 Ndisuio - ok
16:39:16.0269 6796 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
16:39:16.0280 6796 NdisWan - ok
16:39:16.0292 6796 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
16:39:16.0298 6796 NDProxy - ok
16:39:16.0309 6796 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
16:39:16.0315 6796 NetBIOS - ok
16:39:16.0363 6796 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
16:39:16.0378 6796 NetBT - ok
16:39:16.0399 6796 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
16:39:16.0401 6796 Netlogon - ok
16:39:16.0453 6796 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
16:39:16.0464 6796 Netman - ok
16:39:16.0507 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:16.0521 6796 NetMsmqActivator - ok
16:39:16.0531 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:16.0534 6796 NetPipeActivator - ok
16:39:16.0579 6796 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
16:39:16.0601 6796 netprofm - ok
16:39:16.0679 6796 [ 813B7C722BA97E703D375ABA170E16CC ] netr28x C:\windows\system32\DRIVERS\netr28x.sys
16:39:16.0719 6796 netr28x - ok
16:39:16.0730 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:16.0733 6796 NetTcpActivator - ok
16:39:16.0742 6796 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:39:16.0746 6796 NetTcpPortSharing - ok
16:39:16.0788 6796 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
16:39:16.0794 6796 nfrd960 - ok
16:39:16.0832 6796 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
16:39:16.0843 6796 NlaSvc - ok
16:39:16.0855 6796 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
16:39:16.0860 6796 Npfs - ok
16:39:16.0908 6796 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
16:39:16.0914 6796 nsi - ok
16:39:16.0924 6796 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
16:39:16.0931 6796 nsiproxy - ok
16:39:16.0996 6796 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\windows\system32\drivers\Ntfs.sys
16:39:17.0041 6796 Ntfs - ok
16:39:17.0052 6796 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
16:39:17.0056 6796 Null - ok
16:39:17.0076 6796 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\windows\system32\drivers\nvraid.sys
16:39:17.0083 6796 nvraid - ok
16:39:17.0106 6796 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\windows\system32\drivers\nvstor.sys
16:39:17.0113 6796 nvstor - ok
16:39:17.0135 6796 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
16:39:17.0141 6796 nv_agp - ok
16:39:17.0175 6796 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
16:39:17.0181 6796 ohci1394 - ok
16:39:17.0221 6796 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:39:17.0408 6796 ose - ok
16:39:17.0604 6796 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:39:17.0799 6796 osppsvc - ok
16:39:17.0878 6796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
16:39:17.0891 6796 p2pimsvc - ok
16:39:17.0976 6796 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
16:39:17.0990 6796 p2psvc - ok
16:39:18.0028 6796 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
16:39:18.0037 6796 Parport - ok
16:39:18.0073 6796 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
16:39:18.0082 6796 partmgr - ok
16:39:18.0095 6796 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
16:39:18.0104 6796 PcaSvc - ok
16:39:18.0145 6796 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
16:39:18.0155 6796 pci - ok
16:39:18.0165 6796 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
16:39:18.0170 6796 pciide - ok
16:39:18.0197 6796 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
16:39:18.0205 6796 pcmcia - ok
16:39:18.0216 6796 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
16:39:18.0220 6796 pcw - ok
16:39:18.0252 6796 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
16:39:18.0287 6796 PEAUTH - ok
16:39:18.0418 6796 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
16:39:18.0589 6796 PerfHost - ok
16:39:18.0669 6796 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
16:39:18.0714 6796 pla - ok
16:39:18.0776 6796 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
16:39:18.0788 6796 PlugPlay - ok
16:39:18.0814 6796 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
16:39:18.0822 6796 PNRPAutoReg - ok
16:39:18.0847 6796 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
16:39:18.0853 6796 PNRPsvc - ok
16:39:18.0898 6796 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
16:39:18.0921 6796 PolicyAgent - ok
16:39:18.0967 6796 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
16:39:18.0976 6796 Power - ok
16:39:19.0017 6796 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
16:39:19.0026 6796 PptpMiniport - ok
16:39:19.0046 6796 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
16:39:19.0053 6796 Processor - ok
16:39:19.0098 6796 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\windows\system32\profsvc.dll
16:39:19.0107 6796 ProfSvc - ok
16:39:19.0127 6796 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
16:39:19.0130 6796 ProtectedStorage - ok
16:39:19.0171 6796 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
16:39:19.0181 6796 Psched - ok
16:39:19.0237 6796 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
16:39:19.0282 6796 ql2300 - ok
16:39:19.0311 6796 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
16:39:19.0320 6796 ql40xx - ok
16:39:19.0360 6796 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
16:39:19.0370 6796 QWAVE - ok
16:39:19.0380 6796 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
16:39:19.0385 6796 QWAVEdrv - ok
16:39:19.0396 6796 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
16:39:19.0399 6796 RasAcd - ok
16:39:19.0439 6796 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
16:39:19.0444 6796 RasAgileVpn - ok
16:39:19.0468 6796 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
16:39:19.0476 6796 RasAuto - ok
16:39:19.0487 6796 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
16:39:19.0496 6796 Rasl2tp - ok
16:39:19.0515 6796 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
16:39:19.0527 6796 RasMan - ok
16:39:19.0538 6796 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
16:39:19.0542 6796 RasPppoe - ok
16:39:19.0557 6796 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
16:39:19.0563 6796 RasSstp - ok
16:39:19.0589 6796 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
16:39:19.0606 6796 rdbss - ok
16:39:19.0615 6796 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
16:39:19.0620 6796 rdpbus - ok
16:39:19.0635 6796 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
16:39:19.0640 6796 RDPCDD - ok
16:39:19.0655 6796 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
16:39:19.0659 6796 RDPENCDD - ok
16:39:19.0682 6796 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
16:39:19.0686 6796 RDPREFMP - ok
16:39:19.0734 6796 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
16:39:19.0748 6796 RDPWD - ok
16:39:19.0804 6796 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
16:39:19.0820 6796 rdyboost - ok
16:39:19.0865 6796 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
16:39:19.0872 6796 RemoteAccess - ok
16:39:19.0917 6796 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
16:39:19.0927 6796 RemoteRegistry - ok
16:39:19.0942 6796 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
16:39:19.0948 6796 RFCOMM - ok
16:39:19.0991 6796 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
16:39:19.0998 6796 RpcEptMapper - ok
16:39:20.0013 6796 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
16:39:20.0019 6796 RpcLocator - ok
16:39:20.0049 6796 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
16:39:20.0057 6796 RpcSs - ok
16:39:20.0108 6796 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
16:39:20.0114 6796 rspndr - ok
16:39:20.0166 6796 [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
16:39:20.0171 6796 RSUSBVSTOR - ok
16:39:20.0200 6796 [ 3372196F61AF48503656EF6AA3E92D1B ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
16:39:20.0212 6796 RTL8167 - ok
16:39:20.0247 6796 S6000KNT - ok
16:39:20.0272 6796 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
16:39:20.0274 6796 SamSs - ok
16:39:20.0297 6796 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
16:39:20.0306 6796 sbp2port - ok
16:39:20.0349 6796 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
16:39:20.0360 6796 SCardSvr - ok
16:39:20.0377 6796 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
16:39:20.0383 6796 scfilter - ok
16:39:20.0429 6796 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
16:39:20.0464 6796 Schedule - ok
16:39:20.0487 6796 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
16:39:20.0489 6796 SCPolicySvc - ok
16:39:20.0511 6796 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
16:39:20.0520 6796 SDRSVC - ok
16:39:20.0567 6796 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
16:39:20.0571 6796 secdrv - ok
16:39:20.0592 6796 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
16:39:20.0599 6796 seclogon - ok
16:39:20.0621 6796 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
16:39:20.0626 6796 SENS - ok
16:39:20.0662 6796 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
16:39:20.0669 6796 SensrSvc - ok
16:39:20.0680 6796 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
16:39:20.0683 6796 Serenum - ok
16:39:20.0719 6796 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
16:39:20.0726 6796 Serial - ok
16:39:20.0757 6796 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
16:39:20.0769 6796 sermouse - ok
16:39:20.0809 6796 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
16:39:20.0821 6796 SessionEnv - ok
16:39:20.0833 6796 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
16:39:20.0837 6796 sffdisk - ok
16:39:20.0848 6796 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
16:39:20.0851 6796 sffp_mmc - ok
16:39:20.0862 6796 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
16:39:20.0866 6796 sffp_sd - ok
16:39:20.0876 6796 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
16:39:20.0881 6796 sfloppy - ok
16:39:20.0937 6796 [ D5183ED285D2795491DC15BDDCBEE5AD ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
16:39:20.0964 6796 Sftfs - ok
16:39:21.0023 6796 [ BFDB58616FF5EA540A5F58301D50641E ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:39:21.0267 6796 sftlist - ok
16:39:21.0295 6796 [ 00F118B68C50D2206DD51634F9142B83 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
16:39:21.0304 6796 Sftplay - ok
16:39:21.0331 6796 [ 76A827DF5640BFE16A0CDBB4108ADECA ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
16:39:21.0335 6796 Sftredir - ok
16:39:21.0358 6796 [ 1B4C9701645086BAB8CAFFFCE30ED284 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
16:39:21.0362 6796 Sftvol - ok
16:39:21.0387 6796 [ B94C3C4DCA2093243C76CA218EDE2A97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:39:21.0592 6796 sftvsa - ok
16:39:21.0630 6796 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
16:39:21.0642 6796 SharedAccess - ok
16:39:21.0684 6796 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:39:21.0696 6796 ShellHWDetection - ok
16:39:21.0739 6796 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
16:39:21.0746 6796 SiSRaid2 - ok
16:39:21.0759 6796 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
16:39:21.0766 6796 SiSRaid4 - ok
16:39:21.0785 6796 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
16:39:21.0790 6796 Smb - ok
16:39:21.0846 6796 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
16:39:21.0852 6796 SNMPTRAP - ok
16:39:21.0876 6796 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
16:39:21.0881 6796 spldr - ok
16:39:21.0913 6796 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
16:39:21.0936 6796 Spooler - ok
16:39:22.0039 6796 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
16:39:22.0134 6796 sppsvc - ok
16:39:22.0147 6796 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
16:39:22.0154 6796 sppuinotify - ok
16:39:22.0212 6796 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
16:39:22.0236 6796 srv - ok
16:39:22.0269 6796 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
16:39:22.0292 6796 srv2 - ok
16:39:22.0314 6796 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
16:39:22.0326 6796 srvnet - ok
16:39:22.0371 6796 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
16:39:22.0380 6796 SSDPSRV - ok
16:39:22.0393 6796 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
16:39:22.0401 6796 SstpSvc - ok
16:39:22.0438 6796 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
16:39:22.0442 6796 stexstor - ok
16:39:22.0487 6796 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
16:39:22.0491 6796 StillCam - ok
16:39:22.0558 6796 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
16:39:22.0581 6796 stisvc - ok
16:39:22.0607 6796 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
16:39:22.0611 6796 swenum - ok
16:39:22.0655 6796 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
16:39:22.0679 6796 swprv - ok
16:39:22.0761 6796 [ 09E811486038F1C06F9E00DFFAAB7A4E ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
16:39:22.0797 6796 SynTP - ok
16:39:22.0881 6796 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
16:39:22.0973 6796 SysMain - ok
16:39:22.0990 6796 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
16:39:22.0999 6796 TabletInputService - ok
16:39:23.0027 6796 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
16:39:23.0039 6796 TapiSrv - ok
16:39:23.0054 6796 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
16:39:23.0062 6796 TBS - ok
16:39:23.0137 6796 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
16:39:23.0221 6796 Tcpip - ok
16:39:23.0299 6796 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
16:39:23.0317 6796 TCPIP6 - ok
16:39:23.0357 6796 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
16:39:23.0362 6796 tcpipreg - ok
16:39:23.0379 6796 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
16:39:23.0382 6796 TDPIPE - ok
16:39:23.0417 6796 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
16:39:23.0422 6796 TDTCP - ok
16:39:23.0449 6796 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
16:39:23.0458 6796 tdx - ok
16:39:23.0469 6796 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
16:39:23.0475 6796 TermDD - ok
16:39:23.0519 6796 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
16:39:23.0553 6796 TermService - ok
16:39:23.0571 6796 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
16:39:23.0578 6796 Themes - ok
16:39:23.0597 6796 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
16:39:23.0600 6796 THREADORDER - ok
16:39:23.0619 6796 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
16:39:23.0628 6796 TrkWks - ok
16:39:23.0681 6796 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:39:23.0688 6796 TrustedInstaller - ok
16:39:23.0716 6796 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
16:39:23.0721 6796 tssecsrv - ok
16:39:23.0739 6796 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
16:39:23.0745 6796 TsUsbFlt - ok
16:39:23.0767 6796 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
16:39:23.0771 6796 TsUsbGD - ok
16:39:23.0819 6796 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
16:39:23.0828 6796 tunnel - ok
16:39:23.0839 6796 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
16:39:23.0845 6796 uagp35 - ok
16:39:23.0875 6796 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
16:39:23.0893 6796 udfs - ok
16:39:23.0936 6796 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
16:39:23.0944 6796 UI0Detect - ok
16:39:23.0958 6796 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
16:39:23.0964 6796 uliagpkx - ok
16:39:23.0975 6796 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
16:39:23.0981 6796 umbus - ok
16:39:23.0999 6796 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
16:39:24.0003 6796 UmPass - ok
16:39:24.0049 6796 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
16:39:24.0061 6796 upnphost - ok
16:39:24.0104 6796 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
16:39:24.0111 6796 USBAAPL64 - ok
16:39:24.0142 6796 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
16:39:24.0149 6796 usbccgp - ok
16:39:24.0159 6796 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
16:39:24.0166 6796 usbcir - ok
16:39:24.0189 6796 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
16:39:24.0195 6796 usbehci - ok
16:39:24.0232 6796 [ 76E2FFAD301490BA27B947C6507752FB ] usbfilter C:\windows\system32\DRIVERS\usbfilter.sys
16:39:24.0237 6796 usbfilter - ok
16:39:24.0271 6796 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
16:39:24.0283 6796 usbhub - ok
16:39:24.0293 6796 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
16:39:24.0298 6796 usbohci - ok
16:39:24.0312 6796 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
16:39:24.0317 6796 usbprint - ok
16:39:24.0329 6796 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
16:39:24.0335 6796 USBSTOR - ok
16:39:24.0346 6796 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
16:39:24.0350 6796 usbuhci - ok
16:39:24.0387 6796 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
16:39:24.0395 6796 usbvideo - ok
16:39:24.0426 6796 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
16:39:24.0434 6796 UxSms - ok
16:39:24.0454 6796 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
16:39:24.0456 6796 VaultSvc - ok
16:39:24.0482 6796 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
16:39:24.0487 6796 vdrvroot - ok
16:39:24.0519 6796 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
16:39:24.0542 6796 vds - ok
16:39:24.0560 6796 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
16:39:24.0564 6796 vga - ok
16:39:24.0576 6796 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
16:39:24.0583 6796 VgaSave - ok
16:39:24.0613 6796 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
16:39:24.0627 6796 vhdmp - ok
16:39:24.0637 6796 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
16:39:24.0641 6796 viaide - ok
16:39:24.0662 6796 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
16:39:24.0669 6796 volmgr - ok
16:39:24.0696 6796 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
16:39:24.0715 6796 volmgrx - ok
16:39:24.0735 6796 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
16:39:24.0764 6796 volsnap - ok
16:39:24.0782 6796 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
16:39:24.0789 6796 vsmraid - ok
16:39:24.0856 6796 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
16:39:24.0925 6796 VSS - ok
16:39:24.0936 6796 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
16:39:24.0940 6796 vwifibus - ok
16:39:24.0950 6796 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
16:39:24.0956 6796 vwififlt - ok
16:39:24.0985 6796 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
16:39:25.0000 6796 W32Time - ok
16:39:25.0016 6796 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
16:39:25.0021 6796 WacomPen - ok
16:39:25.0040 6796 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
16:39:25.0047 6796 WANARP - ok
16:39:25.0055 6796 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
16:39:25.0058 6796 Wanarpv6 - ok
16:39:25.0123 6796 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
16:39:25.0158 6796 WatAdminSvc - ok
16:39:25.0223 6796 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
16:39:25.0271 6796 wbengine - ok
16:39:25.0292 6796 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
16:39:25.0303 6796 WbioSrvc - ok
16:39:25.0319 6796 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
16:39:25.0331 6796 wcncsvc - ok
16:39:25.0358 6796 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:39:25.0366 6796 WcsPlugInService - ok
16:39:25.0391 6796 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
16:39:25.0396 6796 Wd - ok
16:39:25.0437 6796 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
16:39:25.0473 6796 Wdf01000 - ok
16:39:25.0491 6796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
16:39:25.0500 6796 WdiServiceHost - ok
16:39:25.0508 6796 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
16:39:25.0513 6796 WdiSystemHost - ok
16:39:25.0533 6796 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
16:39:25.0545 6796 WebClient - ok
16:39:25.0569 6796 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
16:39:25.0581 6796 Wecsvc - ok
16:39:25.0596 6796 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
16:39:25.0604 6796 wercplsupport - ok
16:39:25.0638 6796 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
16:39:25.0646 6796 WerSvc - ok
16:39:25.0675 6796 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
16:39:25.0680 6796 WfpLwf - ok
16:39:25.0705 6796 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
16:39:25.0709 6796 WIMMount - ok
16:39:25.0734 6796 WinDefend - ok
16:39:25.0753 6796 WinHttpAutoProxySvc - ok
16:39:25.0835 6796 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
16:39:25.0844 6796 Winmgmt - ok
16:39:25.0924 6796 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
16:39:25.0989 6796 WinRM - ok
16:39:26.0058 6796 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
16:39:26.0065 6796 WinUsb - ok
16:39:26.0125 6796 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
16:39:26.0160 6796 Wlansvc - ok
16:39:26.0283 6796 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:39:26.0351 6796 wlidsvc - ok
16:39:26.0380 6796 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
16:39:26.0382 6796 WmiAcpi - ok
16:39:26.0426 6796 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
16:39:26.0435 6796 wmiApSrv - ok
16:39:26.0452 6796 WMPNetworkSvc - ok
16:39:26.0477 6796 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
16:39:26.0484 6796 WPCSvc - ok
16:39:26.0505 6796 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
16:39:26.0514 6796 WPDBusEnum - ok
16:39:26.0568 6796 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
16:39:26.0572 6796 ws2ifsl - ok
16:39:26.0631 6796 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
16:39:26.0640 6796 wscsvc - ok
16:39:26.0673 6796 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
16:39:26.0677 6796 WSDPrintDevice - ok
16:39:26.0686 6796 WSearch - ok
16:39:26.0731 6796 [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
16:39:26.0738 6796 wsvd - ok
16:39:26.0847 6796 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
16:39:26.0965 6796 wuauserv - ok
16:39:26.0999 6796 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
16:39:27.0006 6796 WudfPf - ok
16:39:27.0039 6796 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
16:39:27.0047 6796 WUDFRd - ok
16:39:27.0082 6796 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
16:39:27.0090 6796 wudfsvc - ok
16:39:27.0114 6796 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
16:39:27.0124 6796 WwanSvc - ok
16:39:27.0180 6796 ================ Scan global ===============================
16:39:27.0200 6796 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
16:39:27.0245 6796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:39:27.0265 6796 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
16:39:27.0307 6796 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
16:39:27.0352 6796 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
16:39:27.0363 6796 [Global] - ok
16:39:27.0364 6796 ================ Scan MBR ==================================
16:39:27.0385 6796 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:39:27.0736 6796 \Device\Harddisk0\DR0 - ok
16:39:27.0737 6796 ================ Scan VBR ==================================
16:39:27.0750 6796 [ ABDF01E989A4018DCF01E5C97C77ED5E ] \Device\Harddisk0\DR0\Partition1
16:39:27.0763 6796 \Device\Harddisk0\DR0\Partition1 - ok
16:39:27.0782 6796 [ F9FDD9730816F54BDF7CF118E622DF05 ] \Device\Harddisk0\DR0\Partition2
16:39:27.0787 6796 \Device\Harddisk0\DR0\Partition2 - ok
16:39:27.0825 6796 [ 68FE325C6DDF9D006937451B346BF611 ] \Device\Harddisk0\DR0\Partition3
16:39:27.0833 6796 \Device\Harddisk0\DR0\Partition3 - ok
16:39:27.0834 6796 ============================================================
16:39:27.0834 6796 Scan finished
16:39:27.0834 6796 ============================================================
16:39:27.0858 4144 Detected object count: 0
16:39:27.0858 4144 Actual detected object count: 0
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 23rd, 2013, 5:14 pm

Here are the OTL logs:

OTL logfile created on: 3/23/2013 4:47:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Palmer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 49.89% Memory free
7.20 Gb Paging File | 4.95 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 188.94 Gb Total Space | 148.00 Gb Free Space | 78.33% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.15 Gb Free Space | 93.62% Space Free | Partition Type: NTFS

Computer Name: PALMER-PC | User Name: Palmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/23 16:45:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Palmer\Desktop\OTL.exe
PRC - [2013/03/23 16:38:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Palmer\Desktop\tdsskiller.exe
PRC - [2013/03/12 07:08:06 | 002,074,768 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2013/03/12 07:08:06 | 001,788,048 | ---- | M] (Comodo) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/01/17 19:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/11/05 14:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/11/05 14:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/12 07:08:06 | 001,155,728 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\ffmpegsumo.dll
MOD - [2013/03/12 07:08:06 | 000,742,544 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libGLESv2.dll
MOD - [2013/03/12 07:08:06 | 000,136,336 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\libEGL.dll
MOD - [2013/02/08 01:05:44 | 014,586,736 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/11/10 21:04:21 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/11/10 21:04:21 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/07 19:37:39 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2012/07/18 10:28:14 | 000,080,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2011/05/18 23:01:18 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/12/17 04:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/12 07:08:06 | 002,074,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2013/02/08 01:10:49 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/07 19:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 13:54:08 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011/07/28 13:54:08 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011/07/28 13:51:39 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011/07/28 13:51:28 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011/05/19 01:36:50 | 009,079,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/18 22:24:44 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/21 16:43:10 | 000,036,656 | ---- | M] (Egis Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)
DRV:64bit: - [2011/03/10 05:01:40 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/03/07 05:55:00 | 001,353,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/03/04 11:16:20 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/15 07:56:06 | 001,402,416 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/30 02:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010/11/29 04:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 08:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/04/07 01:57:08 | 000,073,784 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/04/07 01:57:08 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/07/21 10:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=LENN
IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com [binary data]
IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=LENN
IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-586848840-3213021952-4089556407-1000..\Run: [Best Buy pc app] C:\Users\Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found
O4 - HKU\S-1-5-21-586848840-3213021952-4089556407-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Palmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9915F6B5-1BB7-4E4A-8E81-998459FA3C76}: DhcpNameServer = 4.2.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3703603-99B8-417C-A789-65E52D052B98}: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/23 16:44:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Palmer\Desktop\OTL.exe
[2013/03/23 16:38:22 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Palmer\Desktop\tdsskiller.exe
[2013/03/17 00:50:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Palmer\Desktop\dds.com
[2013/03/12 22:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/03/10 14:53:36 | 000,000,000 | ---D | C] -- C:\Users\Palmer\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
[2013/03/10 14:17:04 | 000,000,000 | ---D | C] -- C:\Users\Palmer\AppData\Local\SoftGrid Client
[2013/03/10 14:17:01 | 000,000,000 | ---D | C] -- C:\Users\Palmer\AppData\Roaming\SoftGrid Client
[2013/03/10 14:15:10 | 000,047,368 | ---- | C] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
[2013/03/10 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/10 14:14:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/10 14:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2013/03/10 14:13:01 | 000,000,000 | ---D | C] -- C:\Users\Palmer\AppData\Roaming\TP
[2013/02/24 04:01:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/02/24 04:01:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/02/24 04:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/02/24 04:01:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/02/24 04:01:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/02/24 04:01:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/02/24 04:01:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/02/24 04:01:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/02/24 04:01:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/02/24 04:01:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/02/24 04:01:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/02/24 04:01:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/02/24 04:01:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/02/24 04:01:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/02/24 04:01:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

========== Files - Modified Within 30 Days ==========

[2013/03/23 16:53:31 | 000,836,000 | ---- | M] () -- C:\windows\SysNative\drivers\sfi.dat
[2013/03/23 16:45:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Palmer\Desktop\OTL.exe
[2013/03/23 16:38:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Palmer\Desktop\tdsskiller.exe
[2013/03/23 16:35:13 | 000,780,592 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/23 16:35:13 | 000,661,232 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/23 16:35:13 | 000,121,580 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/23 16:33:41 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/23 16:33:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/22 08:12:02 | 000,603,819 | ---- | M] () -- C:\Users\Palmer\Desktop\c9a0f6bb-609a-4324-8a53-4eee2f86c1f0 (1).pdf
[2013/03/21 22:36:01 | 000,086,449 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2013/03/20 07:44:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 07:44:23 | 000,021,280 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/20 07:34:11 | 2898,874,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 00:50:20 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Palmer\Desktop\dds.com
[2013/03/13 22:46:34 | 000,056,072 | ---- | M] (COMODO CA Limited) -- C:\windows\SysNative\certsentry.dll
[2013/03/13 22:46:34 | 000,047,368 | ---- | M] (COMODO CA Limited) -- C:\windows\SysWow64\certsentry.dll
[2013/03/10 14:15:25 | 000,797,288 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/03/01 22:39:02 | 000,241,602 | ---- | M] () -- C:\Users\Palmer\Documents\emeals-classic-meals-for2-plan.pdf
[2013/03/01 22:36:53 | 000,262,382 | ---- | M] () -- C:\Users\Palmer\Documents\emeals-low-carb-for2-plan.pdf
[2013/03/01 22:35:49 | 000,245,856 | ---- | M] () -- C:\Users\Palmer\Documents\emeals-clean-eating-for2-plan.pdf
[2013/02/27 20:48:30 | 000,073,542 | ---- | M] () -- C:\Users\Palmer\Documents\sales-receipt.ots
[2013/02/25 22:06:46 | 000,306,504 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/03/22 08:12:00 | 000,603,819 | ---- | C] () -- C:\Users\Palmer\Desktop\c9a0f6bb-609a-4324-8a53-4eee2f86c1f0 (1).pdf
[2013/03/01 22:39:01 | 000,241,602 | ---- | C] () -- C:\Users\Palmer\Documents\emeals-classic-meals-for2-plan.pdf
[2013/03/01 22:36:53 | 000,262,382 | ---- | C] () -- C:\Users\Palmer\Documents\emeals-low-carb-for2-plan.pdf
[2013/03/01 22:35:49 | 000,245,856 | ---- | C] () -- C:\Users\Palmer\Documents\emeals-clean-eating-for2-plan.pdf
[2013/02/27 20:48:30 | 000,073,542 | ---- | C] () -- C:\Users\Palmer\Documents\sales-receipt.ots
[2012/09/08 11:31:25 | 000,797,288 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/29 09:18:56 | 000,000,262 | ---- | C] () -- C:\windows\wininit.ini
[2011/07/28 13:28:41 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/07/28 13:28:41 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/07/28 13:28:23 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/07/28 13:06:54 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2011/07/28 12:59:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/06/07 03:49:49 | 000,003,883 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras log:

OTL Extras logfile created on: 3/23/2013 4:47:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Palmer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 49.89% Memory free
7.20 Gb Paging File | 4.95 Gb Available in Paging File | 68.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 188.94 Gb Total Space | 148.00 Gb Free Space | 78.33% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 27.15 Gb Free Space | 93.62% Space Free | Partition Type: NTFS

Computer Name: PALMER-PC | User Name: Palmer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files (x86)\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15233B0D-C2B8-439E-86D6-DA9C35248660}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{180B79A7-F198-4851-80AD-3AE964B25709}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D92C7C3-7975-465E-BB3B-0E47D9B3184B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{255BDC31-6DAA-4B36-BF66-4A6F0B6041CC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32EED9C3-10CA-4C14-94AC-D647141C8DEB}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C8EF202-C736-403E-AA28-C8B1C5418C03}" = lport=139 | protocol=6 | dir=in | app=system |
"{666004B0-B625-4CE2-8D7D-A4A1BF42DD92}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6EB4C8A4-1310-4D0B-AF0E-F4CB602070D5}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EAA162A-515E-43B2-87F1-E60A93B4B3EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{87216EA7-9323-4B5D-9DF5-CF05CA3A7DAD}" = rport=137 | protocol=17 | dir=out | app=system |
"{89A40204-E842-427E-87EB-EBE5FF18B085}" = lport=445 | protocol=6 | dir=in | app=system |
"{8AA1FBDC-C679-49F7-87C0-792F9A50D093}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8F7C274C-9A8E-4AE4-95B9-6EB2582532EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{920A638F-1F04-4D14-90C6-06928003B0B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{940A6B2F-EBB3-4512-B669-FD572847125E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{96F2F81B-F6D4-45DA-9669-8D87D6C629B2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{970E4B4F-EE14-4313-B327-08F0950E2FE4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{9CB9A640-D4CA-4E29-8092-462330168127}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9847D38-6C92-4E40-AFB1-BC252CA9A588}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AE3FEEF6-BF27-4E97-BCCD-2C5DBEFD1A81}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C8ABC00F-6BE3-4879-AF34-61EAEB023D09}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CE74C6E6-5C3D-4CF1-A962-229A3B48179A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0E12117-19AB-4057-8D73-10AF267B161A}" = lport=138 | protocol=17 | dir=in | app=system |
"{D242A742-6054-4C82-A929-0692355B01BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4ED22E4-5C95-4EB0-9260-211FA25D0528}" = lport=137 | protocol=17 | dir=in | app=system |
"{FC2EA58A-01BC-45C5-93E9-A6617E9762D8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1038676C-5523-4EAC-929F-783718797A7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{137135E8-5DE6-4A3B-91DB-F08229BC82C7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{228ED06F-3952-458E-8D00-C232BE506160}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{24E5F912-716F-4633-9FFD-599943955FC2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{2520F37C-B984-448F-9B00-8A628B858F36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2A22233A-5831-40F9-B690-811C7CA497C6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2AD741A3-3442-4119-A291-F3978704454B}" = protocol=6 | dir=out | app=system |
"{2B105E92-BF2B-4C8D-BCF2-7FB8E7263B3E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{38095891-A8BA-442D-9B56-AB06307BF7AF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45D7022A-D549-469F-AAE9-E9B0BEFE05A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46FB5345-E429-4D40-A071-05110F11E191}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{4959C2AA-F6FB-4433-9A55-EEC69312F461}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{4FCFFF5B-A524-4CEB-A529-5B4338FE4E3C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{5294E983-6E88-4C6E-A761-13A31F0FA651}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{533810A7-9C18-4819-842E-D754CB113CD9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{576EFD53-AA3E-46B5-9853-0AC90CA56CE2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{58B33406-674E-4893-A556-E2B169BE2F5F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5FA54EAC-A55B-4B8F-8535-64BC24070A8B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{606624E5-0B03-4D0C-A6BE-341645F67D98}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{673130F8-F876-4058-BB4C-B5D3A28E4ECE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{682FBCD2-3A48-43C8-AC29-FCF3296F7AF8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{6F93D48C-1EDB-4D54-9BFC-1D172AA7A077}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{7B44F66F-B694-4B55-B59C-BF1DCB46A74C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{7F225D5E-ACE6-4D5A-A346-6CF02FA49A5A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{88330239-55F0-4878-B753-66037875041F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F5376CE-DCEB-4C9F-A909-B8A83387C35F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{98315CD9-469B-4E06-BAF8-3C47767C4553}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9B0B8F23-DC19-47BB-87B4-ED63A1EA5069}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{A43B8422-EEFF-4BB9-8196-4D0FFD90F918}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A50EA93F-0720-479E-89CF-116188F9AF8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A920A103-A7F7-442D-B16D-8CBA811EC9E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AAAE8312-67DD-4069-BCCA-B74752C122E3}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{AACA6F41-627C-4F66-81B3-9675F965F22F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B11D441B-7A30-4359-AB79-2E1C7FE25855}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{B41D8966-60FC-48E2-909E-263C4606E52F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C30AC1E5-C32C-458F-92A6-FB8405E9B983}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAFDC9BC-9D9B-4790-A365-E87A0CADE59C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{CC4823A0-7E3A-4C1C-B426-AA2D9BD49944}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D6BC6A7B-24A5-411D-AB69-3EC3CD128EE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DCDFA1A2-CE3A-4713-9ECA-173CA5DD07E9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1F41EEA-DC56-47E8-9A82-5DC0F2F19EA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E300F569-7D88-4253-8CDF-C90A4F49AAD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E73D17AD-1201-4A07-A0C8-915955C3B619}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{F2C20AB4-D939-4722-8FBC-B5A6801C003D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{238F81AA-71FA-9278-9D35-9EC4C8CC6687}" = WMV9/VC-1 Video Playback
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2AA0764A-4EA1-4C63-8E42-173A015030B3}" = MySQL Server 5.1
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{37B907C1-EA3D-4894-EEBE-275CB0BF5BA2}" = ATI Catalyst Install Manager
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{68B6C1B8-98CD-E09F-4A29-DC25F16237EE}" = ccc-utility64
"{6D2C6A52-ED31-63B4-B516-AA354F4A150E}" = ATI AVIVO64 Codecs
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F4330A8B-3610-4483-975E-69789B70A764}" = HP Photosmart Plus B210 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF57A91-58B3-490C-9D0C-66337DAD3F11}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU CTP1
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"{027265AA-5ED8-8663-53AA-38619FD9A2BD}" = CCC Help German
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1363F067-AAF4-AFD1-756E-BC2A50A6997C}" = Catalyst Control Center Graphics Previews Common
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C3D2B0F-856E-2069-D018-BC99511BB7AC}" = ccc-core-static
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212A7CC5-E705-CAA1-9E65-55D8E153FA47}" = CCC Help English
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3419C87F-43A2-499C-ADF2-B4E240899BCC}" = Catalyst Control Center - Branding
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35599D6A-B38F-553D-D0D4-58AC398C9EA8}" = CCC Help Polish
"{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}" = IIS 7.5 Express
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{44A03B6A-E353-4FA2-4D12-947165254092}" = CCC Help Danish
"{4A51D3DE-5815-0D92-2231-9F1DC242E9ED}" = CCC Help Swedish
"{544C85C8-505D-ECAC-ECEC-486158756AE9}" = CCC Help Greek
"{56106ADC-CF84-DC5E-408D-FAD9CE29F6C7}" = Catalyst Control Center Profiles Mobile
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{589E9BCA-A8BD-551F-FFAF-8E4F5B75C196}" = CCC Help Norwegian
"{5BD1AE89-E7BE-69F3-6D31-8F90845A9413}" = CCC Help Dutch
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67DDFF12-91F7-472D-AAB8-1B248A306779}" = Microsoft WebMatrix 2
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1FE242-58F5-748A-7641-6BED91A0BDAA}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7AE842BA-98F7-5729-1B10-ACBBCEEF68AC}" = CCC Help Portuguese
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{808EC297-30DF-3B2B-E273-13397E9FF69D}" = CCC Help Japanese
"{813FC66D-2482-F5DB-E791-3FCDBE0C7AA2}" = CCC Help Chinese Traditional
"{82284382-30E3-4DED-980B-746278DA6CC2}" = Microsoft SQL Server Compact 4.0 SP1 Scripting Tools ENU CTP1
"{82CF7E86-682C-8BAE-68FB-D9B633D7D8D8}" = CCC Help Italian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89AF337E-DE2C-20ED-1C15-A067726C12D1}" = CCC Help Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92E19B5A-1985-49BF-9022-9CF4AD652C72}" = MySQL Connector Net 6.5.4
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D00104-E942-D10A-E431-F617518E3736}" = CCC Help Thai
"{984C7AA8-FE38-55FB-AEB6-A42905ECE1E8}" = Catalyst Control Center Localization All
"{A51500FE-6408-4305-B071-B961F691A4CE}" = Microsoft SQL Server Compact 4.0 Web Tools ENU
"{A639DBAA-58B4-FB22-CCB3-BF79406D62A5}" = CCC Help Russian
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = ES603 WDM Driver
"{AE9C95EB-24E3-B5CE-83F5-3E903955ED28}" = CCC Help Czech
"{C136A1EA-6B13-9B2B-3BCC-99C455CE5B3D}" = CCC Help Korean
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C9DC3F41-279B-7707-6108-294A8154D421}" = CCC Help Chinese Standard
"{CA64CE92-87F5-9D0C-ADCA-F023614F870A}" = CCC Help Hungarian
"{cb29be6c-39c4-493e-9da7-d585d5353714}" = Microsoft ASP.NET Web Pages 2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E9733776-4259-55DE-FEA6-575235FC153A}" = CCC Help Turkish
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F88CBFB4-86E0-44F9-3D94-3A94670EA26C}" = CCC Help Finnish
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF32F536-E138-ABBF-D51D-3AC246B9FA8F}" = Catalyst Control Center InstallProxy
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudibleManager" = AudibleManager
"Comodo Dragon" = Comodo Dragon
"InstallShield_{0034859F-8E01-4C1D-BE77-F891C4786FBC}" = Lenovo Security Suite
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{AE4167B0-F589-4D2A-BF05-E181D543C49F}" = EgisTec ES603 WDM Driver
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.5.3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/20/2013 2:13:17 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7305309

Error - 3/20/2013 2:13:17 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7305309

Error - 3/20/2013 2:13:18 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/20/2013 2:13:18 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7306307

Error - 3/20/2013 2:13:18 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7306307

Error - 3/20/2013 2:13:19 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/20/2013 2:13:19 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7307321

Error - 3/20/2013 2:13:19 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7307321

Error - 3/20/2013 2:13:20 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/20/2013 2:13:20 AM | Computer Name = Palmer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7308319

[ System Events ]
Error - 3/22/2013 7:57:46 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/22/2013 7:58:16 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/22/2013 7:58:46 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/22/2013 7:59:16 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/22/2013 8:00:21 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/22/2013 8:20:05 PM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/23/2013 8:52:04 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 3/23/2013 9:02:37 AM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5

Error - 3/23/2013 9:03:06 AM | Computer Name = Palmer-PC | Source = DCOM | ID = 10010
Description =

Error - 3/23/2013 4:43:52 PM | Computer Name = Palmer-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%5


< End of report >
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 24th, 2013, 4:56 pm

Hello boondoc,

Currently, I can't find anything in the firewall logs and I have it disabled.
Please make sure that you have the windows firewall working since you have the COMODO Firewall turned off.


Step 1.
Uninstall Programs
I need you to uninstall some program(s).
  1. Click on Start...then... Click the Start Search box on the Start Menu.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. then press enter.
    • Locate the following program(s):
      Adobe Reader X (10.1.6)
      Java 7 Update 9 (64-bit)
    • Select the program and click on Uninstall to uninstall it.
      Carefully read any prompts...
      Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    • Repeat steps 3 - 4 for each program in the list. When finished... Close the Control Panel window.


Step 2.
Run OTL Script
We need to run an OTL Fix
  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q= {searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q= {searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-586848840-3213021952-4089556407-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q= {searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
    
    :Services
    McAWFwk
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{46FB5345-E429-4D40-A071-05110F11E191}" =-
    "{5FA54EAC-A55B-4B8F-8535-64BC24070A8B}" =-
    "{228ED06F-3952-458E-8D00-C232BE506160}" =-
    "{24E5F912-716F-4633-9FFD-599943955FC2}" =-
    "{2B105E92-BF2B-4C8D-BCF2-7FB8E7263B3E}" =-
    "{4FCFFF5B-A524-4CEB-A529-5B4338FE4E3C}" =-
    "{533810A7-9C18-4819-842E-D754CB113CD9}" =-
    "{58B33406-674E-4893-A556-E2B169BE2F5F}" =-
    "{682FBCD2-3A48-43C8-AC29-FCF3296F7AF8}" =-
    "{6F93D48C-1EDB-4D54-9BFC-1D172AA7A077}" =-
    "{7B44F66F-B694-4B55-B59C-BF1DCB46A74C}" =-
    "{AACA6F41-627C-4F66-81B3-9675F965F22F}" =-
    "{B11D441B-7A30-4359-AB79-2E1C7FE25855}" =-
    "{CAFDC9BC-9D9B-4790-A365-E87A0CADE59C}" =-
    
    :Files
    c:\program files (x86)\avg
    c:\PROGRA~1\mcafee
    c:\program files\common files\mcafee
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.



Step 3.
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *avg*
    *mcafee*
    
    :folderfind
    *avg*
    *mcafee*
    
    :Regfind
    avg
    mcafee
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 25th, 2013, 12:49 am

1) OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
C:\windows\system32\npDeployJava1.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2\ not found.
File C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37\ deleted successfully.
File C:\windows\SysWOW64\npdeployJava1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ not found.
File C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
File C:\Program Files\Java\jre7\bin\ssv.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
File C:\Program Files\Java\jre7\bin\jp2ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
========== SERVICES/DRIVERS ==========
Service McAWFwk stopped successfully!
Service McAWFwk deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46FB5345-E429-4D40-A071-05110F11E191} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FB5345-E429-4D40-A071-05110F11E191}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5FA54EAC-A55B-4B8F-8535-64BC24070A8B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FA54EAC-A55B-4B8F-8535-64BC24070A8B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{228ED06F-3952-458E-8D00-C232BE506160} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{228ED06F-3952-458E-8D00-C232BE506160}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{24E5F912-716F-4633-9FFD-599943955FC2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24E5F912-716F-4633-9FFD-599943955FC2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B105E92-BF2B-4C8D-BCF2-7FB8E7263B3E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B105E92-BF2B-4C8D-BCF2-7FB8E7263B3E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FCFFF5B-A524-4CEB-A529-5B4338FE4E3C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4FCFFF5B-A524-4CEB-A529-5B4338FE4E3C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{533810A7-9C18-4819-842E-D754CB113CD9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{533810A7-9C18-4819-842E-D754CB113CD9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{58B33406-674E-4893-A556-E2B169BE2F5F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58B33406-674E-4893-A556-E2B169BE2F5F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{682FBCD2-3A48-43C8-AC29-FCF3296F7AF8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{682FBCD2-3A48-43C8-AC29-FCF3296F7AF8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F93D48C-1EDB-4D54-9BFC-1D172AA7A077} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F93D48C-1EDB-4D54-9BFC-1D172AA7A077}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7B44F66F-B694-4B55-B59C-BF1DCB46A74C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7B44F66F-B694-4B55-B59C-BF1DCB46A74C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AACA6F41-627C-4F66-81B3-9675F965F22F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AACA6F41-627C-4F66-81B3-9675F965F22F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B11D441B-7A30-4359-AB79-2E1C7FE25855} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B11D441B-7A30-4359-AB79-2E1C7FE25855}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CAFDC9BC-9D9B-4790-A365-E87A0CADE59C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFDC9BC-9D9B-4790-A365-E87A0CADE59C}\ not found.
========== FILES ==========
File\Folder c:\program files (x86)\avg not found.
File\Folder c:\PROGRA~1\mcafee not found.
File\Folder c:\program files\common files\mcafee not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Palmer
->Temp folder emptied: 2161754 bytes
->Temporary Internet Files folder emptied: 896561 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 523 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101533956 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 49286 bytes
RecycleBin emptied: 1149552 bytes

Total Files Cleaned = 101.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03252013_002641

Files\Folders moved on Reboot...
C:\Users\Palmer\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2) System Look log

SystemLook 30.07.11 by jpshortstuff
Log created at 00:39 on 25/03/2013 by Palmer
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\ProgramData\MFAData\cfgdump\avgexp_cfg.xml --a---- 786803 bytes [13:31 27/09/2012] [13:31 27/09/2012] 3557074798D456BA103BB80898C8AD0A
C:\ProgramData\MFAData\cfgdump\avgexp_idp.xml --a---- 1026 bytes [13:31 27/09/2012] [13:31 27/09/2012] A8E05D81928EEF7BD2E5F91C38DD8DF0
C:\ProgramData\MFAData\cfgdump\avgexp_pup.xml --a---- 1486 bytes [13:31 27/09/2012] [13:31 27/09/2012] D43ECDE8F40B5C010749EDB7CCD1FE81
C:\ProgramData\MFAData\cfgdump\avgexp_rs.xml --a---- 549 bytes [13:31 27/09/2012] [13:31 27/09/2012] 63A64830DF2E8CC55586A9BD60CB8AEA
C:\ProgramData\MFAData\cfgdump\avgexp_ws.xml --a---- 265 bytes [13:31 27/09/2012] [13:31 27/09/2012] 9117A60AF0C40B2228CA1C4985014979
C:\ProgramData\MFAData\logs\avgcei.log --a---- 7714 bytes [13:31 27/09/2012] [13:34 27/09/2012] 8151FD942EE43F5877A284D8C714CD74
C:\ProgramData\MFAData\SelfUpd\avg.snu --a---- 142 bytes [12:37 27/09/2012] [00:49 16/05/2012] 09E8406DBDDD2CBEA07F65FBFE8044C7
C:\ProgramData\MFAData\SelfUpd\avgabout.dll --a---- 1336440 bytes [12:37 27/09/2012] [07:23 26/07/2012] 7240EA3FA768ED1E6E52741AE47EA08A
C:\ProgramData\MFAData\SelfUpd\avgadvisorx.dll --a---- 476792 bytes [12:37 27/09/2012] [07:36 31/07/2012] DB4C494406ECAA861C49E4BF2FE1352E
C:\ProgramData\MFAData\SelfUpd\avgamnot.dll --a---- 392032 bytes [12:37 27/09/2012] [08:52 14/02/2012] 08B098B89C5F5968BDA67EC58855B309
C:\ProgramData\MFAData\SelfUpd\avgapia.dll --a---- 586872 bytes [12:37 27/09/2012] [07:48 22/05/2012] A28CA9B35F6D0536CDAF99C296922FB7
C:\ProgramData\MFAData\SelfUpd\avgapiimpla.dll --a---- 6779000 bytes [12:37 27/09/2012] [07:24 13/08/2012] 493989470417849B66C85D504FEF45D9
C:\ProgramData\MFAData\SelfUpd\avgapiimplx.dll --a---- 3515000 bytes [12:37 27/09/2012] [07:24 13/08/2012] 77811294EC2DF99D6638ACEBFD67812D
C:\ProgramData\MFAData\SelfUpd\avgapix.dll --a---- 350840 bytes [12:37 27/09/2012] [07:48 22/05/2012] 1176FAE769EA995FF3BA0B26D0E5A773
C:\ProgramData\MFAData\SelfUpd\avgapps.dll --a---- 64864 bytes [12:37 27/09/2012] [08:53 14/02/2012] BE897F865582A30F7D552B3FECF9B24A
C:\ProgramData\MFAData\SelfUpd\avgar_us.chm --a---- 65871 bytes [12:37 27/09/2012] [18:43 03/02/2012] 2A641118187242BC15B077832071CF6B
C:\ProgramData\MFAData\SelfUpd\avgatend.stp --a---- 32 bytes [12:37 27/09/2012] [12:37 27/09/2012] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgatupd.stp --a---- 32 bytes [12:37 27/09/2012] [12:37 27/09/2012] 34C50B69C2B299929457A85A8E030F38
C:\ProgramData\MFAData\SelfUpd\avgcclia.dll --a---- 580960 bytes [12:37 27/09/2012] [08:52 14/02/2012] 80DDC9151BFDF260AC4441A2F3943A04
C:\ProgramData\MFAData\SelfUpd\avgcclix.dll --a---- 362848 bytes [12:37 27/09/2012] [08:52 14/02/2012] 11790A73767FBC981BA961D2231907E2
C:\ProgramData\MFAData\SelfUpd\avgcerta.dll --a---- 374392 bytes [12:37 27/09/2012] [19:44 24/08/2012] 747601D47721AD1DE22CFFB4F912203D
C:\ProgramData\MFAData\SelfUpd\avgcertx.dll --a---- 250488 bytes [12:37 27/09/2012] [19:44 24/08/2012] 583D2AB70DA4BDC7DCB5EC5C7B87A57C
C:\ProgramData\MFAData\SelfUpd\avgcfga.dll --a---- 1834336 bytes [12:37 27/09/2012] [08:53 14/02/2012] 8415EF35A9CC4CF9E335AEC0EB562AAA
C:\ProgramData\MFAData\SelfUpd\avgcfgex.exe --a---- 493920 bytes [12:37 27/09/2012] [08:52 14/02/2012] 9F0678A35B06CA75A8495762CE274495
C:\ProgramData\MFAData\SelfUpd\avgcfgx.dll --a---- 1049440 bytes [12:37 27/09/2012] [08:52 14/02/2012] E2C78D19572AACC2062A00F01503807E
C:\ProgramData\MFAData\SelfUpd\avgchcla.dll --a---- 261984 bytes [12:37 27/09/2012] [08:52 14/02/2012] D64B112ECC7230808829A7BE86DCE8E3
C:\ProgramData\MFAData\SelfUpd\avgchclx.dll --a---- 172896 bytes [12:37 27/09/2012] [08:52 14/02/2012] 3466855DE825F86C484A3454AD090967
C:\ProgramData\MFAData\SelfUpd\avgchjwa.dll --a---- 632440 bytes [12:37 27/09/2012] [07:24 13/08/2012] 0C9456994D087498B4B12DB6DE02779C
C:\ProgramData\MFAData\SelfUpd\avgclita.dll --a---- 354656 bytes [12:37 27/09/2012] [08:52 14/02/2012] 2A4C9B21AEE9B53DD086B3AFBD251514
C:\ProgramData\MFAData\SelfUpd\avgclitx.dll --a---- 256864 bytes [12:37 27/09/2012] [08:52 14/02/2012] 60732ECEC8AEF0A05FE36E661AA1C99C
C:\ProgramData\MFAData\SelfUpd\avgcmgr.exe --a---- 878712 bytes [12:37 27/09/2012] [19:44 24/08/2012] C4C1C65323B63C640B79BD1C6969BC8D
C:\ProgramData\MFAData\SelfUpd\avgcorea.dll --a---- 7500408 bytes [12:37 27/09/2012] [17:35 13/09/2012] FC7BEA10A59ABEA8C225BD6C55B09B7F
C:\ProgramData\MFAData\SelfUpd\avgcorex.dll --a---- 5485176 bytes [12:37 27/09/2012] [17:35 13/09/2012] CA4912C91BAD92DD2AFCF282039740EC
C:\ProgramData\MFAData\SelfUpd\avgcrema.exe --a---- 4590712 bytes [12:37 27/09/2012] [17:35 13/09/2012] 365AF669B33F7B0B2A45B99F269C0145
C:\ProgramData\MFAData\SelfUpd\avgcsla.dll --a---- 1336672 bytes [12:37 27/09/2012] [08:53 14/02/2012] 077E3B75FF949678A2599ECD65C190B8
C:\ProgramData\MFAData\SelfUpd\avgcslx.dll --a---- 853344 bytes [12:37 27/09/2012] [08:52 14/02/2012] FCF1A9C3FB29786946302B4470952D85
C:\ProgramData\MFAData\SelfUpd\avgcsrva.exe --a---- 520032 bytes [12:37 27/09/2012] [08:52 14/02/2012] B96E3E543675039FC93D14EDF627231A
C:\ProgramData\MFAData\SelfUpd\avgcsrvx.exe --a---- 338784 bytes [12:37 27/09/2012] [08:52 14/02/2012] ECC96985954185DFCF455FBBB8037A1B
C:\ProgramData\MFAData\SelfUpd\avgdecider.dll --a---- 385920 bytes [12:37 27/09/2012] [09:56 23/03/2012] 17D469C94763642CD58FF8C98C12CA6F
C:\ProgramData\MFAData\SelfUpd\avgdg_us.chm --a---- 63598 bytes [12:37 27/09/2012] [18:43 03/02/2012] 771531D61493547721D106F9568869AB
C:\ProgramData\MFAData\SelfUpd\avgdiagex.exe --a---- 2698112 bytes [12:37 27/09/2012] [09:56 23/03/2012] B082D1AA020008B26D08B838C5B1E6BB
C:\ProgramData\MFAData\SelfUpd\avgdtiea.dll --a---- 1393272 bytes [12:37 27/09/2012] [07:24 13/08/2012] B164DCA3DC26FD3DE0005902C1F5BB4C
C:\ProgramData\MFAData\SelfUpd\avgdtiex.dll --a---- 938104 bytes [12:37 27/09/2012] [07:24 13/08/2012] 2DE0F0CF9A7F1CBBC4860EB020E08660
C:\ProgramData\MFAData\SelfUpd\avgdumpa.exe --a---- 1194104 bytes [12:37 27/09/2012] [07:48 13/06/2012] 74CE9F4CBDCC147BB16042FAC323E970
C:\ProgramData\MFAData\SelfUpd\avgdumpx.exe --a---- 686712 bytes [12:37 27/09/2012] [07:48 13/06/2012] F3EBE5508BC9EA8AB88DB5A46397EE09
C:\ProgramData\MFAData\SelfUpd\avgemca.exe --a---- 1607040 bytes [12:37 27/09/2012] [09:18 19/03/2012] 938928B014F2ABA4C1293EA4D8714020
C:\ProgramData\MFAData\SelfUpd\avgfree_us.mht --a---- 40287 bytes [12:37 27/09/2012] [23:21 08/08/2011] E679EF650FC033167E8E8CF829A9897B
C:\ProgramData\MFAData\SelfUpd\avgf_us.chm --a---- 340601 bytes [12:37 27/09/2012] [18:54 25/06/2012] 984307D0F7A12AA5614B7F8DB5621932
C:\ProgramData\MFAData\SelfUpd\avglnga.dll --a---- 289632 bytes [12:37 27/09/2012] [08:53 14/02/2012] D298CD4ED9E62620A35BC2F88A53F93D
C:\ProgramData\MFAData\SelfUpd\avglngx.dll --a---- 176992 bytes [12:37 27/09/2012] [08:52 14/02/2012] 8B9D6D070113CFD8E20793768AFA26FC
C:\ProgramData\MFAData\SelfUpd\avgloga.dll --a---- 515704 bytes [12:37 27/09/2012] [07:48 13/06/2012] 67165D5818A872A7F01047771AA81FC9
C:\ProgramData\MFAData\SelfUpd\avglogx.dll --a---- 286328 bytes [12:37 27/09/2012] [07:48 13/06/2012] 25CD97F030AE70AF458FF6AB0B7E9B2E
C:\ProgramData\MFAData\SelfUpd\avglscanx.exe --a---- 146784 bytes [12:37 27/09/2012] [08:52 14/02/2012] 3C9B25C38E7A2BA07FB4F7DB351D6FF0
C:\ProgramData\MFAData\SelfUpd\avgls_us.chm --a---- 182864 bytes [12:37 27/09/2012] [14:54 20/04/2012] 55C3E008C23B417E0A71386433C3DFAA
C:\ProgramData\MFAData\SelfUpd\avgmfapx.exe --a---- 7175408 bytes [12:37 27/09/2012] [12:37 27/09/2012] A77FBFE75A17790244A3AE2F9CCAF4FA
C:\ProgramData\MFAData\SelfUpd\avgmfarx.dll --a---- 775800 bytes [12:37 27/09/2012] [12:37 27/09/2012] 7F79EED0F09C0C4D9DF72928BE524C19
C:\ProgramData\MFAData\SelfUpd\avgmvfla.dll --a---- 165760 bytes [12:37 27/09/2012] [09:12 05/04/2012] 3438CCBCBD32AB39628D5E4C24F36A85
C:\ProgramData\MFAData\SelfUpd\avgmvflx.dll --a---- 108416 bytes [12:37 27/09/2012] [09:12 05/04/2012] 56ADE3A81878DC51443465DC00391124
C:\ProgramData\MFAData\SelfUpd\avgmwdef_us.mht --a---- 30267 bytes [12:37 27/09/2012] [23:21 08/08/2011] 1708519841EFC5953C99F29B5EF69E0B
C:\ProgramData\MFAData\SelfUpd\avgnsa.exe --a---- 2011768 bytes [12:37 27/09/2012] [07:48 13/06/2012] 72EE3BF7378869AB5D72E7E191FD5FAA
C:\ProgramData\MFAData\SelfUpd\avgntdumpa.exe --a---- 1114232 bytes [12:37 27/09/2012] [07:48 13/06/2012] FE6ED6DE378C50774D710243F4B39CBC
C:\ProgramData\MFAData\SelfUpd\avgntdumpx.exe --a---- 616568 bytes [12:37 27/09/2012] [12:37 27/09/2012] D1AD62F6E370067493401BB18855326E
C:\ProgramData\MFAData\SelfUpd\avgntopenssla.dll --a---- 1126752 bytes [12:37 27/09/2012] [08:53 14/02/2012] 863D56F63D254EBE27589893688CA8B3
C:\ProgramData\MFAData\SelfUpd\avgntopensslx.dll --a---- 889696 bytes [12:37 27/09/2012] [08:52 14/02/2012] 91DC97F9DA3E2B59049D410870935C78
C:\ProgramData\MFAData\SelfUpd\avgntsqlitea.dll --a---- 589152 bytes [12:37 27/09/2012] [08:53 14/02/2012] 857CBB3BB6BBB2BAEB9FB66CAC0DFC27
C:\ProgramData\MFAData\SelfUpd\avgntsqlitex.dll --a---- 426848 bytes [12:37 27/09/2012] [08:52 14/02/2012] A5675206B80C4127BC687DCCA9A57212
C:\ProgramData\MFAData\SelfUpd\avgopenssla.dll --a---- 160608 bytes [12:37 27/09/2012] [08:53 14/02/2012] 6F83C67F5339C2235996174BFB05041E
C:\ProgramData\MFAData\SelfUpd\avgopensslx.dll --a---- 129376 bytes [12:37 27/09/2012] [08:52 14/02/2012] AFF2E23E4E867140F07ABADC9E29ACDC
C:\ProgramData\MFAData\SelfUpd\avgpostinstx.dll --a---- 1231200 bytes [12:37 27/09/2012] [08:53 14/02/2012] ADFA73BBBED712CFA273FF65B6A8571B
C:\ProgramData\MFAData\SelfUpd\avgpp.dll --a---- 122752 bytes [12:37 27/09/2012] [09:19 27/03/2012] 4D2F7EF92AE8725243E5A3AFD3F1834F
C:\ProgramData\MFAData\SelfUpd\avgppa.dll --a---- 174464 bytes [12:37 27/09/2012] [09:19 27/03/2012] B9E71037FC6E049FD6D43336B74E02DE
C:\ProgramData\MFAData\SelfUpd\avgresf.dll --a---- 661344 bytes [12:37 27/09/2012] [08:52 14/02/2012] E387AE51F3BD310897C960399EE0D257
C:\ProgramData\MFAData\SelfUpd\avgrkta.dll --a---- 776824 bytes [12:37 27/09/2012] [00:37 28/08/2012] D260A37BBEFCE7220A3BDB5DF55C525B
C:\ProgramData\MFAData\SelfUpd\avgrsa.exe --a---- 1393784 bytes [12:37 27/09/2012] [07:23 26/07/2012] 072D294B9005F9AA1D03B7EBFA981344
C:\ProgramData\MFAData\SelfUpd\avgrunasx.exe --a---- 270968 bytes [12:37 27/09/2012] [12:37 27/09/2012] FD464FA77ADE059D789C1FD29A512BBF
C:\ProgramData\MFAData\SelfUpd\avgsals_us.mht --a---- 40285 bytes [12:37 27/09/2012] [23:21 08/08/2011] 45EFB2B5CE8F8E34062DA0817A6AD500
C:\ProgramData\MFAData\SelfUpd\avgsbfree_us.mht --a---- 16566 bytes [12:37 27/09/2012] [23:21 08/08/2011] A08274E9F97507796BB03D3589895C54
C:\ProgramData\MFAData\SelfUpd\avgsbga.dll --a---- 1047904 bytes [12:37 27/09/2012] [08:53 14/02/2012] 935A2E131BCA3A075AD72F0DC2077D7B
C:\ProgramData\MFAData\SelfUpd\avgscana.dll --a---- 212320 bytes [12:37 27/09/2012] [08:53 14/02/2012] BBA44865F606EE1E698ABDF705A90F87
C:\ProgramData\MFAData\SelfUpd\avgscana.exe --a---- 1728120 bytes [12:37 27/09/2012] [07:48 13/06/2012] 10AEE3CEE4801E5962AF1B8E17DAD353
C:\ProgramData\MFAData\SelfUpd\avgscanx.dll --a---- 140128 bytes [12:37 27/09/2012] [08:53 14/02/2012] 63960EF68D878D006D24603C5D4F176A
C:\ProgramData\MFAData\SelfUpd\avgscanx.exe --a---- 990840 bytes [12:37 27/09/2012] [07:48 13/06/2012] 4AE532194AE7D2FE6378C1166B006B49
C:\ProgramData\MFAData\SelfUpd\avgsched.dll --a---- 547168 bytes [12:37 27/09/2012] [08:53 14/02/2012] EB4A30EAC3B3C304EAC8A10970E3402E
C:\ProgramData\MFAData\SelfUpd\avgse.dll --a---- 158560 bytes [12:37 27/09/2012] [08:53 14/02/2012] 801FC32EFA043F6C9E9F5BDAC84795F2
C:\ProgramData\MFAData\SelfUpd\avgsea.dll --a---- 214880 bytes [12:37 27/09/2012] [08:53 14/02/2012] B4A4AE41F86BB7F01ADCCA7D6E34AAE6
C:\ProgramData\MFAData\SelfUpd\avgsrma.dll --a---- 959608 bytes [12:37 27/09/2012] [07:48 13/06/2012] 060F2AED6BE18FCC05515A18CE4A0813
C:\ProgramData\MFAData\SelfUpd\avgsrmaa.exe --a---- 1252192 bytes [12:37 27/09/2012] [08:53 14/02/2012] CB7C95F140DCBC45B0937F843D63F4D8
C:\ProgramData\MFAData\SelfUpd\avgsrmax.exe --a---- 793952 bytes [12:37 27/09/2012] [08:53 14/02/2012] 406D3F757C9E75101E6E51835AAC312B
C:\ProgramData\MFAData\SelfUpd\avgsrmx.dll --a---- 507512 bytes [12:37 27/09/2012] [07:48 13/06/2012] B496B116F621223357DEFE4508B0987E
C:\ProgramData\MFAData\SelfUpd\avgssie.dll --a---- 1417336 bytes [12:37 27/09/2012] [08:12 24/06/2012] 9FE93E05194427727A755032436533B3
C:\ProgramData\MFAData\SelfUpd\avgssiea.dll --a---- 1968248 bytes [12:37 27/09/2012] [08:12 24/06/2012] 416C51633BF1E74E48B0B3BF106CBFEC
C:\ProgramData\MFAData\SelfUpd\avgsysa.dll --a---- 490336 bytes [12:37 27/09/2012] [08:53 14/02/2012] F108BD69365EFC749C7E5F8BBEB51E3B
C:\ProgramData\MFAData\SelfUpd\avgsysx.dll --a---- 366432 bytes [12:37 27/09/2012] [08:53 14/02/2012] 93312F83FD4D5C38CEE8AA1265C061EE
C:\ProgramData\MFAData\SelfUpd\AVGTBInstall.exe --a---- 11383392 bytes [12:37 27/09/2012] [12:38 16/08/2012] 0D082FB144AC46B0ADC63E5B223E7597
C:\ProgramData\MFAData\SelfUpd\avgtray.exe --a---- 2596984 bytes [12:37 27/09/2012] [07:37 31/07/2012] 596F5A2C5916EFD177B0614788B0CDF1
C:\ProgramData\MFAData\SelfUpd\avgtrial_us.mht --a---- 19914 bytes [12:37 27/09/2012] [23:21 08/08/2011] 2527CC3FA5ED1151C3DFDF3A206A5461
C:\ProgramData\MFAData\SelfUpd\avgui.exe --a---- 4370552 bytes [12:37 27/09/2012] [07:39 07/08/2012] 16E3C0E47A954680ED5CE18FD01E9A1D
C:\ProgramData\MFAData\SelfUpd\avguiadv.dll --a---- 2638456 bytes [12:37 27/09/2012] [06:35 14/06/2012] 04263A657BFEDD480B354826CE08A2DB
C:\ProgramData\MFAData\SelfUpd\avguires.dll --a---- 3178104 bytes [12:37 27/09/2012] [07:23 26/07/2012] 6F20729E802D5CC643A73A7F0339032B
C:\ProgramData\MFAData\SelfUpd\avguirux.exe --a---- 42104 bytes [12:37 27/09/2012] [12:37 27/09/2012] D725B8C5528FB71D05A78AF466774EB2
C:\ProgramData\MFAData\SelfUpd\avgupd.sig --a---- 300 bytes [12:37 27/09/2012] [12:37 27/09/2012] 34715B8B96BFCCEE1B41BF0BED9F5D0C
C:\ProgramData\MFAData\SelfUpd\avgupdx.dll --a---- 2876024 bytes [12:37 27/09/2012] [12:37 27/09/2012] 268C9A738A01224A987CD978AC25E057
C:\ProgramData\MFAData\SelfUpd\avgutila.dll --a---- 1737568 bytes [12:37 27/09/2012] [08:53 14/02/2012] 5BCDCC4A48C21782508A53340F188716
C:\ProgramData\MFAData\SelfUpd\avgutilx.dll --a---- 1186144 bytes [12:37 27/09/2012] [08:53 14/02/2012] 33EBF29394D8D6E3A1AA2CD7A7911A46
C:\ProgramData\MFAData\SelfUpd\avgvva.dll --a---- 1104736 bytes [12:37 27/09/2012] [08:53 14/02/2012] 363DEB242D11AE18251304D04292956A
C:\ProgramData\MFAData\SelfUpd\avgvvx.dll --a---- 595808 bytes [12:37 27/09/2012] [08:53 14/02/2012] 4D5F1648A82FE60BC4B2F6BD41F3C12A
C:\ProgramData\MFAData\SelfUpd\avgwd.dll --a---- 1982160 bytes [12:37 27/09/2012] [07:48 21/06/2012] AC633C7D40C63A197649955A512AD7BD
C:\ProgramData\MFAData\SelfUpd\avgwdsvc.exe --a---- 193288 bytes [12:37 27/09/2012] [08:53 14/02/2012] EA1145DEBCD508FD25BD1E95C4346929
C:\ProgramData\MFAData\SelfUpd\avgwdwsc.dll --a---- 386160 bytes [12:37 27/09/2012] [07:48 13/06/2012] B642E645D7A790E0FA41E16C6C4234E6
C:\ProgramData\MFAData\SelfUpd\avgwebui.dll --a---- 429920 bytes [12:37 27/09/2012] [08:53 14/02/2012] E630B23CEA86E86DAF9C9D0AE7F94BBC
C:\ProgramData\MFAData\SelfUpd\avgwsc.exe --a---- 709824 bytes [12:37 27/09/2012] [08:53 14/02/2012] 2EE6E94BF54256182779EE1AE53C7A83
C:\ProgramData\MFAData\SelfUpd\avgxpl.dll --a---- 952952 bytes [12:37 27/09/2012] [19:44 24/08/2012] 283BA4ACC3CF1E5797AF7879EFB38386
C:\ProgramData\MFAData\SelfUpd\avgxpla.dll --a---- 1447032 bytes [12:37 27/09/2012] [19:44 24/08/2012] B7439A352DE0FB9C5E1737B3242E6E92
C:\ProgramData\MFAData\SelfUpd\avg_us.lng --a---- 1053297 bytes [12:37 27/09/2012] [07:18 31/07/2012] 4E28210283C174614580E3D9CC00FF4D
C:\Users\All Users\MFAData\cfgdump\avgexp_cfg.xml --a---- 786803 bytes [13:31 27/09/2012] [13:31 27/09/2012] 3557074798D456BA103BB80898C8AD0A
C:\Users\All Users\MFAData\cfgdump\avgexp_idp.xml --a---- 1026 bytes [13:31 27/09/2012] [13:31 27/09/2012] A8E05D81928EEF7BD2E5F91C38DD8DF0
C:\Users\All Users\MFAData\cfgdump\avgexp_pup.xml --a---- 1486 bytes [13:31 27/09/2012] [13:31 27/09/2012] D43ECDE8F40B5C010749EDB7CCD1FE81
C:\Users\All Users\MFAData\cfgdump\avgexp_rs.xml --a---- 549 bytes [13:31 27/09/2012] [13:31 27/09/2012] 63A64830DF2E8CC55586A9BD60CB8AEA
C:\Users\All Users\MFAData\cfgdump\avgexp_ws.xml --a---- 265 bytes [13:31 27/09/2012] [13:31 27/09/2012] 9117A60AF0C40B2228CA1C4985014979
C:\Users\All Users\MFAData\logs\avgcei.log --a---- 7714 bytes [13:31 27/09/2012] [13:34 27/09/2012] 8151FD942EE43F5877A284D8C714CD74
C:\Users\All Users\MFAData\SelfUpd\avg.snu --a---- 142 bytes [12:37 27/09/2012] [00:49 16/05/2012] 09E8406DBDDD2CBEA07F65FBFE8044C7
C:\Users\All Users\MFAData\SelfUpd\avgabout.dll --a---- 1336440 bytes [12:37 27/09/2012] [07:23 26/07/2012] 7240EA3FA768ED1E6E52741AE47EA08A
C:\Users\All Users\MFAData\SelfUpd\avgadvisorx.dll --a---- 476792 bytes [12:37 27/09/2012] [07:36 31/07/2012] DB4C494406ECAA861C49E4BF2FE1352E
C:\Users\All Users\MFAData\SelfUpd\avgamnot.dll --a---- 392032 bytes [12:37 27/09/2012] [08:52 14/02/2012] 08B098B89C5F5968BDA67EC58855B309
C:\Users\All Users\MFAData\SelfUpd\avgapia.dll --a---- 586872 bytes [12:37 27/09/2012] [07:48 22/05/2012] A28CA9B35F6D0536CDAF99C296922FB7
C:\Users\All Users\MFAData\SelfUpd\avgapiimpla.dll --a---- 6779000 bytes [12:37 27/09/2012] [07:24 13/08/2012] 493989470417849B66C85D504FEF45D9
C:\Users\All Users\MFAData\SelfUpd\avgapiimplx.dll --a---- 3515000 bytes [12:37 27/09/2012] [07:24 13/08/2012] 77811294EC2DF99D6638ACEBFD67812D
C:\Users\All Users\MFAData\SelfUpd\avgapix.dll --a---- 350840 bytes [12:37 27/09/2012] [07:48 22/05/2012] 1176FAE769EA995FF3BA0B26D0E5A773
C:\Users\All Users\MFAData\SelfUpd\avgapps.dll --a---- 64864 bytes [12:37 27/09/2012] [08:53 14/02/2012] BE897F865582A30F7D552B3FECF9B24A
C:\Users\All Users\MFAData\SelfUpd\avgar_us.chm --a---- 65871 bytes [12:37 27/09/2012] [18:43 03/02/2012] 2A641118187242BC15B077832071CF6B
C:\Users\All Users\MFAData\SelfUpd\avgatend.stp --a---- 32 bytes [12:37 27/09/2012] [12:37 27/09/2012] 34C50B69C2B299929457A85A8E030F38
C:\Users\All Users\MFAData\SelfUpd\avgatupd.stp --a---- 32 bytes [12:37 27/09/2012] [12:37 27/09/2012] 34C50B69C2B299929457A85A8E030F38
C:\Users\All Users\MFAData\SelfUpd\avgcclia.dll --a---- 580960 bytes [12:37 27/09/2012] [08:52 14/02/2012] 80DDC9151BFDF260AC4441A2F3943A04
C:\Users\All Users\MFAData\SelfUpd\avgcclix.dll --a---- 362848 bytes [12:37 27/09/2012] [08:52 14/02/2012] 11790A73767FBC981BA961D2231907E2
C:\Users\All Users\MFAData\SelfUpd\avgcerta.dll --a---- 374392 bytes [12:37 27/09/2012] [19:44 24/08/2012] 747601D47721AD1DE22CFFB4F912203D
C:\Users\All Users\MFAData\SelfUpd\avgcertx.dll --a---- 250488 bytes [12:37 27/09/2012] [19:44 24/08/2012] 583D2AB70DA4BDC7DCB5EC5C7B87A57C
C:\Users\All Users\MFAData\SelfUpd\avgcfga.dll --a---- 1834336 bytes [12:37 27/09/2012] [08:53 14/02/2012] 8415EF35A9CC4CF9E335AEC0EB562AAA
C:\Users\All Users\MFAData\SelfUpd\avgcfgex.exe --a---- 493920 bytes [12:37 27/09/2012] [08:52 14/02/2012] 9F0678A35B06CA75A8495762CE274495
C:\Users\All Users\MFAData\SelfUpd\avgcfgx.dll --a---- 1049440 bytes [12:37 27/09/2012] [08:52 14/02/2012] E2C78D19572AACC2062A00F01503807E
C:\Users\All Users\MFAData\SelfUpd\avgchcla.dll --a---- 261984 bytes [12:37 27/09/2012] [08:52 14/02/2012] D64B112ECC7230808829A7BE86DCE8E3
C:\Users\All Users\MFAData\SelfUpd\avgchclx.dll --a---- 172896 bytes [12:37 27/09/2012] [08:52 14/02/2012] 3466855DE825F86C484A3454AD090967
C:\Users\All Users\MFAData\SelfUpd\avgchjwa.dll --a---- 632440 bytes [12:37 27/09/2012] [07:24 13/08/2012] 0C9456994D087498B4B12DB6DE02779C
C:\Users\All Users\MFAData\SelfUpd\avgclita.dll --a---- 354656 bytes [12:37 27/09/2012] [08:52 14/02/2012] 2A4C9B21AEE9B53DD086B3AFBD251514
C:\Users\All Users\MFAData\SelfUpd\avgclitx.dll --a---- 256864 bytes [12:37 27/09/2012] [08:52 14/02/2012] 60732ECEC8AEF0A05FE36E661AA1C99C
C:\Users\All Users\MFAData\SelfUpd\avgcmgr.exe --a---- 878712 bytes [12:37 27/09/2012] [19:44 24/08/2012] C4C1C65323B63C640B79BD1C6969BC8D
C:\Users\All Users\MFAData\SelfUpd\avgcorea.dll --a---- 7500408 bytes [12:37 27/09/2012] [17:35 13/09/2012] FC7BEA10A59ABEA8C225BD6C55B09B7F
C:\Users\All Users\MFAData\SelfUpd\avgcorex.dll --a---- 5485176 bytes [12:37 27/09/2012] [17:35 13/09/2012] CA4912C91BAD92DD2AFCF282039740EC
C:\Users\All Users\MFAData\SelfUpd\avgcrema.exe --a---- 4590712 bytes [12:37 27/09/2012] [17:35 13/09/2012] 365AF669B33F7B0B2A45B99F269C0145
C:\Users\All Users\MFAData\SelfUpd\avgcsla.dll --a---- 1336672 bytes [12:37 27/09/2012] [08:53 14/02/2012] 077E3B75FF949678A2599ECD65C190B8
C:\Users\All Users\MFAData\SelfUpd\avgcslx.dll --a---- 853344 bytes [12:37 27/09/2012] [08:52 14/02/2012] FCF1A9C3FB29786946302B4470952D85
C:\Users\All Users\MFAData\SelfUpd\avgcsrva.exe --a---- 520032 bytes [12:37 27/09/2012] [08:52 14/02/2012] B96E3E543675039FC93D14EDF627231A
C:\Users\All Users\MFAData\SelfUpd\avgcsrvx.exe --a---- 338784 bytes [12:37 27/09/2012] [08:52 14/02/2012] ECC96985954185DFCF455FBBB8037A1B
C:\Users\All Users\MFAData\SelfUpd\avgdecider.dll --a---- 385920 bytes [12:37 27/09/2012] [09:56 23/03/2012] 17D469C94763642CD58FF8C98C12CA6F
C:\Users\All Users\MFAData\SelfUpd\avgdg_us.chm --a---- 63598 bytes [12:37 27/09/2012] [18:43 03/02/2012] 771531D61493547721D106F9568869AB
C:\Users\All Users\MFAData\SelfUpd\avgdiagex.exe --a---- 2698112 bytes [12:37 27/09/2012] [09:56 23/03/2012] B082D1AA020008B26D08B838C5B1E6BB
C:\Users\All Users\MFAData\SelfUpd\avgdtiea.dll --a---- 1393272 bytes [12:37 27/09/2012] [07:24 13/08/2012] B164DCA3DC26FD3DE0005902C1F5BB4C
C:\Users\All Users\MFAData\SelfUpd\avgdtiex.dll --a---- 938104 bytes [12:37 27/09/2012] [07:24 13/08/2012] 2DE0F0CF9A7F1CBBC4860EB020E08660
C:\Users\All Users\MFAData\SelfUpd\avgdumpa.exe --a---- 1194104 bytes [12:37 27/09/2012] [07:48 13/06/2012] 74CE9F4CBDCC147BB16042FAC323E970
C:\Users\All Users\MFAData\SelfUpd\avgdumpx.exe --a---- 686712 bytes [12:37 27/09/2012] [07:48 13/06/2012] F3EBE5508BC9EA8AB88DB5A46397EE09
C:\Users\All Users\MFAData\SelfUpd\avgemca.exe --a---- 1607040 bytes [12:37 27/09/2012] [09:18 19/03/2012] 938928B014F2ABA4C1293EA4D8714020
C:\Users\All Users\MFAData\SelfUpd\avgfree_us.mht --a---- 40287 bytes [12:37 27/09/2012] [23:21 08/08/2011] E679EF650FC033167E8E8CF829A9897B
C:\Users\All Users\MFAData\SelfUpd\avgf_us.chm --a---- 340601 bytes [12:37 27/09/2012] [18:54 25/06/2012] 984307D0F7A12AA5614B7F8DB5621932
C:\Users\All Users\MFAData\SelfUpd\avglnga.dll --a---- 289632 bytes [12:37 27/09/2012] [08:53 14/02/2012] D298CD4ED9E62620A35BC2F88A53F93D
C:\Users\All Users\MFAData\SelfUpd\avglngx.dll --a---- 176992 bytes [12:37 27/09/2012] [08:52 14/02/2012] 8B9D6D070113CFD8E20793768AFA26FC
C:\Users\All Users\MFAData\SelfUpd\avgloga.dll --a---- 515704 bytes [12:37 27/09/2012] [07:48 13/06/2012] 67165D5818A872A7F01047771AA81FC9
C:\Users\All Users\MFAData\SelfUpd\avglogx.dll --a---- 286328 bytes [12:37 27/09/2012] [07:48 13/06/2012] 25CD97F030AE70AF458FF6AB0B7E9B2E
C:\Users\All Users\MFAData\SelfUpd\avglscanx.exe --a---- 146784 bytes [12:37 27/09/2012] [08:52 14/02/2012] 3C9B25C38E7A2BA07FB4F7DB351D6FF0
C:\Users\All Users\MFAData\SelfUpd\avgls_us.chm --a---- 182864 bytes [12:37 27/09/2012] [14:54 20/04/2012] 55C3E008C23B417E0A71386433C3DFAA
C:\Users\All Users\MFAData\SelfUpd\avgmfapx.exe --a---- 7175408 bytes [12:37 27/09/2012] [12:37 27/09/2012] A77FBFE75A17790244A3AE2F9CCAF4FA
C:\Users\All Users\MFAData\SelfUpd\avgmfarx.dll --a---- 775800 bytes [12:37 27/09/2012] [12:37 27/09/2012] 7F79EED0F09C0C4D9DF72928BE524C19
C:\Users\All Users\MFAData\SelfUpd\avgmvfla.dll --a---- 165760 bytes [12:37 27/09/2012] [09:12 05/04/2012] 3438CCBCBD32AB39628D5E4C24F36A85
C:\Users\All Users\MFAData\SelfUpd\avgmvflx.dll --a---- 108416 bytes [12:37 27/09/2012] [09:12 05/04/2012] 56ADE3A81878DC51443465DC00391124
C:\Users\All Users\MFAData\SelfUpd\avgmwdef_us.mht --a---- 30267 bytes [12:37 27/09/2012] [23:21 08/08/2011] 1708519841EFC5953C99F29B5EF69E0B
C:\Users\All Users\MFAData\SelfUpd\avgnsa.exe --a---- 2011768 bytes [12:37 27/09/2012] [07:48 13/06/2012] 72EE3BF7378869AB5D72E7E191FD5FAA
C:\Users\All Users\MFAData\SelfUpd\avgntdumpa.exe --a---- 1114232 bytes [12:37 27/09/2012] [07:48 13/06/2012] FE6ED6DE378C50774D710243F4B39CBC
C:\Users\All Users\MFAData\SelfUpd\avgntdumpx.exe --a---- 616568 bytes [12:37 27/09/2012] [12:37 27/09/2012] D1AD62F6E370067493401BB18855326E
C:\Users\All Users\MFAData\SelfUpd\avgntopenssla.dll --a---- 1126752 bytes [12:37 27/09/2012] [08:53 14/02/2012] 863D56F63D254EBE27589893688CA8B3
C:\Users\All Users\MFAData\SelfUpd\avgntopensslx.dll --a---- 889696 bytes [12:37 27/09/2012] [08:52 14/02/2012] 91DC97F9DA3E2B59049D410870935C78
C:\Users\All Users\MFAData\SelfUpd\avgntsqlitea.dll --a---- 589152 bytes [12:37 27/09/2012] [08:53 14/02/2012] 857CBB3BB6BBB2BAEB9FB66CAC0DFC27
C:\Users\All Users\MFAData\SelfUpd\avgntsqlitex.dll --a---- 426848 bytes [12:37 27/09/2012] [08:52 14/02/2012] A5675206B80C4127BC687DCCA9A57212
C:\Users\All Users\MFAData\SelfUpd\avgopenssla.dll --a---- 160608 bytes [12:37 27/09/2012] [08:53 14/02/2012] 6F83C67F5339C2235996174BFB05041E
C:\Users\All Users\MFAData\SelfUpd\avgopensslx.dll --a---- 129376 bytes [12:37 27/09/2012] [08:52 14/02/2012] AFF2E23E4E867140F07ABADC9E29ACDC
C:\Users\All Users\MFAData\SelfUpd\avgpostinstx.dll --a---- 1231200 bytes [12:37 27/09/2012] [08:53 14/02/2012] ADFA73BBBED712CFA273FF65B6A8571B
C:\Users\All Users\MFAData\SelfUpd\avgpp.dll --a---- 122752 bytes [12:37 27/09/2012] [09:19 27/03/2012] 4D2F7EF92AE8725243E5A3AFD3F1834F
C:\Users\All Users\MFAData\SelfUpd\avgppa.dll --a---- 174464 bytes [12:37 27/09/2012] [09:19 27/03/2012] B9E71037FC6E049FD6D43336B74E02DE
C:\Users\All Users\MFAData\SelfUpd\avgresf.dll --a---- 661344 bytes [12:37 27/09/2012] [08:52 14/02/2012] E387AE51F3BD310897C960399EE0D257
C:\Users\All Users\MFAData\SelfUpd\avgrkta.dll --a---- 776824 bytes [12:37 27/09/2012] [00:37 28/08/2012] D260A37BBEFCE7220A3BDB5DF55C525B
C:\Users\All Users\MFAData\SelfUpd\avgrsa.exe --a---- 1393784 bytes [12:37 27/09/2012] [07:23 26/07/2012] 072D294B9005F9AA1D03B7EBFA981344
C:\Users\All Users\MFAData\SelfUpd\avgrunasx.exe --a---- 270968 bytes [12:37 27/09/2012] [12:37 27/09/2012] FD464FA77ADE059D789C1FD29A512BBF
C:\Users\All Users\MFAData\SelfUpd\avgsals_us.mht --a---- 40285 bytes [12:37 27/09/2012] [23:21 08/08/2011] 45EFB2B5CE8F8E34062DA0817A6AD500
C:\Users\All Users\MFAData\SelfUpd\avgsbfree_us.mht --a---- 16566 bytes [12:37 27/09/2012] [23:21 08/08/2011] A08274E9F97507796BB03D3589895C54
C:\Users\All Users\MFAData\SelfUpd\avgsbga.dll --a---- 1047904 bytes [12:37 27/09/2012] [08:53 14/02/2012] 935A2E131BCA3A075AD72F0DC2077D7B
C:\Users\All Users\MFAData\SelfUpd\avgscana.dll --a---- 212320 bytes [12:37 27/09/2012] [08:53 14/02/2012] BBA44865F606EE1E698ABDF705A90F87
C:\Users\All Users\MFAData\SelfUpd\avgscana.exe --a---- 1728120 bytes [12:37 27/09/2012] [07:48 13/06/2012] 10AEE3CEE4801E5962AF1B8E17DAD353
C:\Users\All Users\MFAData\SelfUpd\avgscanx.dll --a---- 140128 bytes [12:37 27/09/2012] [08:53 14/02/2012] 63960EF68D878D006D24603C5D4F176A
C:\Users\All Users\MFAData\SelfUpd\avgscanx.exe --a---- 990840 bytes [12:37 27/09/2012] [07:48 13/06/2012] 4AE532194AE7D2FE6378C1166B006B49
C:\Users\All Users\MFAData\SelfUpd\avgsched.dll --a---- 547168 bytes [12:37 27/09/2012] [08:53 14/02/2012] EB4A30EAC3B3C304EAC8A10970E3402E
C:\Users\All Users\MFAData\SelfUpd\avgse.dll --a---- 158560 bytes [12:37 27/09/2012] [08:53 14/02/2012] 801FC32EFA043F6C9E9F5BDAC84795F2
C:\Users\All Users\MFAData\SelfUpd\avgsea.dll --a---- 214880 bytes [12:37 27/09/2012] [08:53 14/02/2012] B4A4AE41F86BB7F01ADCCA7D6E34AAE6
C:\Users\All Users\MFAData\SelfUpd\avgsrma.dll --a---- 959608 bytes [12:37 27/09/2012] [07:48 13/06/2012] 060F2AED6BE18FCC05515A18CE4A0813
C:\Users\All Users\MFAData\SelfUpd\avgsrmaa.exe --a---- 1252192 bytes [12:37 27/09/2012] [08:53 14/02/2012] CB7C95F140DCBC45B0937F843D63F4D8
C:\Users\All Users\MFAData\SelfUpd\avgsrmax.exe --a---- 793952 bytes [12:37 27/09/2012] [08:53 14/02/2012] 406D3F757C9E75101E6E51835AAC312B
C:\Users\All Users\MFAData\SelfUpd\avgsrmx.dll --a---- 507512 bytes [12:37 27/09/2012] [07:48 13/06/2012] B496B116F621223357DEFE4508B0987E
C:\Users\All Users\MFAData\SelfUpd\avgssie.dll --a---- 1417336 bytes [12:37 27/09/2012] [08:12 24/06/2012] 9FE93E05194427727A755032436533B3
C:\Users\All Users\MFAData\SelfUpd\avgssiea.dll --a---- 1968248 bytes [12:37 27/09/2012] [08:12 24/06/2012] 416C51633BF1E74E48B0B3BF106CBFEC
C:\Users\All Users\MFAData\SelfUpd\avgsysa.dll --a---- 490336 bytes [12:37 27/09/2012] [08:53 14/02/2012] F108BD69365EFC749C7E5F8BBEB51E3B
C:\Users\All Users\MFAData\SelfUpd\avgsysx.dll --a---- 366432 bytes [12:37 27/09/2012] [08:53 14/02/2012] 93312F83FD4D5C38CEE8AA1265C061EE
C:\Users\All Users\MFAData\SelfUpd\AVGTBInstall.exe --a---- 11383392 bytes [12:37 27/09/2012] [12:38 16/08/2012] 0D082FB144AC46B0ADC63E5B223E7597
C:\Users\All Users\MFAData\SelfUpd\avgtray.exe --a---- 2596984 bytes [12:37 27/09/2012] [07:37 31/07/2012] 596F5A2C5916EFD177B0614788B0CDF1
C:\Users\All Users\MFAData\SelfUpd\avgtrial_us.mht --a---- 19914 bytes [12:37 27/09/2012] [23:21 08/08/2011] 2527CC3FA5ED1151C3DFDF3A206A5461
C:\Users\All Users\MFAData\SelfUpd\avgui.exe --a---- 4370552 bytes [12:37 27/09/2012] [07:39 07/08/2012] 16E3C0E47A954680ED5CE18FD01E9A1D
C:\Users\All Users\MFAData\SelfUpd\avguiadv.dll --a---- 2638456 bytes [12:37 27/09/2012] [06:35 14/06/2012] 04263A657BFEDD480B354826CE08A2DB
C:\Users\All Users\MFAData\SelfUpd\avguires.dll --a---- 3178104 bytes [12:37 27/09/2012] [07:23 26/07/2012] 6F20729E802D5CC643A73A7F0339032B
C:\Users\All Users\MFAData\SelfUpd\avguirux.exe --a---- 42104 bytes [12:37 27/09/2012] [12:37 27/09/2012] D725B8C5528FB71D05A78AF466774EB2
C:\Users\All Users\MFAData\SelfUpd\avgupd.sig --a---- 300 bytes [12:37 27/09/2012] [12:37 27/09/2012] 34715B8B96BFCCEE1B41BF0BED9F5D0C
C:\Users\All Users\MFAData\SelfUpd\avgupdx.dll --a---- 2876024 bytes [12:37 27/09/2012] [12:37 27/09/2012] 268C9A738A01224A987CD978AC25E057
C:\Users\All Users\MFAData\SelfUpd\avgutila.dll --a---- 1737568 bytes [12:37 27/09/2012] [08:53 14/02/2012] 5BCDCC4A48C21782508A53340F188716
C:\Users\All Users\MFAData\SelfUpd\avgutilx.dll --a---- 1186144 bytes [12:37 27/09/2012] [08:53 14/02/2012] 33EBF29394D8D6E3A1AA2CD7A7911A46
C:\Users\All Users\MFAData\SelfUpd\avgvva.dll --a---- 1104736 bytes [12:37 27/09/2012] [08:53 14/02/2012] 363DEB242D11AE18251304D04292956A
C:\Users\All Users\MFAData\SelfUpd\avgvvx.dll --a---- 595808 bytes [12:37 27/09/2012] [08:53 14/02/2012] 4D5F1648A82FE60BC4B2F6BD41F3C12A
C:\Users\All Users\MFAData\SelfUpd\avgwd.dll --a---- 1982160 bytes [12:37 27/09/2012] [07:48 21/06/2012] AC633C7D40C63A197649955A512AD7BD
C:\Users\All Users\MFAData\SelfUpd\avgwdsvc.exe --a---- 193288 bytes [12:37 27/09/2012] [08:53 14/02/2012] EA1145DEBCD508FD25BD1E95C4346929
C:\Users\All Users\MFAData\SelfUpd\avgwdwsc.dll --a---- 386160 bytes [12:37 27/09/2012] [07:48 13/06/2012] B642E645D7A790E0FA41E16C6C4234E6
C:\Users\All Users\MFAData\SelfUpd\avgwebui.dll --a---- 429920 bytes [12:37 27/09/2012] [08:53 14/02/2012] E630B23CEA86E86DAF9C9D0AE7F94BBC
C:\Users\All Users\MFAData\SelfUpd\avgwsc.exe --a---- 709824 bytes [12:37 27/09/2012] [08:53 14/02/2012] 2EE6E94BF54256182779EE1AE53C7A83
C:\Users\All Users\MFAData\SelfUpd\avgxpl.dll --a---- 952952 bytes [12:37 27/09/2012] [19:44 24/08/2012] 283BA4ACC3CF1E5797AF7879EFB38386
C:\Users\All Users\MFAData\SelfUpd\avgxpla.dll --a---- 1447032 bytes [12:37 27/09/2012] [19:44 24/08/2012] B7439A352DE0FB9C5E1737B3242E6E92
C:\Users\All Users\MFAData\SelfUpd\avg_us.lng --a---- 1053297 bytes [12:37 27/09/2012] [07:18 31/07/2012] 4E28210283C174614580E3D9CC00FF4D
C:\Windows\System32\avgrep.txt --a---- 6509 bytes [01:25 13/01/2012] [01:55 13/01/2012] C248854EA6B5806E07EFE126CC9EE254

Searching for "*mcafee*"
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[2].txt --a---- 171 bytes [00:12 11/11/2011] [00:12 11/11/2011] 2271E103ABE4D13E9466EC343D78D697
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[3].txt --a---- 240 bytes [00:13 11/11/2011] [00:13 11/11/2011] C6AB2302EB355EE8A734F9F358D974C0

========== folderfind ==========

Searching for "*avg*"
C:\Users\Palmer\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_avgui.exe_a5c56e8e1bc64deddc8a6678b573b6921157ef_288bde93 d----c- [11:36 25/10/2012]
C:\Windows\System32\config\systemprofile\AppData\Local\Avg2013 d------ [01:54 21/11/2012]

Searching for "*mcafee*"
C:\ProgramData\McAfee d------ [17:21 28/07/2011]
C:\Users\All Users\McAfee d------ [17:21 28/07/2011]

========== Regfind ==========

Searching for "avg"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d14b6a1e_0]
@="{0.0.0.00000000}.{5b559956-cc65-4e2e-81e0-d07460987165}|\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgtray.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LinkScannerIE.NavFilter]
@="AVG Safe Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LinkScannerIE.NavFilter.1]
@="AVG Safe Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\log\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\config\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\avi\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\Cfg\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\DB\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\0\win64]
@="C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2012\avgppa.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2012"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\39]
"Filename"="C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\39]
"DeviceName"="C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-586848840-3213021952-4089556407-1000\02lvykhytnnv]
"DeviceId"="<Data><User username="02LVYKHYTNNV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJiKV5QLKNkKYOg0tIkP9UQQAAAACAAAAAAAQZgAAAAEAACAAAABSlM942+Y9uX1mPLiSaVIcMQEt7UV/sd/LO6ZkoH5e3wAAAAAOgAAAAAIAACAAAAB1Ey3fIVv9TmlPo8qFvU1JkI5F30fBqwA1N9YYnsd/qjAAAAAyRHvdk10BXWToqma9nWApDy25swoez1JFL3rnKWto9XRD9veHrCT2UEXjYWPWVw1AAAAALexmv78DvOQ2qh+JoWYtj+8ZgaI7gL/9MVli63cSBbyFVeYoK/JQPjNtOFFZReV2dvGpaMZf0bEPU496Gpqn5A==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lvykhytnnv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVQB3AGYAUQBJAFgAZQBTAGIARQArAFEAbwBsAEwAdABaAFYAegAyAHUAQQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEMAaQBUAEYAagB0AHkAdABsAFAAMABMAG4AMgBLAG8Aa
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d14b6a1e_0]
@="{0.0.0.00000000}.{5b559956-cc65-4e2e-81e0-d07460987165}|\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgtray.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-586848840-3213021952-4089556407-1000\02lvykhytnnv]
"DeviceId"="<Data><User username="02LVYKHYTNNV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJiKV5QLKNkKYOg0tIkP9UQQAAAACAAAAAAAQZgAAAAEAACAAAABSlM942+Y9uX1mPLiSaVIcMQEt7UV/sd/LO6ZkoH5e3wAAAAAOgAAAAAIAACAAAAB1Ey3fIVv9TmlPo8qFvU1JkI5F30fBqwA1N9YYnsd/qjAAAAAyRHvdk10BXWToqma9nWApDy25swoez1JFL3rnKWto9XRD9veHrCT2UEXjYWPWVw1AAAAALexmv78DvOQ2qh+JoWYtj+8ZgaI7gL/9MVli63cSBbyFVeYoK/JQPjNtOFFZReV2dvGpaMZf0bEPU496Gpqn5A==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lvykhytnnv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVQB3AGYAUQBJAFgAZQBTAGIARQArAFEAbwBsAEwAdABaAFYAegAyAHUAQQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEMAaQBUAEYAagB0AHkAdABsAFAAMABMAG4AMgBLAG8Aa

Searching for "mcafee"
[HKEY_CURRENT_USER\Software\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\x64\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75779432-B7EF-41DE-B87A-AB6CF8EE807B}\InProcServer32]
@="c:\PROGRA~1\mcafee\mqs\qcshm.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A25E6C4A-CEA5-4C55-813C-E2AB3C2D3B48}\InprocServer32]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C88F5D3A-EBE1-4513-AFC9-CE98CBD96A74}\InprocServer32]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90134D2-4AE9-407A-919A-4A2EF09C6C51}\InprocServer32]
@="c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
@="McAfee Host SA Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\sasshmod.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE480D09-9DD2-49A8-A3C3-B8B4B4F84F19}\InProcServer32]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F247FE7E-B969-4f98-BEE7-D6AA9D85A150}\InprocServer32]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\mqs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\msc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\progra~2\mcafee\sitead~1\mcsaco~1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7520A2F-82E1-4DD5-A4BF-9D56BCF1D743}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\mqs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\msc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC]
"mcutil64_install_dir"="C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_0_2~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\progra~2\mcafee\sitead~1\mcsaco~1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F7520A2F-82E1-4DD5-A4BF-9D56BCF1D743}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\mqs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\msc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\73]
"Filename"="C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\73]
"DeviceName"="C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\75]
"Filename"="C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\75]
"DeviceName"="C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\McAfee]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

-= EOF =-

3) I've had no trouble with the instructions so far.

4) The computer seems to be running ok. I have my printer back online :).
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 27th, 2013, 7:26 am

Oh, by the way, I need Adobe reader to open pdfs for my online work that I do. Can I download it back?
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 27th, 2013, 9:15 pm

Hello boondoc,

Step 1.
Please download Adobe Reader here.
Be sure to download the newest version. It should be the default download.
Be sure to uncheck the box for "McAfee's Security Scan Plus" add-on prior to downloading.


Step 2.
Please download and run AVG removal tool from here.
Save it to your desktop and remember to: "Right click and run as Admin".


Step 3.
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *avg*
    *mcafee*
    
    :folderfind
    *avg*
    *mcafee*
    
    :Regfind
    avg
    mcafee
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please include in your next reply:
  1. Contents of SystemLook.txt
  2. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 27th, 2013, 11:15 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 23:07 on 27/03/2013 by Palmer
Administrator - Elevation successful

========== filefind ==========

Searching for "*avg*"
C:\Users\Palmer\Desktop\avgremover.log --a---- 178200 bytes [03:04 28/03/2013] [03:05 28/03/2013] 68D24A997C18BBE73661BACEFE5071D0
C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe --a---- 3222280 bytes [02:59 28/03/2013] [02:59 28/03/2013] C116A638C1F59730DF8F097F8070AA99
C:\Windows\System32\avgrep.txt --a---- 6509 bytes [01:25 13/01/2012] [01:55 13/01/2012] C248854EA6B5806E07EFE126CC9EE254

Searching for "*mcafee*"
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[2].txt --a---- 171 bytes [00:12 11/11/2011] [00:12 11/11/2011] 2271E103ABE4D13E9466EC343D78D697
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\win-k3dk7u427ph$@mcafee[3].txt --a---- 240 bytes [00:13 11/11/2011] [00:13 11/11/2011] C6AB2302EB355EE8A734F9F358D974C0

========== folderfind ==========

Searching for "*avg*"
C:\Users\Palmer\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_avgui.exe_a5c56e8e1bc64deddc8a6678b573b6921157ef_288bde93 d----c- [11:36 25/10/2012]

Searching for "*mcafee*"
C:\ProgramData\McAfee d------ [17:21 28/07/2011]
C:\Users\All Users\McAfee d------ [17:21 28/07/2011]

========== Regfind ==========

Searching for "avg"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d14b6a1e_0]
@="{0.0.0.00000000}.{5b559956-cc65-4e2e-81e0-d07460987165}|\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgtray.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2012\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2012\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\log\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\config\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\IDS\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\avi\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\Cfg\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\AVG2013\DB\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\AVG\AVG2013\awacs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03417262F87C7FE4AAD0D2FBFC7CB9F3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\scanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E9A06E17F2CBFC42908A7AD66EF5401]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\corelog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F391EB72F3A0F44798692F96613B5A0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\tdilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41ED20A6906033F43860CECF0824F36F]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\privlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\47267D11CB256E640ADFDCA61B72D247]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfgexlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5522F383C5285CC459238472161300DA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\cfglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\583CA4CF0AC7F8843A84E5D8130C367A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\ldrlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D70FD512AFFB5C459F4EB79441AB0CA]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\rslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6692140C420A7034BB32511EEF6A4046]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B73052A1DF4DEC4F82474ABD9C86A1D]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\csllog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\84A020F387925634F9769E7BFE004F20]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9238717B266ADD643AD39013EA460A97]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\arklog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A1134359B7955984A9B6A1FC0EEB7EBE]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\nslog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4DF15DF1AEF0BC4194959FAC3C8D515]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\chjwlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEA16B55A833DBE4784A89E373C82EF0]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\publog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6240439242E4BC4E8F83A199AC2AEE2]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\vaultlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9416FA855A98BF4792271554BFDAABB]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lnglog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBBE5F8AE6A8DE247A8A775E67E44B3C]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avguilog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBD102EF66D93CB4A8C6AA14FD2335B3]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\updlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEA9A6D8B5FDFB34B875367D1065891A]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\schedlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D55441B1479F59740AFBE9FDD2740122]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\srmlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E44FA2B654640724596D61083C5FD4A4]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\wdsvclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1C570715109D3A4A99BE27ED26855D8]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\avgmail.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2A8FCE0C74359D4093F67EC7D6E1500]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\emclog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F59EFE50136030B4E87919A92806215B]
"00000000000000000000000000000000"="C:\ProgramData\AVG2012\log\lscanlog.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0]
"Filename"="C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\0]
"DeviceName"="C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\47]
"Filename"="C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\47]
"DeviceName"="C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"Service"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH\0000]
"DeviceDesc"="AVGIDSEH"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-586848840-3213021952-4089556407-1000\02lvykhytnnv]
"DeviceId"="<Data><User username="02LVYKHYTNNV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJiKV5QLKNkKYOg0tIkP9UQQAAAACAAAAAAAQZgAAAAEAACAAAABSlM942+Y9uX1mPLiSaVIcMQEt7UV/sd/LO6ZkoH5e3wAAAAAOgAAAAAIAACAAAAB1Ey3fIVv9TmlPo8qFvU1JkI5F30fBqwA1N9YYnsd/qjAAAAAyRHvdk10BXWToqma9nWApDy25swoez1JFL3rnKWto9XRD9veHrCT2UEXjYWPWVw1AAAAALexmv78DvOQ2qh+JoWYtj+8ZgaI7gL/9MVli63cSBbyFVeYoK/JQPjNtOFFZReV2dvGpaMZf0bEPU496Gpqn5A==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lvykhytnnv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVQB3AGYAUQBJAFgAZQBTAGIARQArAFEAbwBsAEwAdABaAFYAegAyAHUAQQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEMAaQBUAEYAagB0AHkAdABsAFAAMABMAG4AMgBLAG8Aa
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\AppDataLow\Software\Avg]
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\AppDataLow\Software\Avg\Avg2012]
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d14b6a1e_0]
@="{0.0.0.00000000}.{5b559956-cc65-4e2e-81e0-d07460987165}|\Device\HarddiskVolume2\Program Files (x86)\AVG\AVG2012\avgtray.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgtray.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\PROGRA~2\AVG\AVG2012\avgui.exe"="AVG"
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-586848840-3213021952-4089556407-1000\02lvykhytnnv]
"DeviceId"="<Data><User username="02LVYKHYTNNV"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAJiKV5QLKNkKYOg0tIkP9UQQAAAACAAAAAAAQZgAAAAEAACAAAABSlM942+Y9uX1mPLiSaVIcMQEt7UV/sd/LO6ZkoH5e3wAAAAAOgAAAAAIAACAAAAB1Ey3fIVv9TmlPo8qFvU1JkI5F30fBqwA1N9YYnsd/qjAAAAAyRHvdk10BXWToqma9nWApDy25swoez1JFL3rnKWto9XRD9veHrCT2UEXjYWPWVw1AAAAALexmv78DvOQ2qh+JoWYtj+8ZgaI7gL/9MVli63cSBbyFVeYoK/JQPjNtOFFZReV2dvGpaMZf0bEPU496Gpqn5A==</Pwd><Certificate targetname="WindowsLive:(cert):name=02lvykhytnnv;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVQB3AGYAUQBJAFgAZQBTAGIARQArAFEAbwBsAEwAdABaAFYAegAyAHUAQQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEMAaQBUAEYAagB0AHkAdABsAFAAMABMAG4AMgBLAG8Aa

Searching for "mcafee"
[HKEY_CURRENT_USER\Software\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\x64\MCSACO~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75779432-B7EF-41DE-B87A-AB6CF8EE807B}\InProcServer32]
@="c:\PROGRA~1\mcafee\mqs\qcshm.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A25E6C4A-CEA5-4C55-813C-E2AB3C2D3B48}\InprocServer32]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C88F5D3A-EBE1-4513-AFC9-CE98CBD96A74}\InprocServer32]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90134D2-4AE9-407A-919A-4A2EF09C6C51}\InprocServer32]
@="c:\PROGRA~1\mcafee\VIRUSS~1\naiann.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
@="McAfee Host SA Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32]
@="c:\PROGRA~2\mcafee\SITEAD~1\sasshmod.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE480D09-9DD2-49A8-A3C3-B8B4B4F84F19}\InProcServer32]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F247FE7E-B969-4f98-BEE7-D6AA9D85A150}\InprocServer32]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\mqs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\msc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\progra~2\mcafee\sitead~1\mcsaco~1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7520A2F-82E1-4DD5-A4BF-9D56BCF1D743}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\mqs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\msc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\MSC]
"mcutil64_install_dir"="C:\PROGRA~1\COMMON~1\McAfee\MSC\mcutil\11_0_2~1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
"path"="C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
@="c:\progra~2\mcafee\sitead~1\mcsaco~1.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F7520A2F-82E1-4DD5-A4BF-9D56BCF1D743}\InprocServer32]
@="C:\Program Files (x86)\Common Files\McAfee\MSC\mcbr3264.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
@="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
"LocalService"="McAfee SiteAdvisor Service"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\mqs\shredext.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\mqs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
@="c:\PROGRA~1\mcafee\msc\mcoobesv.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
@="c:\PROGRA~1\mcafee\msc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
@="C:\Program Files\McAfee\MSC\McAWFwk.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\81]
"Filename"="C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\81]
"DeviceName"="C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\83]
"Filename"="C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\HIPS\Policy\83]
"DeviceName"="C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
"DeviceDesc"="McAfee Inc. cfwids"
[HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
[HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\McAfee]
[HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]

-= EOF =-

No problems with instructions. Computer has been booting up slow and it seemed like my mouse pointer got taken over earlier today.
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby wannabeageek » March 29th, 2013, 9:44 am

Hello boondoc,


Step 1.
Run OTL Script

We need to run an OTL Fix It should still be on your desktop.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :Reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Avg]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d14b6a1e_0]
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\PROGRA~2\AVG\AVG2012\avgtray.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2012\avgui.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\PROGRA~2\AVG\AVG2012\avgui.exe"=-
    [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2013\avgui.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2012\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2012\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2012\awacs\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2013\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\log\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\IDS\config\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\IDS\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\avi\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\Cfg\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\AVG2013\DB\"-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\Program Files (x86)\AVG\AVG2013\awacs\"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}]
    "Publisher"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    "DllName"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgtray_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
    "Publisher"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSEH]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
    [-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
    [-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
    [-HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\AppDataLow\Software\Avg]
    [-HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d14b6a1e_0]
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\PROGRA~2\AVG\AVG2012\avgtray.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2012\avgui.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\PROGRA~2\AVG\AVG2012\avgui.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2013\avgui.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\PROGRA~2\AVG\AVG2012\avgtray.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2012\avgui.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\PROGRA~2\AVG\AVG2012\avgui.exe"=-
    [HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
    "C:\Program Files (x86)\AVG\AVG2013\avgui.exe"=-
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
    [-HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
    [-HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
    [-HKEY_CURRENT_USER\Software\McAfee]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{75779432-B7EF-41DE-B87A-AB6CF8EE807B}\InProcServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A25E6C4A-CEA5-4C55-813C-E2AB3C2D3B48}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C88F5D3A-EBE1-4513-AFC9-CE98CBD96A74}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C90134D2-4AE9-407A-919A-4A2EF09C6C51}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD009C4C-EAAC-4A03-9C44-4342D4CFABA9}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE480D09-9DD2-49A8-A3C3-B8B4B4F84F19}\InProcServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F247FE7E-B969-4f98-BEE7-D6AA9D85A150}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F7520A2F-82E1-4DD5-A4BF-9D56BCF1D743}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    "LocalService"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
    @=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
    "path"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{0CB58125-ED4E-4125-B72E-BA3435AC4421}\InProcServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{2F4C0E0C-80AD-4105-9A0F-4BA90BB64296}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{F7520A2F-82E1-4DD5-A4BF-9D56BCF1D743}\InprocServer32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{B48A23C6-434F-43bc-B98E-AF5B21A92964}]
    "LocalService"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\0\win64]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{35B517DE-7993-46D7-BCF5-CD00A3A03D65}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\0\win64]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{4DC7F0B7-6AD0-4632-9663-D392C8BA31E6}\1.0\HELPDIR]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{BF3E8E65-73B1-41da-9305-4AE7638A8CCB}\1.0\0\win32]
    @=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CFWIDS\0000]
    "DeviceDesc"=-
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\SystemCertificates\McAfee Trust]
    [-HKEY_USERS\S-1-5-21-586848840-3213021952-4089556407-1000\Software\McAfee]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\SystemCertificates\McAfee Trust]
    
    :Files
    C:\Users\Palmer\Desktop\avgremover.log 
    C:\Users\Palmer\Desktop\avg_remover_stf_x64_2013_2706.exe
    C:\Windows\System32\avgrep.txt
    C:\ProgramData\McAfee
    C:\Users\All Users\McAfee
    
    :Commands
    [EMPTYTEMP]
    
  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  • Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.





Step 2.
SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield: Do not include the word Code
    Code: Select all
    :filefind
    *avg*
    *mcafee*
    
    :folderfind
    *avg*
    *mcafee*
    
    :Regfind
    avg
    mcafee 
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt



Please include in your next reply:
  1. Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
  2. Contents of SystemLook.txt
  3. Any problem executing the instructions?
  4. How is the computer behaving?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 29th, 2013, 11:43 pm

OTL scan won't complete. it gets to a point and just says "not responding" anymore. it will create a restore point, but won't get past the registry process.
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm

Re: Odd exe commands setting off firewall/registry tampered?

Unread postby boondoc » March 29th, 2013, 11:45 pm

do I need to delete OTL and re-download?
boondoc
Regular Member
 
Posts: 40
Joined: November 15th, 2012, 9:02 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware