Constant CAPTCHA verification on Google sites

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Constant CAPTCHA verification on Google sites

#1 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 12:17 AM

About every hour I have to relogin and reverify that I am not a bot on youtube, google, etc. It doesn't say the usual message, "Unusual traffic from your computer network." Instead I am just somehow logged out and when I try to log back in I have to do the CAPTCHA. This all started happening about a weak ago. Around the same time my HP printer/scanner stopped working too by saying the software is not properly installed. To which the deepest possible level of manually uninstalling has not helped, after reinstalling the same message appears. Can anyone find something wrong in my log? Also why are there so many (file missing)'s in O23?

Quote

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:58 PM, on 2/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\Input Director\InputDirector.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Input Director\InputDirectorClipboardHelper.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Creative\Console Launcher\ConsoLCu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
O4 - HKCU\..\Run: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide
O4 - HKCU\..\Run: [2C628806C8122DE3602F3FBE803DEA7C493D935E._service_run] "C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (file missing)
O23 - Service: Input Director Vista Service (IDVistaService) - Unknown owner - C:\Program Files (x86)\Input Director\IDVistaService.exe
O23 - Service: Input Director Service (InputDirector) - Unknown owner - C:\Program Files (x86)\Input Director\IDWinService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yet Another Media Meta Manager (YammmSvc) - Mikinho - C:\Program Files (x86)\Yammm\YammmSvc.exe

--
End of file - 12815 bytes

This post has been edited by DerekZ10: 06 February 2012 - 12:27 AM

#2 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 February 2012 - 12:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

Do not run any other tool untill instructed to do so!
Please Do not Attach logs or put in code boxes.
Tell me about any problems that have occurred during the fix.
Tell me of any other symptoms you may be having as these can help also.
Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

DeFogger

desktop

DeFogger

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not

Download DDS:

DDS by sUBs

Link1

Link2

Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

information and logs:

In your next post I need the following

.logs from DDS
let me know of any problems you may have had

Gringo

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->

<-- Don't worry every little bit helps.

#3 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 01:47 AM

I initially had trouble because AutoCad associated the .scr file with notepad. I found a registry key to fix it though.

Quote

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:19 on 06/02/2012 (Derek)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Quote

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Derek at 0:26:24 on 2012-02-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.4104 [GMT -6:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Input Director\IDWinService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Input Director\InputDirectorSessionHelper.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Program Files (x86)\Input Director\InputDirector.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Input Director\IDVistaService.exe
C:\Program Files (x86)\Input Director\InputDirectorClipboardHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\MediaMall\MediaMallServer.exe
C:\Program Files (x86)\Yammm\YammmSvc.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rdpclip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\MediaMall\PlayOn.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Creative\Console Launcher\ConsoLCu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Windows\system32\prevhost.exe
C:\Windows\SysWOW64\prevhost.exe
c:\program files (x86)\adobe\acrobat 10.0\acrobat\acrord32.exe
c:\program files (x86)\adobe\acrobat 10.0\acrobat\acrord32.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe /autoRun
uRun: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe
uRun: [InputDirector] "C:\Program Files (x86)\Input Director\InputDirector.exe" /hide
uRun: [2C628806C8122DE3602F3FBE803DEA7C493D935E._service_run] "C:\Users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 8.8.8.8 192.168.254.254
TCP: Interfaces\{F77DF858-C71A-42A2-A8FB-B51A4E81AA24} : DhcpNameServer = 8.8.8.8 192.168.254.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO-X64: LastPass Browser Helper Object - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv86win32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nplv90win32.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 InputDirector;Input Director Service;C:\Program Files (x86)\Input Director\IDWinService.exe [2011-12-14 36864]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2011-11-10 5154680]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-8-13 138600]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-5 1153368]
R2 YammmSvc;Yet Another Media Meta Manager;C:\Program Files (x86)\Yammm\YammmSvc.exe [2010-8-3 14336]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys --> C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 IDVistaService;Input Director Vista Service;C:\Program Files (x86)\Input Director\IDVistaService.exe [2010-7-21 13824]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 atillk64;atillk64;E:\Apps+Programs\LowLevel\atillk64.sys [2011-11-11 14608]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-20 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-20 8456]
S3 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe --> C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [?]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040]
S3 prwntdrv;prwntdrv;C:\Windows\System32\prwntdrv.sys [2011-5-2 13704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-2 79360]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-2 79360]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-17 1030600]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-3 2152152]
S4 Synergy Server;Synergy Server;C:\Program Files\Synergy\synergys.exe --> C:\Program Files\Synergy\synergys.exe [?]
.
=============== Created Last 30 ================
.
2012-02-06 06:20:58 -------- d-----w- C:\Users\Derek\AppData\Local\Apps
2012-02-06 01:34:34 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-05 23:07:28 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-02-05 23:00:50 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-02-05 23:00:42 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-05 21:56:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-02-05 21:56:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-02-05 21:48:55 388096 ----a-r- C:\Users\Derek\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-05 21:48:55 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-02 23:15:57 14522912 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-02-02 23:15:53 -------- d-----w- C:\Program Files (x86)\LastPass
2012-02-02 21:10:44 -------- d-----w- C:\Users\Derek\AppData\Local\OfficeDrop
2012-02-02 21:10:19 -------- d-----w- C:\Program Files\Nuance
2012-02-02 21:09:43 -------- d-----w- C:\ProgramData\Zeon
2012-02-02 21:08:57 -------- d-----w- C:\Users\Derek\AppData\Roaming\Zeon
2012-02-02 21:08:56 -------- d-----w- C:\Users\Derek\AppData\Roaming\Nuance
2012-02-02 21:08:42 -------- d-----w- C:\Users\Derek\AppData\Roaming\.oit
2012-02-02 21:08:04 -------- d-----w- C:\Windows\PIXTRAN
2012-02-02 21:08:04 -------- d-----w- C:\ProgramData\Nuance
2012-02-02 21:08:04 -------- d-----w- C:\Program Files (x86)\Nuance
2012-02-02 21:08:04 -------- d-----w- C:\Program Files (x86)\Common Files\ScanSoft Shared
2012-02-01 22:57:18 -------- d-----w- C:\Windows\twain_32
2012-02-01 22:20:43 -------- d-----w- C:\Program Files (x86)\Ixia
2012-02-01 22:20:17 -------- d-----w- C:\Program Files (x86)\IxiaInstallerCache
2012-02-01 10:05:15 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E45A49B4-69AD-4E0B-A7C1-CA4D7AEBE0F3}\mpengine.dll
2012-02-01 07:31:52 -------- d-----w- C:\Windows\Hewlett-Packard
2012-02-01 07:27:00 -------- d-----w- C:\ProgramData\SSScanAppDataDir
2012-02-01 07:26:54 -------- d-----w- C:\ProgramData\MSScanAppDataDir
2012-02-01 05:02:33 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-01 05:00:44 -------- d-----w- C:\Program Files (x86)\HP
2012-02-01 05:00:32 -------- d-----w- C:\Program Files\HP
2012-02-01 04:30:03 -------- d-----w- C:\Users\Derek\0absop31.default
2012-01-30 18:03:49 -------- dc----w- C:\Users\Derek\AppData\Local\MigWiz
2012-01-29 21:12:47 -------- d-----w- C:\Users\Derek\AppData\Roaming\MusicBrainz
2012-01-29 21:11:18 -------- d-----w- C:\Program Files (x86)\MusicBrainz Picard
2012-01-29 04:33:47 -------- d-----w- C:\Windows\SolidWorks
2012-01-29 02:10:47 -------- d-----w- C:\Users\Derek\AppData\Local\Orzeszek
2012-01-29 00:57:19 -------- d-----r- C:\Sandbox
2012-01-29 00:56:22 -------- d-----w- C:\Program Files\Sandboxie
2012-01-29 00:11:42 680960 ----a-w- C:\Windows\System32\termsrv.dll.7601.1130.bak
2012-01-28 21:32:16 -------- d-----w- C:\Program Files\iPod
2012-01-28 21:32:15 -------- d-----w- C:\Program Files\iTunes
2012-01-28 21:32:15 -------- d-----w- C:\Program Files (x86)\iTunes
2012-01-28 21:31:22 -------- d-----w- C:\Program Files\Bonjour
2012-01-28 21:31:22 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-01-28 20:37:52 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-01-25 21:48:34 -------- d-----w- C:\Program Files (x86)\ASRock Utility
2012-01-22 22:10:17 -------- d-----w- C:\Users\Derek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-22 22:10:17 -------- d-----w- C:\Users\Derek\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-01-22 21:45:22 -------- d-----w- C:\Users\Derek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-18 06:38:32 -------- d-----w- C:\Program Files (x86)\EAGLE-6.1.0
2012-01-18 06:38:25 -------- d-----w- C:\Users\Derek\AppData\Roaming\CadSoft
2012-01-17 18:14:33 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-01-17 18:13:54 -------- d-----w- C:\Users\Derek\AppData\Roaming\Autodesk
2012-01-17 18:13:54 -------- d-----w- C:\Users\Derek\AppData\Local\Autodesk
2012-01-17 18:13:54 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-01-17 18:13:54 -------- d-----w- C:\Program Files\AutoCAD 2010
2012-01-17 18:12:26 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-01-17 18:12:26 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-01-17 17:58:37 304128 ----a-w- C:\Windows\IsUninst.exe
2012-01-17 17:47:51 -------- d-----w- C:\Users\Derek\AppData\Local\National Instruments
2012-01-17 09:52:55 -------- d-----w- C:\Users\Derek\AppData\Roaming\National Instruments
2012-01-17 09:50:38 -------- d-----w- C:\Program Files (x86)\HI-TECH Software
2012-01-17 09:49:48 557328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\dao\dao360.dll
2012-01-17 09:48:42 -------- d-----w- C:\Program Files\National Instruments
2012-01-17 09:48:27 -------- d-----w- C:\Windows\SysWow64\cvirte
2012-01-17 09:48:27 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2012-01-17 09:48:02 -------- d-----w- C:\Program Files (x86)\National Instruments
2012-01-17 09:46:45 -------- d-----w- C:\ProgramData\National Instruments
2012-01-12 01:18:05 -------- d-----w- C:\Users\Derek\.VirtualBox
2012-01-12 01:17:21 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2012-01-12 01:17:15 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2012-01-12 01:17:12 -------- d-----w- C:\Program Files\Oracle
2012-01-12 01:00:04 -------- d-----w- C:\Program Files (x86)\Input Director
2012-01-11 18:49:50 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 18:49:50 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 18:49:50 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 18:49:50 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 18:49:43 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 18:49:43 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 18:49:38 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 18:49:38 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 05:56:22 -------- d-----w- C:\Program Files\Synergy
2012-01-10 05:55:23 -------- d-----w- C:\Users\Derek\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-01-10 05:54:20 -------- d-----w- C:\Users\Derek\AppData\Local\Htc
2012-01-10 05:53:46 -------- d-----w- C:\Users\Derek\AppData\Roaming\HTC
2012-01-10 04:20:25 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2012-01-09 23:09:50 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-09 23:09:50 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-01-09 23:09:50 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-01-09 23:09:50 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-01-09 23:09:50 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
.
==================== Find3M ====================
.
2012-01-30 02:33:34 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-30 02:33:27 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-01-30 02:33:25 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-12-19 19:45:22 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-12-19 19:43:54 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
2011-12-19 19:43:54 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-06 04:04:06 69632 ----a-w- C:\Windows\System32\OpenVideo64.dll
2011-12-06 04:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-06 04:03:54 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-12-06 04:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-12-06 04:03:42 17580544 ----a-w- C:\Windows\System32\amdocl64.dll
2011-12-06 04:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\System32\atio6axx.dll
2011-12-06 03:17:50 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 933888 ----a-w- C:\Windows\System32\aticfx64.dll
2011-12-06 03:12:52 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-12-06 03:12:36 494080 ----a-w- C:\Windows\System32\atieclxx.exe
2011-12-06 03:11:56 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-12-06 03:10:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-12-06 03:10:20 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-12-06 03:09:50 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\System32\atidxx64.dll
2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-12-06 02:34:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-12-06 02:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-12-06 02:13:02 509952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-12-06 02:12:30 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 327168 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-12-06 02:11:24 42496 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-12-06 02:10:48 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-21 21:44:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-17 06:49:14 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43 459232 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 06:35:26 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 06:35:25 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 06:35:19 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:35:02 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-15 23:58:56 146432 ----a-w- C:\Windows\System32\SlotMaximizerAg.dll
2011-11-15 23:58:54 3507712 ----a-w- C:\Windows\System32\SlotMaximizerBe.dll
2011-11-15 23:57:06 2463744 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 23:57:02 122880 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
2011-11-15 20:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-12 21:39:09 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
.
============= FINISH: 0:26:53.34 ===============

Quote

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 5/3/2011 12:48:33 AM
System Uptime: 2/5/2012 10:36:38 PM (2 hours ago)
.
Motherboard: ASRock | | P43DE
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPUSocket | 3205/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 172 GiB total, 92.924 GiB free.
E: is FIXED (NTFS) - 760 GiB total, 426.89 GiB free.
F: is CDROM ()
H: is Removable
I: is FIXED (NTFS) - 12 GiB total, 3.956 GiB free.
J: is FIXED (NTFS) - 454 GiB total, 64.035 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP164: 2/1/2012 5:00:58 PM - Removed service pack backup files
RP165: 2/1/2012 8:49:18 PM - Removed HP Update.
RP166: 2/2/2012 2:19:23 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
RP167: 2/2/2012 2:20:04 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
RP168: 2/2/2012 3:07:47 PM - Installed Nuance PaperPort 14.
RP169: 2/2/2012 3:10:02 PM - Installed PaperPort Image Printer 64-bit.
RP170: 2/2/2012 4:04:04 PM - Windows Update
RP171: 2/4/2012 4:58:33 PM - Windows Update
RP172: 2/5/2012 3:48:46 PM - Installed HiJackThis
RP173: 2/5/2012 4:37:50 PM - Installed Ad-Aware
RP174: 2/5/2012 5:00:34 PM - Installed Ad-Aware
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Ad-Aware
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Community Help
Adobe Photoshop CS5.1
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
ASRock OC Tuner v2.2.99
Audacity 1.3.14 (Unicode)
Autodesk Design Review 2010
Battlefield 3™
Battlelog Web Plugins
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Combined Community Codec Pack 2011-11-11
ConvertHelper 2.2
Creative ALchemy
Creative Audio Control Panel
Creative Console Launcher
Creative Sound Blaster Properties x64 Edition
D3DX10
DiRT 3
EAGLE 6.1.0
EASEUS Data Recovery Wizard Professional 5.5.1
EASEUS Partition Master 9.0.0 Home Edition
EASEUS Partition Recovery 5.0.1
ESN Sonar
Fences
ffdshow [rev 3154] [2009-12-09]
FFmpeg v0.6.2 for Audacity
Fresh Kitchen
FrostWire 5.2.11
Google Chrome
Google SketchUp 8
HD Tune 2.55
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
HiJackThis
HP USB Disk Storage Format Tool
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
HydraVision
Input Director v1.3 BETA
Internet TV for Windows Media Center
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 26
Java™ 7
Java™ SE Development Kit 7
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
LastPass (uninstall only)
Learning Essentials for Microsoft Office
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Math
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MIKSOFT Mobile Media Converter
Mozilla Firefox 9.0.1 (x86 en-US)
Mozilla Thunderbird 9.0.1 (x86 en-US)
MP3MyMP3 3.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MusicBrainz Picard
MusicBridge
National Instruments Software
NI Circuit Design Suite 11.0 Core
NI Circuit Design Suite 11.0 Pro
NI Circuit Design Suite 11.0 Pro Licenses
NI EULA Depot
NI Example Finder 9.0
NI Help Assistant
NI LabVIEW Real-Time NBFifo
NI LabVIEW Run-Time Engine 2009
NI LabVIEW Run-Time Engine 8.6.1
NI LabVIEW Run-Time Engine Interop 2009
NI LabVIEW Run-Time Engine Web Services
NI LabVIEW Web Server for Run-Time Engine
NI LabVIEW Web Services Runtime
NI LabWindows/CVI 9.0.1 Run-Time Engine
NI License Manager
NI Logos 5.1
NI Logos XT Support
NI Math Kernel Libraries
NI MDF Support
NI MetaSuite Installer
NI Service Locator
NI TDMS
NI Trace Engine
NI Uninstaller
NI Update Service 1.0
NI Update Service Extras 1.0
NI USI 1.7.0
NI VC2005MSMs x86
NI VC2008MSMs x86
NI Web Pipeline 2.0.1
Nuance PaperPort 14
OJOsoft Total Video Converter
OpenAL
Origin
PDF Settings CS5
Picasa 3
Platform
PlayOn
PunkBuster Services
QuickTime
Rage
Rapture3D 2.4.8 Game
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SpeedFan (remove only)
Spybot - Search & Destroy
Steam
swMSM
System Requirements Lab CYRI
TeamSpeak 3 Client
TI Connect 1.6
TI NoteFolio Creator
TI StudyCards Creator
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VIA Platform Device Manager
VLC media player 1.1.11
vReveal
WinCDEmu
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xfire (remove only)
Yahoo! Detect
Yammm
.
==== Event Viewer Messages From Past Week ========
.
2/5/2012 10:39:13 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/5/2012 10:39:13 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
2/5/2012 10:38:10 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/4/2012 4:12:43 PM, Error: TermDD [56] - The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: fe80:0000:0000:0000:44e7:e167:4645:d521.
2/1/2012 5:35:57 PM, Error: Microsoft-Windows-WMPNSS-Service [14356] - A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service.
2/1/2012 5:35:57 PM, Error: Microsoft-Windows-WMPNSS-Service [14348] - A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on.
2/1/2012 5:35:57 PM, Error: Microsoft-Windows-WMPNSS-Service [14323] - Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d36b0'. If possible, reinstall Windows Media Player.
2/1/2012 5:35:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
2/1/2012 5:35:40 PM, Error: Service Control Manager [7023] - The Software Protection service terminated with the following error: The system cannot find the file specified.
2/1/2012 5:35:35 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
2/1/2012 5:35:35 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
2/1/2012 1:47:24 AM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
1/31/2012 4:50:12 PM, Error: Microsoft-Windows-DistributedCOM [10006] - DCOM got error "2147944122" from the computer CLIFF-HP when attempting to activate the server: {5A5AA0AA-1DEB-4683-96B0-B43301E83971}
.
==== End Of File ===========================

#4 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 February 2012 - 01:49 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1

Link 2

Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

<-- Don't worry every little bit helps.

#5 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 02:32 AM

Still getting the captcha, I don't know about the printer. That would take about an hour to install and check.

[quo]ComboFix 12-02-05.02 - Derek 02/06/2012 1:13.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5180 [GMT -6:00]
Running from: c:\users\Derek\Desktop\fix\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Derek\AppData\Roaming\Bitcoin
c:\users\Derek\AppData\Roaming\Bitcoin\.lock
c:\users\Derek\AppData\Roaming\Bitcoin\__db.001
c:\users\Derek\AppData\Roaming\Bitcoin\__db.002
c:\users\Derek\AppData\Roaming\Bitcoin\__db.003
c:\users\Derek\AppData\Roaming\Bitcoin\__db.004
c:\users\Derek\AppData\Roaming\Bitcoin\__db.005
c:\users\Derek\AppData\Roaming\Bitcoin\__db.006
c:\users\Derek\AppData\Roaming\Bitcoin\addr.dat
c:\users\Derek\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Derek\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Derek\AppData\Roaming\Bitcoin\database\log.0000000026
c:\users\Derek\AppData\Roaming\Bitcoin\db.log
c:\users\Derek\AppData\Roaming\Bitcoin\debug.log
c:\users\Derek\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Derek\AppData\Roaming\Microsoft\~DFK13d6b395.tmp
c:\users\Derek\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Derek\AppData\Roaming\Microsoft\bass.dll
c:\users\Derek\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Derek\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Derek\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Derek\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Derek\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\SysWow64\SET3B1B.tmp
c:\windows\SysWow64\SET3F97.tmp
c:\windows\SysWow64\SET4099.tmp
c:\windows\SysWow64\tmp9580.tmp
c:\windows\SysWow64\tmp9581.tmp
c:\windows\SysWow64\tmpAB49.tmp
c:\windows\SysWow64\tmpAB4A.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-06 to 2012-02-06 )))))))))))))))))))))))))))))))
.
.
2012-02-06 07:08 . 2012-02-06 07:08 -------- d-----w- c:\users\Derek\AppData\Local\Sunbelt Software
2012-02-06 06:20 . 2012-02-06 06:20 -------- d-----w- c:\users\Derek\AppData\Local\Apps
2012-02-06 01:34 . 2012-02-05 23:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-05 23:07 . 2012-02-05 23:07 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-05 23:00 . 2011-11-03 18:06 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-05 23:00 . 2012-02-05 23:00 -------- d-----w- c:\programdata\Lavasoft
2012-02-05 23:00 . 2012-02-05 23:00 -------- d-----w- c:\program files (x86)\Lavasoft
2012-02-05 21:56 . 2012-02-06 04:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-05 21:56 . 2012-02-05 22:01 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-02-05 21:48 . 2012-02-05 21:48 388096 ----a-r- c:\users\Derek\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-05 21:48 . 2012-02-05 21:48 -------- d-----w- c:\program files (x86)\Trend Micro
2012-02-02 23:15 . 2012-02-02 23:16 14522912 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2012-02-02 23:15 . 2012-02-02 23:16 -------- d-----w- c:\program files (x86)\LastPass
2012-02-02 21:10 . 2012-02-02 21:10 -------- d-----w- c:\users\Derek\AppData\Local\OfficeDrop
2012-02-02 21:10 . 2012-02-02 21:10 -------- d-----w- c:\program files\Nuance
2012-02-02 21:09 . 2012-02-02 21:09 -------- d-----w- c:\programdata\Zeon
2012-02-02 21:08 . 2012-02-02 21:08 -------- d-----w- c:\users\Derek\AppData\Roaming\Zeon
2012-02-02 21:08 . 2012-02-02 21:11 -------- d-----w- c:\users\Derek\AppData\Roaming\Nuance
2012-02-02 21:08 . 2012-02-02 21:14 -------- d-----w- c:\users\Derek\AppData\Roaming\.oit
2012-02-02 21:08 . 2012-02-02 21:08 -------- d-----w- c:\programdata\ScanSoft
2012-02-02 21:08 . 2012-02-06 04:17 -------- d-----w- c:\program files (x86)\Nuance
2012-02-02 21:08 . 2012-02-06 04:17 -------- d-----w- c:\program files (x86)\Common Files\ScanSoft Shared
2012-02-02 21:08 . 2012-02-06 04:17 -------- d-----w- c:\programdata\Nuance
2012-02-02 21:08 . 2012-02-02 21:08 -------- d-----w- c:\windows\PIXTRAN
2012-02-02 21:08 . 2012-02-02 21:08 -------- d-----w- c:\programdata\Macrovision
2012-02-01 22:57 . 2012-02-02 04:27 -------- d-----w- c:\windows\twain_32
2012-02-01 22:20 . 2012-02-01 22:20 -------- d-----w- c:\program files (x86)\Ixia
2012-02-01 10:05 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E45A49B4-69AD-4E0B-A7C1-CA4D7AEBE0F3}\mpengine.dll
2012-02-01 07:31 . 2012-02-01 07:31 -------- d-----w- c:\windows\Hewlett-Packard
2012-02-01 07:27 . 2012-02-01 07:27 -------- d-----w- c:\programdata\SSScanAppDataDir
2012-02-01 07:26 . 2012-02-01 07:26 -------- d-----w- c:\programdata\MSScanAppDataDir
2012-02-01 05:02 . 2012-02-01 05:13 -------- d-----w- c:\program files (x86)\Yahoo!
2012-02-01 05:02 . 2012-02-01 05:02 -------- d-----w- c:\users\Derek\AppData\Roaming\Yahoo!
2012-02-01 05:00 . 2012-02-02 04:28 -------- d-----w- c:\program files (x86)\HP
2012-02-01 05:00 . 2012-02-01 05:00 -------- d-----w- c:\program files\HP
2012-02-01 04:30 . 2012-02-01 04:30 -------- d-----w- c:\users\Derek\0absop31.default
2012-01-30 18:03 . 2012-01-30 22:54 -------- dc----w- c:\users\Derek\AppData\Local\MigWiz
2012-01-29 21:12 . 2012-01-29 21:12 -------- d-----w- c:\users\Derek\AppData\Roaming\MusicBrainz
2012-01-29 21:11 . 2012-01-29 21:11 -------- d-----w- c:\program files (x86)\MusicBrainz Picard
2012-01-29 04:33 . 2012-01-29 04:33 -------- d-----w- c:\windows\SolidWorks
2012-01-29 04:33 . 2012-01-29 04:33 -------- d-----w- c:\users\Derek\AppData\Roaming\SolidWorks
2012-01-29 02:10 . 2012-01-29 02:10 -------- d-----w- c:\users\Derek\AppData\Local\Orzeszek
2012-01-29 00:57 . 2012-01-29 00:57 -------- d-----r- C:\Sandbox
2012-01-29 00:56 . 2012-01-29 00:56 -------- d-----w- c:\program files\Sandboxie
2012-01-29 00:11 . 2011-01-26 06:06 680960 ----a-w- c:\windows\system32\termsrv.dll.7601.1130.bak
2012-01-28 21:32 . 2012-01-28 21:32 -------- d-----w- c:\program files\iPod
2012-01-28 21:32 . 2012-01-28 21:32 -------- d-----w- c:\program files\iTunes
2012-01-28 21:32 . 2012-01-28 21:32 -------- d-----w- c:\program files (x86)\iTunes
2012-01-28 21:31 . 2012-01-28 21:31 -------- d-----w- c:\program files\Bonjour
2012-01-28 21:31 . 2012-01-28 21:31 -------- d-----w- c:\program files (x86)\Bonjour
2012-01-28 21:17 . 2012-01-28 23:53 -------- d-----w- c:\users\Laptop
2012-01-28 20:37 . 2012-01-28 20:37 -------- d-----w- c:\programdata\ATI
2012-01-28 20:37 . 2012-01-28 20:37 -------- d-----w- c:\program files (x86)\AMD APP
2012-01-22 22:10 . 2012-01-22 22:10 -------- d-----w- c:\users\Derek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-01-22 22:10 . 2012-01-22 22:10 -------- d-----w- c:\users\Derek\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-01-22 21:45 . 2012-01-22 21:45 -------- d-----w- c:\users\Derek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-01-18 06:38 . 2012-01-18 06:43 -------- d-----w- c:\program files (x86)\EAGLE-6.1.0
2012-01-18 06:38 . 2012-01-18 06:38 -------- d-----w- c:\users\Derek\AppData\Roaming\CadSoft
2012-01-17 18:18 . 2012-02-02 21:08 -------- d-----w- c:\programdata\FLEXnet
2012-01-17 18:14 . 2012-01-17 18:14 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-01-17 18:13 . 2012-01-17 18:23 -------- d-----w- c:\users\Derek\AppData\Roaming\Autodesk
2012-01-17 18:13 . 2012-01-17 18:23 -------- d-----w- c:\users\Derek\AppData\Local\Autodesk
2012-01-17 18:13 . 2012-01-17 18:23 -------- d-----w- c:\programdata\Autodesk
2012-01-17 18:13 . 2012-01-17 18:14 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-01-17 18:13 . 2012-01-17 18:14 -------- d-----w- c:\program files\AutoCAD 2010
2012-01-17 18:12 . 2012-01-17 18:14 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-01-17 18:12 . 2012-01-17 18:12 -------- d-----w- c:\program files (x86)\Autodesk
2012-01-17 17:58 . 1998-01-23 19:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-01-17 17:55 . 2012-01-17 17:56 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-17 17:47 . 2012-01-17 17:48 -------- d-----w- c:\users\Derek\AppData\Local\National Instruments
2012-01-17 09:52 . 2012-01-17 09:52 -------- d-----w- c:\users\Derek\AppData\Roaming\National Instruments
2012-01-17 09:50 . 2012-01-17 09:50 -------- d-----w- c:\program files (x86)\HI-TECH Software
2012-01-17 09:49 . 2000-01-29 00:17 557328 ----a-w- c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2012-01-17 09:48 . 2012-01-17 09:48 -------- d-----w- c:\program files\National Instruments
2012-01-17 09:48 . 2012-01-17 09:50 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-01-17 09:48 . 2012-01-17 09:48 -------- d-----w- c:\windows\SysWow64\cvirte
2012-01-17 09:48 . 2012-01-17 09:50 -------- d-----w- c:\program files (x86)\National Instruments
2012-01-17 09:46 . 2012-01-17 17:47 -------- d-----w- c:\programdata\National Instruments
2012-01-12 01:18 . 2012-01-19 01:13 -------- d-----w- c:\users\Derek\.VirtualBox
2012-01-12 01:17 . 2011-12-19 19:45 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-01-12 01:17 . 2011-12-19 19:45 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-01-12 01:17 . 2012-01-12 01:17 -------- d-----w- c:\program files\Oracle
2012-01-12 01:00 . 2012-01-12 01:00 -------- d-----w- c:\program files (x86)\Input Director
2012-01-11 18:49 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 18:49 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 18:49 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 18:49 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 18:49 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 18:49 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 18:49 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 18:49 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-10 05:54 . 2012-01-12 01:27 -------- d-----w- c:\users\Derek\AppData\Local\Htc
2012-01-10 05:53 . 2012-01-10 05:54 -------- d-----w- c:\users\Derek\AppData\Roaming\HTC
2012-01-10 05:52 . 2012-01-10 05:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-01-10 04:20 . 2012-01-10 04:20 -------- d-----w- c:\program files (x86)\Spirent Communications
2012-01-09 23:09 . 2002-07-25 22:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-01-09 23:09 . 2001-09-05 10:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-01-09 23:09 . 2001-09-05 10:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-01-09 23:09 . 2001-09-05 10:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-01-09 23:09 . 2001-09-05 10:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 02:33 . 2011-11-07 20:03 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-01-30 02:33 . 2011-11-07 20:03 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-01-30 02:33 . 2011-11-07 20:03 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-12-19 19:45 . 2011-12-19 19:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 19:43 . 2011-12-19 19:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 19:43 . 2011-12-19 19:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-15 08:11 . 2011-12-15 08:11 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-13 19:41 . 2011-12-13 19:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-13 19:40 . 2011-12-13 19:40 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-13 19:39 . 2011-12-13 19:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-13 19:39 . 2011-12-13 19:39 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 21:24 . 2011-05-03 06:49 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 04:04 . 2011-12-06 04:04 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2011-12-06 04:04 . 2011-12-06 04:04 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2011-12-06 04:03 . 2011-12-06 04:03 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-12-06 04:03 . 2011-12-06 04:03 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-12-06 04:03 . 2011-12-06 04:03 17580544 ----a-w- c:\windows\system32\amdocl64.dll
2011-12-06 04:03 . 2011-12-06 04:03 14499328 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:\windows\system32\atio6axx.dll
2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-12-06 03:17 . 2011-04-06 02:03 778752 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-12-06 03:16 . 2011-04-06 02:02 933888 ----a-w- c:\windows\system32\aticfx64.dll
2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:\windows\system32\atieclxx.exe
2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-12-06 03:06 . 2011-05-25 02:58 6159872 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-12-06 02:51 . 2009-07-13 21:59 7520768 ----a-w- c:\windows\system32\atidxx64.dll
2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:\windows\system32\atiumd6a.dll
2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:\windows\system32\aticaldd64.dll
2011-12-06 02:33 . 2011-10-26 01:35 5919232 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-12-06 02:28 . 2011-10-26 01:32 4206592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-12-06 02:24 . 2011-12-06 02:24 7511040 ----a-w- c:\windows\system32\atiumd64.dll
2011-12-06 02:18 . 2011-04-06 01:28 58880 ----a-w- c:\windows\system32\coinst.dll
2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:\windows\system32\atiadlxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-12-06 02:11 . 2011-04-06 01:20 42496 ----a-w- c:\windows\system32\atiuxp64.dll
2011-12-06 02:11 . 2011-05-25 02:24 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-12-06 02:11 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2011-12-06 02:11 . 2011-10-26 01:20 29696 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-24 04:52 . 2011-12-14 05:36 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 21:44 . 2011-05-17 20:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 23:58 . 2011-11-15 23:58 146432 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-11-15 23:58 . 2011-11-15 23:58 3507712 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-11-15 23:57 . 2011-11-15 23:57 2463744 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 23:57 . 2011-11-15 23:57 122880 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2011-11-15 20:29 . 2011-05-03 04:23 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-12 21:39 . 2011-11-07 20:34 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2010-11-20 . E573BD9AB55C8E333C202B9E255F972E . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-02-25 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2009-07-14 . 0F05EC2887BFE197AD82A13287D2F404 . 706560 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7600.16385_none_ea94336f6df51e09\termsrv.dll
[-] 2011-02-25 . E589BCD6041786C5E38E2D223C24C193 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[-] 2011-05-16 . 2C9CC9F492CA596B1B9FC1AE5E916356 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe" [2010-11-20 1174016]
"PlayOn"="c:\program files (x86)\MediaMall\PlayOn.exe" [2012-01-24 53248]
"InputDirector"="c:\program files (x86)\Input Director\InputDirector.exe" [2011-12-15 593920]
"2C628806C8122DE3602F3FBE803DEA7C493D935E._service_run"="c:\users\Derek\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-01-20 1047024]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-06 343168]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
.
c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-2-2 14522912]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-2-2 14522912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 InputDirector;Input Director Service;c:\program files (x86)\Input Director\IDWinService.exe [2011-12-15 36864]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 AsrOcDrv;AsrOcDrv;c:\windows\SysWOW64\Drivers\AsrOcDrv.sys [x]
R3 atillk64;atillk64;e:\apps+programs\LowLevel\atillk64.sys [2006-07-20 14608]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 IDVistaService;Input Director Vista Service;c:\program files (x86)\Input Director\IDVistaService.exe [2010-07-21 13824]
R3 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-26 16776]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-03 79360]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-03 79360]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-17 1030600]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-01-24 5154680]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-08-13 138600]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 YammmSvc;Yet Another Media Meta Manager;c:\program files (x86)\Yammm\YammmSvc.exe [2010-08-03 14336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3658522930-349798691-2258556366-1001Core.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 20:36]
.
2012-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3658522930-349798691-2258556366-1001UA.job
- c:\users\Derek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-26 20:36]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2009-10-02 134656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files (x86)\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 8.8.8.8 192.168.254.254
FF - ProfilePath - c:\users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-06 01:19:52
ComboFix-quarantined-files.txt 2012-02-06 07:19
.
Pre-Run: 99,340,746,752 bytes free
Post-Run: 99,058,020,352 bytes free
.
- - End Of File - - 2FF952E6EAF87B5C168A07A5A43B5955[/quote]

This post has been edited by gringo_pr: 06 February 2012 - 02:39 AM

#6 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 February 2012 - 02:39 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

<-- Don't worry every little bit helps.

#7 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 03:09 AM

I haven't done what you asked in your latest post yet, but this just happened while watching Superbowl ads. Posted Image

This post has been edited by DerekZ10: 06 February 2012 - 03:10 AM

#8 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 February 2012 - 03:12 AM

go ahead and run tdsskiller and lets see if it keeps happening

gringo

<-- Don't worry every little bit helps.

#9 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 03:16 AM

02:14:36.0422 4124 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
02:14:37.0079 4124 ============================================================
02:14:37.0079 4124 Current date / time: 2012/02/06 02:14:37.0079
02:14:37.0079 4124 SystemInfo:
02:14:37.0079 4124
02:14:37.0079 4124 OS Version: 6.1.7601 ServicePack: 1.0
02:14:37.0079 4124 Product type: Workstation
02:14:37.0079 4124 ComputerName: DEREK-PC
02:14:37.0079 4124 UserName: Derek
02:14:37.0079 4124 Windows directory: C:\Windows
02:14:37.0079 4124 System windows directory: C:\Windows
02:14:37.0079 4124 Running under WOW64
02:14:37.0079 4124 Processor architecture: Intel x64
02:14:37.0079 4124 Number of processors: 4
02:14:37.0079 4124 Page size: 0x1000
02:14:37.0079 4124 Boot type: Normal boot
02:14:37.0079 4124 ============================================================
02:14:38.0000 4124 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:14:38.0000 4124 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:14:38.0016 4124 Drive \Device\Harddisk2\DR2 - Size: 0xF2BFFE00 (3.79 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:14:38.0016 4124 \Device\Harddisk0\DR0:
02:14:38.0016 4124 MBR used
02:14:38.0016 4124 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1816800
02:14:38.0016 4124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1817000, BlocksNum 0x38B6D000
02:14:38.0016 4124 \Device\Harddisk1\DR1:
02:14:38.0016 4124 MBR used
02:14:38.0016 4124 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
02:14:38.0016 4124 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1576F800
02:14:38.0016 4124 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x157A3000, BlocksNum 0x5EF63000
02:14:38.0016 4124 \Device\Harddisk2\DR2:
02:14:38.0032 4124 MBR used
02:14:38.0032 4124 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x80, BlocksNum 0x795000
02:14:38.0172 4124 Initialize success
02:14:38.0172 4124 ============================================================
02:14:54.0537 4168 ============================================================
02:14:54.0537 4168 Scan started
02:14:54.0537 4168 Mode: Manual;
02:14:54.0537 4168 ============================================================
02:14:55.0318 4168 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
02:14:55.0318 4168 1394ohci - ok
02:14:55.0333 4168 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
02:14:55.0333 4168 ACPI - ok
02:14:55.0365 4168 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
02:14:55.0365 4168 AcpiPmi - ok
02:14:55.0412 4168 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
02:14:55.0427 4168 adp94xx - ok
02:14:55.0427 4168 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
02:14:55.0427 4168 adpahci - ok
02:14:55.0443 4168 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
02:14:55.0443 4168 adpu320 - ok
02:14:55.0490 4168 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
02:14:55.0490 4168 AFD - ok
02:14:55.0505 4168 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
02:14:55.0505 4168 agp440 - ok
02:14:55.0521 4168 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
02:14:55.0521 4168 aliide - ok
02:14:55.0552 4168 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
02:14:55.0552 4168 amdide - ok
02:14:55.0583 4168 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
02:14:55.0583 4168 AmdK8 - ok
02:14:55.0740 4168 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
02:14:55.0787 4168 amdkmdag - ok
02:14:55.0818 4168 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
02:14:55.0818 4168 amdkmdap - ok
02:14:55.0818 4168 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
02:14:55.0818 4168 AmdPPM - ok
02:14:55.0833 4168 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
02:14:55.0833 4168 amdsata - ok
02:14:55.0849 4168 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
02:14:55.0849 4168 amdsbs - ok
02:14:55.0880 4168 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
02:14:55.0880 4168 amdxata - ok
02:14:55.0927 4168 androidusb (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\androidusb.sys
02:14:55.0927 4168 androidusb - ok
02:14:56.0052 4168 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
02:14:56.0052 4168 AppID - ok
02:14:56.0083 4168 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
02:14:56.0083 4168 arc - ok
02:14:56.0099 4168 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
02:14:56.0099 4168 arcsas - ok
02:14:56.0177 4168 AsrOcDrv - ok
02:14:56.0208 4168 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
02:14:56.0208 4168 AsyncMac - ok
02:14:56.0224 4168 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
02:14:56.0224 4168 atapi - ok
02:14:56.0287 4168 AtiHDAudioService (230cf51113cd4b830b3bfd09b0d4c066) C:\Windows\system32\drivers\AtihdW76.sys
02:14:56.0287 4168 AtiHDAudioService - ok
02:14:56.0396 4168 atikmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
02:14:56.0443 4168 atikmdag - ok
02:14:56.0521 4168 atillk64 (26d973d6d9a0d133dfda7d8c1adc04b7) E:\Apps+Programs\LowLevel\atillk64.sys
02:14:56.0521 4168 atillk64 - ok
02:14:56.0583 4168 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
02:14:56.0583 4168 b06bdrv - ok
02:14:56.0599 4168 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
02:14:56.0599 4168 b57nd60a - ok
02:14:56.0630 4168 BazisVirtualCDBus (c804993f75ffb480827a2ad40b73200f) C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
02:14:56.0630 4168 BazisVirtualCDBus - ok
02:14:56.0646 4168 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
02:14:56.0646 4168 Beep - ok
02:14:56.0693 4168 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
02:14:56.0693 4168 blbdrive - ok
02:14:56.0724 4168 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
02:14:56.0724 4168 bowser - ok
02:14:56.0740 4168 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
02:14:56.0740 4168 BrFiltLo - ok
02:14:56.0740 4168 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
02:14:56.0740 4168 BrFiltUp - ok
02:14:56.0755 4168 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
02:14:56.0755 4168 BridgeMP - ok
02:14:56.0787 4168 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
02:14:56.0787 4168 Brserid - ok
02:14:56.0787 4168 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
02:14:56.0787 4168 BrSerWdm - ok
02:14:56.0802 4168 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
02:14:56.0802 4168 BrUsbMdm - ok
02:14:56.0802 4168 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
02:14:56.0802 4168 BrUsbSer - ok
02:14:56.0818 4168 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
02:14:56.0818 4168 BTHMODEM - ok
02:14:56.0833 4168 catchme - ok
02:14:56.0865 4168 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
02:14:56.0865 4168 cdfs - ok
02:14:56.0896 4168 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
02:14:56.0896 4168 cdrom - ok
02:14:56.0927 4168 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
02:14:56.0927 4168 circlass - ok
02:14:56.0943 4168 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
02:14:56.0943 4168 CLFS - ok
02:14:56.0990 4168 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
02:14:56.0990 4168 CmBatt - ok
02:14:57.0005 4168 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
02:14:57.0005 4168 cmdide - ok
02:14:57.0052 4168 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
02:14:57.0052 4168 CNG - ok
02:14:57.0083 4168 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
02:14:57.0083 4168 Compbatt - ok
02:14:57.0130 4168 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
02:14:57.0130 4168 CompositeBus - ok
02:14:57.0130 4168 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
02:14:57.0130 4168 crcdisk - ok
02:14:57.0193 4168 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
02:14:57.0208 4168 CSC - ok
02:14:57.0240 4168 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
02:14:57.0240 4168 CT20XUT - ok
02:14:57.0255 4168 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
02:14:57.0255 4168 CT20XUT.SYS - ok
02:14:57.0287 4168 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
02:14:57.0287 4168 ctac32k - ok
02:14:57.0318 4168 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
02:14:57.0318 4168 ctaud2k - ok
02:14:57.0349 4168 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
02:14:57.0365 4168 CTEXFIFX - ok
02:14:57.0380 4168 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
02:14:57.0380 4168 CTEXFIFX.SYS - ok
02:14:57.0412 4168 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
02:14:57.0412 4168 CTHWIUT - ok
02:14:57.0412 4168 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
02:14:57.0412 4168 CTHWIUT.SYS - ok
02:14:57.0427 4168 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
02:14:57.0427 4168 ctprxy2k - ok
02:14:57.0427 4168 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
02:14:57.0427 4168 ctsfm2k - ok
02:14:57.0474 4168 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
02:14:57.0474 4168 DfsC - ok
02:14:57.0474 4168 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
02:14:57.0474 4168 discache - ok
02:14:57.0505 4168 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
02:14:57.0505 4168 Disk - ok
02:14:57.0537 4168 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
02:14:57.0537 4168 drmkaud - ok
02:14:57.0568 4168 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
02:14:57.0568 4168 DXGKrnl - ok
02:14:57.0630 4168 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
02:14:57.0646 4168 ebdrv - ok
02:14:57.0693 4168 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
02:14:57.0693 4168 elxstor - ok
02:14:57.0724 4168 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
02:14:57.0724 4168 emupia - ok
02:14:57.0755 4168 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
02:14:57.0755 4168 epmntdrv - ok
02:14:57.0787 4168 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
02:14:57.0787 4168 ErrDev - ok
02:14:57.0833 4168 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
02:14:57.0833 4168 EuGdiDrv - ok
02:14:57.0833 4168 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
02:14:57.0833 4168 exfat - ok
02:14:57.0849 4168 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
02:14:57.0865 4168 fastfat - ok
02:14:57.0880 4168 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
02:14:57.0880 4168 fdc - ok
02:14:57.0896 4168 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
02:14:57.0896 4168 FileInfo - ok
02:14:57.0896 4168 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
02:14:57.0896 4168 Filetrace - ok
02:14:57.0912 4168 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
02:14:57.0912 4168 flpydisk - ok
02:14:57.0943 4168 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
02:14:57.0958 4168 FltMgr - ok
02:14:57.0958 4168 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
02:14:57.0958 4168 FsDepends - ok
02:14:57.0974 4168 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
02:14:57.0974 4168 Fs_Rec - ok
02:14:58.0021 4168 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
02:14:58.0021 4168 fvevol - ok
02:14:58.0052 4168 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
02:14:58.0052 4168 gagp30kx - ok
02:14:58.0068 4168 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
02:14:58.0068 4168 GEARAspiWDM - ok
02:14:58.0115 4168 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
02:14:58.0130 4168 ha20x2k - ok
02:14:58.0130 4168 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
02:14:58.0130 4168 hcw85cir - ok
02:14:58.0177 4168 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
02:14:58.0177 4168 HdAudAddService - ok
02:14:58.0193 4168 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
02:14:58.0193 4168 HDAudBus - ok
02:14:58.0208 4168 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
02:14:58.0208 4168 HidBatt - ok
02:14:58.0224 4168 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
02:14:58.0224 4168 HidBth - ok
02:14:58.0240 4168 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
02:14:58.0240 4168 HidIr - ok
02:14:58.0255 4168 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
02:14:58.0255 4168 HidUsb - ok
02:14:58.0302 4168 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
02:14:58.0302 4168 HpSAMD - ok
02:14:58.0333 4168 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
02:14:58.0333 4168 HTCAND64 - ok
02:14:58.0365 4168 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
02:14:58.0365 4168 htcnprot - ok
02:14:58.0412 4168 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
02:14:58.0412 4168 HTTP - ok
02:14:58.0443 4168 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
02:14:58.0443 4168 hwpolicy - ok
02:14:58.0474 4168 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
02:14:58.0474 4168 i8042prt - ok
02:14:58.0521 4168 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
02:14:58.0521 4168 iaStorV - ok
02:14:58.0537 4168 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
02:14:58.0537 4168 iirsp - ok
02:14:58.0568 4168 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
02:14:58.0568 4168 intelide - ok
02:14:58.0583 4168 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
02:14:58.0599 4168 intelppm - ok
02:14:58.0615 4168 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
02:14:58.0615 4168 IpFilterDriver - ok
02:14:58.0630 4168 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
02:14:58.0630 4168 IPMIDRV - ok
02:14:58.0662 4168 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
02:14:58.0662 4168 IPNAT - ok
02:14:58.0693 4168 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
02:14:58.0693 4168 irda - ok
02:14:58.0693 4168 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
02:14:58.0693 4168 IRENUM - ok
02:14:58.0724 4168 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
02:14:58.0724 4168 irsir - ok
02:14:58.0740 4168 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
02:14:58.0740 4168 isapnp - ok
02:14:58.0771 4168 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
02:14:58.0771 4168 iScsiPrt - ok
02:14:58.0787 4168 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
02:14:58.0787 4168 kbdclass - ok
02:14:58.0802 4168 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
02:14:58.0802 4168 kbdhid - ok
02:14:58.0833 4168 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
02:14:58.0833 4168 KSecDD - ok
02:14:58.0849 4168 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
02:14:58.0849 4168 KSecPkg - ok
02:14:58.0865 4168 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
02:14:58.0865 4168 ksthunk - ok
02:14:58.0927 4168 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
02:14:58.0927 4168 Lbd - ok
02:14:58.0958 4168 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
02:14:58.0958 4168 lltdio - ok
02:14:58.0990 4168 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
02:14:58.0990 4168 LSI_FC - ok
02:14:58.0990 4168 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
02:14:58.0990 4168 LSI_SAS - ok
02:14:59.0005 4168 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
02:14:59.0005 4168 LSI_SAS2 - ok
02:14:59.0021 4168 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
02:14:59.0021 4168 LSI_SCSI - ok
02:14:59.0037 4168 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
02:14:59.0037 4168 luafv - ok
02:14:59.0083 4168 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
02:14:59.0083 4168 megasas - ok
02:14:59.0099 4168 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
02:14:59.0115 4168 MegaSR - ok
02:14:59.0115 4168 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
02:14:59.0115 4168 Modem - ok
02:14:59.0146 4168 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
02:14:59.0146 4168 monitor - ok
02:14:59.0162 4168 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
02:14:59.0162 4168 mouclass - ok
02:14:59.0193 4168 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
02:14:59.0193 4168 mouhid - ok
02:14:59.0240 4168 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
02:14:59.0240 4168 mountmgr - ok
02:14:59.0271 4168 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
02:14:59.0271 4168 mpio - ok
02:14:59.0287 4168 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
02:14:59.0287 4168 mpsdrv - ok
02:14:59.0333 4168 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
02:14:59.0333 4168 MRxDAV - ok
02:14:59.0365 4168 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
02:14:59.0365 4168 mrxsmb - ok
02:14:59.0412 4168 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
02:14:59.0412 4168 mrxsmb10 - ok
02:14:59.0427 4168 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
02:14:59.0427 4168 mrxsmb20 - ok
02:14:59.0443 4168 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
02:14:59.0443 4168 msahci - ok
02:14:59.0458 4168 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
02:14:59.0458 4168 msdsm - ok
02:14:59.0474 4168 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
02:14:59.0474 4168 Msfs - ok
02:14:59.0490 4168 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
02:14:59.0490 4168 mshidkmdf - ok
02:14:59.0521 4168 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
02:14:59.0521 4168 msisadrv - ok
02:14:59.0552 4168 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
02:14:59.0552 4168 MSKSSRV - ok
02:14:59.0552 4168 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
02:14:59.0552 4168 MSPCLOCK - ok
02:14:59.0568 4168 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
02:14:59.0568 4168 MSPQM - ok
02:14:59.0599 4168 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
02:14:59.0599 4168 MsRPC - ok
02:14:59.0615 4168 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
02:14:59.0615 4168 mssmbios - ok
02:14:59.0630 4168 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
02:14:59.0630 4168 MSTEE - ok
02:14:59.0662 4168 msvad_simple (c83829c280f0207677b7aaa151ef9c4d) C:\Windows\system32\drivers\povrtdev.sys
02:14:59.0662 4168 msvad_simple - ok
02:14:59.0677 4168 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
02:14:59.0677 4168 MTConfig - ok
02:14:59.0693 4168 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
02:14:59.0708 4168 Mup - ok
02:14:59.0740 4168 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
02:14:59.0740 4168 NativeWifiP - ok
02:14:59.0771 4168 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
02:14:59.0787 4168 NDIS - ok
02:14:59.0802 4168 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
02:14:59.0802 4168 NdisCap - ok
02:14:59.0818 4168 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
02:14:59.0818 4168 NdisTapi - ok
02:14:59.0849 4168 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
02:14:59.0849 4168 Ndisuio - ok
02:14:59.0880 4168 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
02:14:59.0880 4168 NdisWan - ok
02:14:59.0912 4168 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
02:14:59.0912 4168 NDProxy - ok
02:14:59.0943 4168 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
02:14:59.0943 4168 NetBIOS - ok
02:14:59.0974 4168 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
02:14:59.0974 4168 NetBT - ok
02:15:00.0052 4168 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
02:15:00.0052 4168 nfrd960 - ok
02:15:00.0083 4168 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
02:15:00.0083 4168 Npfs - ok
02:15:00.0099 4168 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
02:15:00.0099 4168 nsiproxy - ok
02:15:00.0146 4168 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
02:15:00.0146 4168 Ntfs - ok
02:15:00.0162 4168 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
02:15:00.0162 4168 Null - ok
02:15:00.0193 4168 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
02:15:00.0193 4168 nvraid - ok
02:15:00.0240 4168 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
02:15:00.0240 4168 nvstor - ok
02:15:00.0240 4168 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
02:15:00.0255 4168 nv_agp - ok
02:15:00.0271 4168 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
02:15:00.0271 4168 ohci1394 - ok
02:15:00.0302 4168 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
02:15:00.0302 4168 ossrv - ok
02:15:00.0318 4168 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
02:15:00.0318 4168 Parport - ok
02:15:00.0333 4168 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
02:15:00.0333 4168 partmgr - ok
02:15:00.0349 4168 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
02:15:00.0365 4168 pci - ok
02:15:00.0380 4168 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
02:15:00.0380 4168 pciide - ok
02:15:00.0396 4168 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
02:15:00.0396 4168 pcmcia - ok
02:15:00.0412 4168 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
02:15:00.0412 4168 pcw - ok
02:15:00.0443 4168 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
02:15:00.0443 4168 PEAUTH - ok
02:15:00.0505 4168 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
02:15:00.0505 4168 PptpMiniport - ok
02:15:00.0521 4168 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
02:15:00.0521 4168 Processor - ok
02:15:00.0552 4168 prwntdrv (577c79b8f5c6a6925f6ef0ae1b0d4051) C:\Windows\system32\prwntdrv.sys
02:15:00.0552 4168 prwntdrv - ok
02:15:00.0583 4168 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
02:15:00.0583 4168 Psched - ok
02:15:00.0630 4168 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
02:15:00.0630 4168 ql2300 - ok
02:15:00.0646 4168 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
02:15:00.0646 4168 ql40xx - ok
02:15:00.0646 4168 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
02:15:00.0646 4168 QWAVEdrv - ok
02:15:00.0662 4168 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
02:15:00.0662 4168 RasAcd - ok
02:15:00.0693 4168 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
02:15:00.0693 4168 RasAgileVpn - ok
02:15:00.0724 4168 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
02:15:00.0724 4168 Rasl2tp - ok
02:15:00.0740 4168 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
02:15:00.0740 4168 RasPppoe - ok
02:15:00.0755 4168 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
02:15:00.0755 4168 RasSstp - ok
02:15:00.0787 4168 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
02:15:00.0787 4168 rdbss - ok
02:15:00.0802 4168 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
02:15:00.0802 4168 rdpbus - ok
02:15:00.0802 4168 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
02:15:00.0818 4168 RDPCDD - ok
02:15:00.0833 4168 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
02:15:00.0833 4168 RDPDR - ok
02:15:00.0865 4168 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
02:15:00.0865 4168 RDPENCDD - ok
02:15:00.0865 4168 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
02:15:00.0865 4168 RDPREFMP - ok
02:15:00.0896 4168 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
02:15:00.0896 4168 RdpVideoMiniport - ok
02:15:00.0927 4168 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
02:15:00.0927 4168 RDPWD - ok
02:15:00.0958 4168 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
02:15:00.0974 4168 rdyboost - ok
02:15:00.0990 4168 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
02:15:00.0990 4168 rspndr - ok
02:15:01.0052 4168 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
02:15:01.0052 4168 RTL8167 - ok
02:15:01.0052 4168 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
02:15:01.0052 4168 s3cap - ok
02:15:01.0146 4168 SbieDrv (1fc5d553f8ec9779702fb8264863e3a2) C:\Program Files\Sandboxie\SbieDrv.sys
02:15:01.0146 4168 SbieDrv - ok
02:15:01.0177 4168 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
02:15:01.0177 4168 sbp2port - ok
02:15:01.0224 4168 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
02:15:01.0224 4168 scfilter - ok
02:15:01.0255 4168 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
02:15:01.0255 4168 secdrv - ok
02:15:01.0271 4168 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
02:15:01.0271 4168 Serenum - ok
02:15:01.0287 4168 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
02:15:01.0287 4168 Serial - ok
02:15:01.0318 4168 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
02:15:01.0318 4168 sermouse - ok
02:15:01.0349 4168 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
02:15:01.0365 4168 sffdisk - ok
02:15:01.0365 4168 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
02:15:01.0365 4168 sffp_mmc - ok
02:15:01.0380 4168 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
02:15:01.0380 4168 sffp_sd - ok
02:15:01.0412 4168 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
02:15:01.0412 4168 sfloppy - ok
02:15:01.0443 4168 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
02:15:01.0443 4168 SiSRaid2 - ok
02:15:01.0443 4168 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
02:15:01.0443 4168 SiSRaid4 - ok
02:15:01.0458 4168 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
02:15:01.0458 4168 Smb - ok
02:15:01.0474 4168 speedfan - ok
02:15:01.0490 4168 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
02:15:01.0490 4168 spldr - ok
02:15:01.0537 4168 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
02:15:01.0537 4168 srv - ok
02:15:01.0568 4168 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
02:15:01.0568 4168 srv2 - ok
02:15:01.0583 4168 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
02:15:01.0583 4168 srvnet - ok
02:15:01.0599 4168 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
02:15:01.0599 4168 stexstor - ok
02:15:01.0630 4168 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
02:15:01.0630 4168 StillCam - ok
02:15:01.0662 4168 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
02:15:01.0662 4168 storflt - ok
02:15:01.0677 4168 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
02:15:01.0677 4168 storvsc - ok
02:15:01.0708 4168 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
02:15:01.0708 4168 swenum - ok
02:15:01.0755 4168 Synth3dVsc - ok
02:15:01.0802 4168 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
02:15:01.0818 4168 Tcpip - ok
02:15:01.0849 4168 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
02:15:01.0865 4168 TCPIP6 - ok
02:15:01.0896 4168 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
02:15:01.0896 4168 tcpipreg - ok
02:15:01.0912 4168 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
02:15:01.0912 4168 TDPIPE - ok
02:15:01.0927 4168 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
02:15:01.0927 4168 TDTCP - ok
02:15:01.0943 4168 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
02:15:01.0943 4168 tdx - ok
02:15:01.0974 4168 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
02:15:01.0974 4168 TermDD - ok
02:15:02.0005 4168 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
02:15:02.0021 4168 TIEHDUSB - ok
02:15:02.0037 4168 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
02:15:02.0037 4168 tssecsrv - ok
02:15:02.0068 4168 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
02:15:02.0068 4168 TsUsbFlt - ok
02:15:02.0068 4168 tsusbhub - ok
02:15:02.0115 4168 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
02:15:02.0115 4168 tunnel - ok
02:15:02.0130 4168 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
02:15:02.0130 4168 uagp35 - ok
02:15:02.0162 4168 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
02:15:02.0162 4168 udfs - ok
02:15:02.0177 4168 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
02:15:02.0177 4168 uliagpkx - ok
02:15:02.0208 4168 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
02:15:02.0208 4168 umbus - ok
02:15:02.0224 4168 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
02:15:02.0224 4168 UmPass - ok
02:15:02.0271 4168 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
02:15:02.0271 4168 USBAAPL64 - ok
02:15:02.0302 4168 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
02:15:02.0318 4168 usbaudio - ok
02:15:02.0349 4168 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
02:15:02.0349 4168 usbccgp - ok
02:15:02.0380 4168 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
02:15:02.0380 4168 usbcir - ok
02:15:02.0396 4168 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
02:15:02.0396 4168 usbehci - ok
02:15:02.0412 4168 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
02:15:02.0412 4168 usbhub - ok
02:15:02.0427 4168 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
02:15:02.0427 4168 usbohci - ok
02:15:02.0474 4168 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
02:15:02.0474 4168 usbprint - ok
02:15:02.0490 4168 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
02:15:02.0490 4168 USBSTOR - ok
02:15:02.0505 4168 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
02:15:02.0505 4168 usbuhci - ok
02:15:02.0552 4168 VBoxNetAdp (8acf22b86ce4e85c23e3e9513bf45c37) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
02:15:02.0552 4168 VBoxNetAdp - ok
02:15:02.0583 4168 VBoxNetFlt (7b657669c53a0e6583f07ebaa303d9ea) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
02:15:02.0583 4168 VBoxNetFlt - ok
02:15:02.0599 4168 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
02:15:02.0599 4168 vdrvroot - ok
02:15:02.0615 4168 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
02:15:02.0615 4168 vga - ok
02:15:02.0630 4168 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
02:15:02.0630 4168 VgaSave - ok
02:15:02.0646 4168 VGPU - ok
02:15:02.0662 4168 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
02:15:02.0662 4168 vhdmp - ok
02:15:02.0708 4168 VIAHdAudAddService (906a7c6b6659a650648cf21998270945) C:\Windows\system32\drivers\viahduaa.sys
02:15:02.0724 4168 VIAHdAudAddService - ok
02:15:02.0724 4168 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
02:15:02.0724 4168 viaide - ok
02:15:02.0755 4168 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
02:15:02.0755 4168 vmbus - ok
02:15:02.0771 4168 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
02:15:02.0771 4168 VMBusHID - ok
02:15:02.0802 4168 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
02:15:02.0802 4168 volmgr - ok
02:15:02.0833 4168 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
02:15:02.0833 4168 volmgrx - ok
02:15:02.0849 4168 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
02:15:02.0849 4168 volsnap - ok
02:15:02.0865 4168 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
02:15:02.0865 4168 vsmraid - ok
02:15:02.0880 4168 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
02:15:02.0880 4168 vwifibus - ok
02:15:02.0880 4168 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
02:15:02.0896 4168 WacomPen - ok
02:15:02.0927 4168 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:15:02.0927 4168 WANARP - ok
02:15:02.0927 4168 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
02:15:02.0927 4168 Wanarpv6 - ok
02:15:02.0943 4168 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
02:15:02.0943 4168 Wd - ok
02:15:02.0958 4168 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
02:15:02.0974 4168 Wdf01000 - ok
02:15:03.0005 4168 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
02:15:03.0005 4168 WfpLwf - ok
02:15:03.0021 4168 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
02:15:03.0021 4168 WIMMount - ok
02:15:03.0083 4168 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
02:15:03.0083 4168 WinUsb - ok
02:15:03.0115 4168 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
02:15:03.0115 4168 WmiAcpi - ok
02:15:03.0130 4168 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
02:15:03.0130 4168 ws2ifsl - ok
02:15:03.0177 4168 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
02:15:03.0177 4168 WSDPrintDevice - ok
02:15:03.0208 4168 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
02:15:03.0208 4168 WudfPf - ok
02:15:03.0240 4168 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
02:15:03.0240 4168 WUDFRd - ok
02:15:03.0287 4168 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
02:15:03.0287 4168 xusb21 - ok
02:15:03.0302 4168 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
02:15:03.0302 4168 \Device\Harddisk0\DR0 - ok
02:15:03.0318 4168 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
02:15:03.0349 4168 \Device\Harddisk1\DR1 - ok
02:15:03.0349 4168 MBR (0x1B8) (ad9b705ab096a51023121c8e7db9d21b) \Device\Harddisk2\DR2
02:15:03.0365 4168 \Device\Harddisk2\DR2 - ok
02:15:03.0365 4168 Boot (0x1200) (06be8c0da01dab0e6fe5c5136c4bcfaa) \Device\Harddisk0\DR0\Partition0
02:15:03.0365 4168 \Device\Harddisk0\DR0\Partition0 - ok
02:15:03.0365 4168 Boot (0x1200) (d58bcfbbbc3d6137080b145ef8aebeb6) \Device\Harddisk0\DR0\Partition1
02:15:03.0365 4168 \Device\Harddisk0\DR0\Partition1 - ok
02:15:03.0365 4168 Boot (0x1200) (6e20a9d7faa230e62a007a7a8857fa2a) \Device\Harddisk1\DR1\Partition0
02:15:03.0365 4168 \Device\Harddisk1\DR1\Partition0 - ok
02:15:03.0380 4168 Boot (0x1200) (7cb16126a37714f8f03825ca2e361514) \Device\Harddisk1\DR1\Partition1
02:15:03.0380 4168 \Device\Harddisk1\DR1\Partition1 - ok
02:15:03.0396 4168 Boot (0x1200) (60d63ccfcba72e0f70ddf7bbb1f9bfd0) \Device\Harddisk1\DR1\Partition2
02:15:03.0396 4168 \Device\Harddisk1\DR1\Partition2 - ok
02:15:03.0396 4168 Boot (0x1200) (3b3158f193b15e84a05b52d42e9b2bdf) \Device\Harddisk2\DR2\Partition0
02:15:03.0396 4168 \Device\Harddisk2\DR2\Partition0 - ok
02:15:03.0396 4168 ============================================================
02:15:03.0396 4168 Scan finished
02:15:03.0396 4168 ============================================================
02:15:03.0412 4032 Detected object count: 0
02:15:03.0412 4032 Actual detected object count: 0

#10 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 February 2012 - 03:33 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

<-- Don't worry every little bit helps.

#11 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 04:35 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-06 02:41:53
-----------------------------
02:41:53.971 OS Version: Windows x64 6.1.7601 Service Pack 1
02:41:53.971 Number of processors: 4 586 0xF0B
02:41:53.971 ComputerName: DEREK-PC UserName: Derek
02:41:54.793 Initialize success
02:48:49.225 AVAST engine defs: 12020503
02:58:59.658 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:58:59.659 Disk 0 Vendor: SAMSUNG_HD501LJ CR100-10 Size: 476938MB BusType: 3
02:58:59.661 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
02:58:59.663 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
02:58:59.680 Disk 1 MBR read successfully
02:58:59.682 Disk 1 MBR scan
02:58:59.709 Disk 1 Windows 7 default MBR code
02:58:59.736 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
02:58:59.747 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 175839 MB offset 206848
02:58:59.750 Disk 1 Partition - 00 0F Extended LBA 777927 MB offset 360327168
02:58:59.772 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 777926 MB offset 360329216
02:58:59.776 Service scanning
02:59:00.756 Modules scanning
02:59:00.760 Disk 1 trace - called modules:
02:59:00.765 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
02:59:00.768 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007b73060]
02:59:00.771 3 CLASSPNP.SYS[fffff88001b9b43f] -> nt!IofCallDriver -> [0xfffffa80075029b0]
02:59:00.775 5 ACPI.sys[fffff88000fad7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-5[0xfffffa80078cf060]
02:59:01.305 AVAST engine scan C:\Windows
02:59:03.814 AVAST engine scan C:\Windows\system32
03:01:28.182 AVAST engine scan C:\Windows\system32\drivers
03:01:40.389 AVAST engine scan C:\Users\Derek
03:22:26.463 AVAST engine scan C:\ProgramData
03:25:33.666 Scan finished successfully
03:33:35.924 Disk 1 MBR has been saved successfully to "C:\Users\Derek\Desktop\fix\MBR.dat"
03:33:35.927 The log file has been saved successfully to "C:\Users\Derek\Desktop\fix\aswMBR.txt"

#12 gringo_pr

Bleepin Gringo

Group: Malware Response Team
Posts: 85,549
Joined: 03-July 08
Gender:Male
Location:Puerto rico

Posted 06 February 2012 - 09:48 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTL.txt in your next reply.

Gringo

<-- Don't worry every little bit helps.

#13 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 05:56 PM

OTL logfile created on: 2/6/2012 3:02:28 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Derek\Desktop\fix
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.37 Gb Available Physical Memory | 54.62% Memory free
16.00 Gb Paging File | 12.17 Gb Available in Paging File | 76.04% Paging File free
Paging file location(s): i:\pagefile.sys 8192 12000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 171.72 Gb Total Space | 90.19 Gb Free Space | 52.52% Space Free | Partition Type: NTFS
Drive E: | 759.69 Gb Total Space | 426.89 Gb Free Space | 56.19% Space Free | Partition Type: NTFS
Drive H: | 3.78 Gb Total Space | 0.01 Gb Free Space | 0.15% Space Free | Partition Type: FAT32
Drive I: | 12.04 Gb Total Space | 3.96 Gb Free Space | 32.85% Space Free | Partition Type: NTFS
Drive J: | 453.71 Gb Total Space | 64.03 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: DEREK-PC | User Name: Derek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Derek\Desktop\fix\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files (x86)\Input Director\InputDirectorClipboardHelper.exe (Imperative Software Pty Ltd)
PRC - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Creative\Console Launcher\ConsoLCu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe (Creative Technology Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll ()
MOD - C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\avutil-51.dll ()
MOD - C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\avformat-53.dll ()
MOD - C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\avcodec-53.dll ()
MOD - C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dd759df05fad8dc6d3404e8e02b40819\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Users\Derek\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\GetCoreTempInfoNET.dll ()
MOD - C:\Users\Derek\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\SystemInfo.dll ()
MOD - C:\Users\Derek\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V3.3.gadget\CoreTempReader.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MediaMall Server) -- C:\Program Files (x86)\MediaMall\MediaMallServer.exe (MediaMall Technologies, Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (InputDirector) -- C:\Program Files (x86)\Input Director\IDWinService.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (PDFProFiltSrvPP) -- C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (YammmSvc) -- C:\Program Files (x86)\Yammm\YammmSvc.exe (Mikinho)
SRV - (IDVistaService) -- C:\Program Files (x86)\Input Director\IDVistaService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (NILM License Manager) -- C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (NIDomainService) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation)
SRV - (lkClassAds) -- C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation)
SRV - (lkTimeSync) -- C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (niSvcLoc) -- C:\Windows\SysWOW64\nisvcloc.exe (National Instruments Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (LkCitadelServer) -- C:\Windows\SysWOW64\lkcitdl.exe (National Instruments, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (BazisVirtualCDBus) -- C:\Windows\SysNative\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV:64bit: - (prwntdrv) -- C:\Windows\SysNative\prwntdrv.sys ()
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (msvad_simple) -- C:\Windows\SysNative\drivers\povrtdev.sys (MediaMall Technologies, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software)
DRV - (prwntdrv) -- C:\Windows\SysWOW64\prwntdrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (atillk64) -- E:\Apps+Programs\LowLevel\atillk64.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 23 65 A8 46 09 CC 01 [binary data]
IE - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.google.com/"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Derek\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/11 16:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/31 23:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/31 23:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/10/04 23:10:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/05/02 22:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions
[2011/05/02 22:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/02/02 17:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\extensions
[2011/12/24 12:05:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/26 17:01:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/02 17:15:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\extensions\support@lastpass.com
[2012/02/02 17:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\dhlgvm7e.Derek2\extensions
[2012/01/28 18:32:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\dhlgvm7e.Derek2\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/28 18:32:38 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\dhlgvm7e.Derek2\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/02/02 17:15:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\dhlgvm7e.Derek2\extensions\support@lastpass.com
[2012/02/02 17:15:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\wjwr6dn7.Fresh\extensions
[2012/02/02 17:15:58 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\wjwr6dn7.Fresh\extensions\support@lastpass.com
[2011/02/01 18:05:08 | 000,002,333 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Mozilla\Firefox\Profiles\0absop31.default\searchplugins\askcom.xml
[2011/11/08 22:00:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ABSOP31.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ABSOP31.DEFAULT\EXTENSIONS\MOVABLEAPPBUTTON@MERCI.CHAO.XPI
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ABSOP31.DEFAULT\EXTENSIONS\OMNIBAR@AJITK.COM.XPI
() (No name found) -- C:\USERS\DEREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ABSOP31.DEFAULT\EXTENSIONS\PERSONALTITLEBAR@MOZTW.ORG.XPI
[2011/12/25 01:28:16 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008/12/10 14:49:34 | 000,023,040 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv86win32.dll
[2009/10/07 16:11:28 | 000,025,088 | ---- | M] (National Instruments) -- C:\Program Files (x86)\mozilla firefox\plugins\nplv90win32.dll
[2011/12/01 16:37:49 | 000,005,142 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\arccosine.xml
[2011/09/28 00:30:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 22:00:04 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Derek\AppData\Local\Google\Chrome\Application\16.0.912.77\pdf.dll
CHR - plugin: Java™ Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: MSN\u00AE Toolbar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Derek\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: LastPass = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.1_0\
CHR - Extension: Gmail = C:\Users\Derek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/02/06 01:18:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001..\Run: [InputDirector] C:\Program Files (x86)\Input Director\InputDirector.exe (Imperative Software Pty Ltd)
O4 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001..\Run: [PlayOn] C:\Program Files (x86)\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001..\Run: [Sidebar] C:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Mcx1-DEREK-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Users\Mcx1-DEREK-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3658522930-349798691-2258556366-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra Button: Encarta Search - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - Reg Error: Key error. File not found
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F77DF858-C71A-42A2-A8FB-B51A4E81AA24}: DhcpNameServer = 8.8.8.8 192.168.254.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 01:19:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/06 01:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/06 01:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/06 01:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/06 01:12:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/06 01:12:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/06 01:08:10 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Sunbelt Software
[2012/02/06 00:20:58 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Apps
[2012/02/06 00:16:01 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\fix
[2012/02/05 17:07:28 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/05 17:00:50 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/02/05 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/02/05 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/02/05 17:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/02/05 15:56:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/05 15:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/05 15:56:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/05 15:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/02/05 15:48:55 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/05 05:18:07 | 000,000,000 | -H-D | C] -- C:\Users\Derek\Desktop\.picasaoriginals
[2012/02/02 17:15:57 | 014,522,912 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2012/02/02 17:15:54 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2012/02/02 17:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2012/02/02 17:15:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LastPass
[2012/02/02 15:11:47 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\My PaperPort Documents
[2012/02/02 15:10:44 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\OfficeDrop
[2012/02/02 15:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Nuance
[2012/02/02 15:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon
[2012/02/02 15:08:57 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Zeon
[2012/02/02 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Nuance
[2012/02/02 15:08:42 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\.oit
[2012/02/02 15:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\ScanSoft
[2012/02/02 15:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
[2012/02/02 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2012/02/02 15:08:04 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2012/02/02 15:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nuance
[2012/02/02 15:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2012/02/02 15:08:04 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\MyWebPages
[2012/02/02 15:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2012/02/01 16:57:18 | 000,000,000 | ---D | C] -- C:\Windows\twain_32
[2012/02/01 16:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ixia
[2012/02/01 16:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IxiaInstallerCache
[2012/02/01 01:31:52 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012/02/01 01:29:12 | 000,000,000 | R--D | C] -- C:\Users\Derek\Documents\Scanned Documents
[2012/02/01 01:29:11 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Fax
[2012/02/01 01:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScanAppDataDir
[2012/02/01 01:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2012/01/31 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Yahoo!
[2012/01/31 23:02:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2012/01/31 23:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/01/31 23:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/01/31 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Derek\0absop31.default
[2012/01/30 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\MigWiz
[2012/01/29 15:38:23 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\More Productivity
[2012/01/29 15:33:07 | 000,000,000 | R--D | C] -- C:\Users\Derek\Desktop\More Apps
[2012/01/29 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\More Managment
[2012/01/29 15:12:47 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\MusicBrainz
[2012/01/29 15:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard
[2012/01/28 22:33:47 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\SolidWorks Downloads
[2012/01/28 22:33:47 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks
[2012/01/28 22:33:46 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\SolidWorks
[2012/01/28 20:10:47 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Orzeszek
[2012/01/28 18:57:19 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/01/28 18:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2012/01/28 18:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/01/28 18:13:40 | 000,000,000 | R--D | C] -- C:\Users\Derek\Searches
[2012/01/28 17:16:21 | 000,000,000 | R--D | C] -- C:\Users\Derek\Favorites
[2012/01/28 15:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/28 15:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/28 15:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/28 15:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/28 15:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/28 15:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/28 14:37:57 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/28 14:37:53 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/28 14:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/01/28 14:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/01/25 15:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2012/01/25 15:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2012/01/22 16:10:17 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/22 16:10:17 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Adobe Mini Bridge CS5.1
[2012/01/22 15:45:22 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/20 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Mobiola Video Files
[2012/01/20 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Mobiola Image Files
[2012/01/20 11:50:58 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\Mobiola Audio Files
[2012/01/20 11:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobiola Web Camera for S60
[2012/01/18 00:52:50 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\eagle
[2012/01/18 00:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EAGLE Layout Editor 6.1.0
[2012/01/18 00:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EAGLE-6.1.0
[2012/01/18 00:38:25 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\CadSoft
[2012/01/17 12:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/01/17 12:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/01/17 12:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2012/01/17 12:13:54 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Autodesk
[2012/01/17 12:13:54 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Autodesk
[2012/01/17 12:13:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2012/01/17 12:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCAD 2010
[2012/01/17 12:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2012/01/17 12:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2012/01/17 12:12:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2012/01/17 11:58:37 | 000,304,128 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012/01/17 11:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/01/17 11:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/01/17 11:47:51 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\National Instruments
[2012/01/17 11:42:03 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Google
[2012/01/17 11:42:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/01/17 11:41:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8
[2012/01/17 03:52:55 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\National Instruments
[2012/01/17 03:52:55 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\National Instruments
[2012/01/17 03:50:38 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HI-TECH Software
[2012/01/17 03:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HI-TECH Software
[2012/01/17 03:49:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments
[2012/01/17 03:49:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments
[2012/01/17 03:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\National Instruments
[2012/01/17 03:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012/01/17 03:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cvirte
[2012/01/17 03:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\National Instruments
[2012/01/17 03:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2012/01/17 02:49:01 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\MATLAB
[2012/01/16 18:30:07 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\My Scans
[2012/01/16 16:11:40 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\CCC
[2012/01/16 16:11:26 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Documents
[2012/01/12 18:07:27 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Differential Equations
[2012/01/12 18:06:28 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Circuit Analysys
[2012/01/12 18:06:19 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Engineering Statics
[2012/01/12 18:06:14 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Social Problems
[2012/01/12 18:05:43 | 000,000,000 | ---D | C] -- C:\Users\Derek\Desktop\Physics
[2012/01/12 13:39:40 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/12 13:39:40 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/12 13:39:40 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/12 13:39:40 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/12 13:39:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/12 13:39:40 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/11 19:18:05 | 000,000,000 | ---D | C] -- C:\Users\Derek\.VirtualBox
[2012/01/11 19:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/01/11 19:00:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Input Director
[2012/01/11 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Input Director
[2012/01/11 12:49:50 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/11 12:49:50 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/11 12:49:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/11 12:49:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/11 12:49:43 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/11 12:49:38 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/11 12:49:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/10 01:41:20 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\My Photos
[2012/01/10 01:41:20 | 000,000,000 | ---D | C] -- C:\Users\Derek\Documents\My Documents
[2012/01/09 23:55:23 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/01/09 23:54:20 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Local\Htc
[2012/01/09 23:53:46 | 000,000,000 | ---D | C] -- C:\Users\Derek\AppData\Roaming\HTC
[2012/01/09 23:53:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012/01/09 23:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/01/09 22:20:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/01/09 17:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
[2010/05/05 18:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010/05/05 18:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 14:58:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3658522930-349798691-2258556366-1001UA.job
[2012/02/06 14:37:05 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 14:37:05 | 000,016,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 01:18:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/02/06 00:19:01 | 000,000,000 | ---- | M] () -- C:\Users\Derek\defogger_reenable
[2012/02/05 23:04:45 | 000,000,132 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/05 22:36:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/05 22:36:57 | 2146,910,207 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/05 22:36:20 | 000,062,476 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000001-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/02/05 22:36:20 | 000,062,476 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000001-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/02/05 22:36:20 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000001-00000000-00000000-00001102-00000005-00311102}.rfx
[2012/02/05 22:28:42 | 000,004,164 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2012/02/05 21:02:58 | 000,013,824 | ---- | M] () -- C:\Users\Derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/05 17:07:28 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/02/05 17:07:24 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/02/05 15:58:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3658522930-349798691-2258556366-1001Core.job
[2012/02/05 15:56:33 | 000,001,300 | ---- | M] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/05 15:56:33 | 000,001,276 | ---- | M] () -- C:\Users\Derek\Desktop\Spybot - Search & Destroy.lnk
[2012/02/05 15:48:55 | 000,002,975 | ---- | M] () -- C:\Users\Derek\Desktop\HiJackThis.lnk
[2012/02/04 16:59:43 | 000,786,330 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/04 16:59:43 | 000,669,072 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/04 16:59:43 | 000,125,258 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/04 16:59:39 | 000,786,330 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/04 16:34:24 | 000,001,150 | ---- | M] () -- C:\Users\Derek\Desktop\Mozilla Firefox.lnk
[2012/02/02 20:32:14 | 000,002,034 | -H-- | M] () -- C:\Users\Derek\Documents\Default.rdp
[2012/02/02 20:16:49 | 000,001,655 | ---- | M] () -- C:\Users\Derek\Desktop\DEREK LAPTOP-HP.lnk
[2012/02/02 17:16:16 | 014,522,912 | ---- | M] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[2012/02/02 17:16:16 | 000,001,192 | ---- | M] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/02/02 17:15:54 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2012/02/02 16:25:07 | 005,088,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/02 15:08:35 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\PaperPort.lnk
[2012/02/01 18:38:04 | 000,000,432 | RHS- | M] () -- C:\Users\Derek\ntuser.pol
[2012/02/01 17:33:16 | 000,024,680 | ---- | M] () -- C:\Users\Derek\Documents\Hewlett-Packard bkp.reg
[2012/01/31 21:35:10 | 000,000,840 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/01/29 20:33:34 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/01/29 20:33:27 | 000,189,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/01/29 20:33:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/29 15:42:43 | 000,002,305 | ---- | M] () -- C:\Users\Derek\Desktop\Laptop User.lnk
[2012/01/29 15:28:21 | 000,000,732 | ---- | M] () -- C:\Users\Derek\Desktop\Apps + Programs.lnk
[2012/01/29 15:21:59 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/01/29 15:14:52 | 000,000,584 | ---- | M] () -- C:\Users\Derek\Desktop\Steam.lnk
[2012/01/29 15:12:58 | 000,001,189 | ---- | M] () -- C:\Users\Derek\Desktop\MusicBrainz Picard.lnk
[2012/01/28 19:34:29 | 000,000,774 | ---- | M] () -- C:\Users\Derek\Desktop\My Music.lnk
[2012/01/28 18:56:22 | 000,000,914 | ---- | M] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/01/28 16:59:24 | 000,001,021 | ---- | M] () -- C:\Users\Derek\Desktop\Derek.lnk
[2012/01/28 15:32:36 | 000,001,801 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/25 01:22:50 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/24 22:08:19 | 000,007,600 | ---- | M] () -- C:\Users\Derek\AppData\Local\resmon.resmoncfg
[2012/01/24 11:53:21 | 000,002,417 | ---- | M] () -- C:\Users\Derek\Desktop\Google Chrome.lnk
[2012/01/23 20:28:05 | 000,013,441 | ---- | M] () -- C:\Users\Derek\Desktop\Desktops.lnk
[2012/01/23 19:01:23 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2012/01/23 19:01:23 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2012/01/22 15:45:59 | 000,251,376 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/19 21:58:05 | 000,000,132 | ---- | M] () -- C:\Users\Derek\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/18 00:52:41 | 000,001,129 | ---- | M] () -- C:\Users\Derek\Desktop\EAGLE 6.1.0.lnk
[2012/01/17 12:14:18 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2012/01/17 12:12:28 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk
[2012/01/17 11:58:48 | 000,001,111 | ---- | M] () -- C:\Users\Derek\Desktop\Adobe Photoshop.lnk
[2012/01/17 11:45:02 | 000,001,272 | ---- | M] () -- C:\Users\Derek\Desktop\Snipping Tool.lnk
[2012/01/17 11:41:49 | 000,002,043 | ---- | M] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/01/17 11:12:10 | 000,005,460 | ---- | M] () -- C:\Users\Derek\Desktop\Videos & Pictures.lnk
[2012/01/17 11:08:59 | 000,000,500 | ---- | M] () -- C:\Users\Derek\Desktop\Storage (E).lnk
[2012/01/17 11:08:22 | 000,007,438 | ---- | M] () -- C:\Users\Derek\Desktop\My Pictures.lnk
[2012/01/17 11:07:43 | 000,001,227 | ---- | M] () -- C:\Users\Derek\Desktop\My Documents.lnk
[2012/01/17 11:07:33 | 000,000,906 | ---- | M] () -- C:\Users\Derek\Desktop\Downloads (2).lnk
[2012/01/17 03:52:50 | 000,002,184 | ---- | M] () -- C:\Users\Derek\Desktop\Ultiboard 11.0.lnk
[2012/01/17 03:52:48 | 000,002,181 | ---- | M] () -- C:\Users\Derek\Desktop\Multisim 11.0.lnk
[2012/01/11 19:00:07 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\Input Director.lnk
[2012/01/11 16:44:22 | 000,002,044 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat X Pro.lnk
[2012/01/11 16:42:53 | 000,002,114 | ---- | M] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/01/09 23:29:01 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/06 01:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/06 01:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/06 01:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/06 01:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/06 01:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/06 00:19:01 | 000,000,000 | ---- | C] () -- C:\Users\Derek\defogger_reenable
[2012/02/05 19:34:34 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/02/05 15:56:33 | 000,001,300 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/05 15:56:33 | 000,001,276 | ---- | C] () -- C:\Users\Derek\Desktop\Spybot - Search & Destroy.lnk
[2012/02/05 15:48:55 | 000,002,975 | ---- | C] () -- C:\Users\Derek\Desktop\HiJackThis.lnk
[2012/02/04 16:34:24 | 000,001,150 | ---- | C] () -- C:\Users\Derek\Desktop\Mozilla Firefox.lnk
[2012/02/02 17:15:57 | 000,001,192 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\My LastPass Vault.lnk
[2012/02/02 17:15:54 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\My LastPass Vault.lnk
[2012/02/02 15:08:35 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\PaperPort.lnk
[2012/02/01 17:33:16 | 000,024,680 | ---- | C] () -- C:\Users\Derek\Documents\Hewlett-Packard bkp.reg
[2012/01/29 15:42:43 | 000,002,305 | ---- | C] () -- C:\Users\Derek\Desktop\Laptop User.lnk
[2012/01/29 15:42:24 | 000,001,655 | ---- | C] () -- C:\Users\Derek\Desktop\DEREK LAPTOP-HP.lnk
[2012/01/29 15:28:21 | 000,000,732 | ---- | C] () -- C:\Users\Derek\Desktop\Apps + Programs.lnk
[2012/01/29 15:21:59 | 000,000,738 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/01/29 15:14:52 | 000,000,584 | ---- | C] () -- C:\Users\Derek\Desktop\Steam.lnk
[2012/01/29 15:12:58 | 000,001,189 | ---- | C] () -- C:\Users\Derek\Desktop\MusicBrainz Picard.lnk
[2012/01/29 15:11:20 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[2012/01/28 19:34:29 | 000,000,774 | ---- | C] () -- C:\Users\Derek\Desktop\My Music.lnk
[2012/01/28 18:56:37 | 000,000,914 | ---- | C] () -- C:\Users\Derek\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/01/28 18:56:35 | 000,004,164 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012/01/28 16:59:24 | 000,001,021 | ---- | C] () -- C:\Users\Derek\Desktop\Derek.lnk
[2012/01/28 15:32:36 | 000,001,801 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 20:28:05 | 000,013,441 | ---- | C] () -- C:\Users\Derek\Desktop\Desktops.lnk
[2012/01/22 15:45:59 | 000,251,376 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/01/19 22:18:20 | 000,000,132 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/01/19 21:58:05 | 000,000,132 | ---- | C] () -- C:\Users\Derek\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/01/18 00:52:41 | 000,001,129 | ---- | C] () -- C:\Users\Derek\Desktop\EAGLE 6.1.0.lnk
[2012/01/17 12:14:18 | 000,001,919 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2010 - English.lnk
[2012/01/17 12:12:28 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk
[2012/01/17 11:58:48 | 000,001,111 | ---- | C] () -- C:\Users\Derek\Desktop\Adobe Photoshop.lnk
[2012/01/17 11:56:46 | 000,001,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012/01/17 11:56:25 | 000,001,241 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2012/01/17 11:55:12 | 000,001,203 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/01/17 11:54:56 | 000,001,296 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/01/17 11:53:38 | 000,001,397 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/01/17 11:53:30 | 000,001,569 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/01/17 11:53:06 | 000,001,015 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/01/17 11:45:02 | 000,001,272 | ---- | C] () -- C:\Users\Derek\Desktop\Snipping Tool.lnk
[2012/01/17 11:41:49 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Google SketchUp 8.lnk
[2012/01/17 11:12:10 | 000,005,460 | ---- | C] () -- C:\Users\Derek\Desktop\Videos & Pictures.lnk
[2012/01/17 11:08:59 | 000,000,500 | ---- | C] () -- C:\Users\Derek\Desktop\Storage (E).lnk
[2012/01/17 11:08:22 | 000,007,438 | ---- | C] () -- C:\Users\Derek\Desktop\My Pictures.lnk
[2012/01/17 11:07:43 | 000,001,227 | ---- | C] () -- C:\Users\Derek\Desktop\My Documents.lnk
[2012/01/17 11:07:33 | 000,000,906 | ---- | C] () -- C:\Users\Derek\Desktop\Downloads (2).lnk
[2012/01/17 03:52:50 | 000,002,184 | ---- | C] () -- C:\Users\Derek\Desktop\Ultiboard 11.0.lnk
[2012/01/17 03:52:48 | 000,002,181 | ---- | C] () -- C:\Users\Derek\Desktop\Multisim 11.0.lnk
[2012/01/16 18:18:47 | 000,207,087 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/01/16 18:18:47 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/01/11 19:00:07 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\Input Director.lnk
[2012/01/11 16:44:22 | 000,002,044 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat X Pro.lnk
[2012/01/09 23:29:01 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01009.Wdf
[2011/12/15 19:31:32 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/15 17:56:22 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/12/05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/05 20:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011/12/05 20:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/11/07 14:03:39 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/11/07 14:03:38 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/10/30 13:29:17 | 000,000,940 | ---- | C] () -- C:\Windows\lightworks.ini
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/10/13 14:30:24 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/20 00:42:46 | 002,469,248 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011/08/20 00:42:46 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011/08/20 00:42:46 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011/08/20 00:42:46 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011/08/20 00:42:46 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/08/13 14:39:25 | 000,013,824 | ---- | C] () -- C:\Users\Derek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 13:13:10 | 000,034,326 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2011/06/12 18:49:00 | 000,007,600 | ---- | C] () -- C:\Users\Derek\AppData\Local\resmon.resmoncfg
[2011/05/16 17:00:55 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2011/05/03 01:10:01 | 000,786,330 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/02 23:47:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/02 22:37:50 | 000,098,696 | ---- | C] () -- C:\Windows\SysWow64\setupprwdrv03.exe
[2011/05/02 22:37:50 | 000,013,704 | ---- | C] () -- C:\Windows\SysWow64\prwntdrv.sys
[2011/05/02 22:36:26 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/05/02 22:36:26 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/05/02 22:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/05/05 19:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010/05/05 19:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010/05/05 18:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIRES.DLL
[2010/05/05 18:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010/05/05 18:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010/05/05 18:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/06 12:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 205 bytes -> C:\ProgramData\TEMP:8EFFFE8D
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:9D1B94FD
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:FD9CE1F3
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >

#14 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 06 February 2012 - 08:07 PM

Also, I just noticed this is only a problem with chrome. Firefox stays logged in.

For the printer problem I followed this last time, for Windows 7 using a network connection: HP Support 'No HP devices have been detected'

My laptop however has no problem connecting with it, the laptop sits next to my desktop's LCD on a stand and with "Input Director" I can move my mouse and keyboard over between them seamlessly and copy/paste. Because the laptop works, in addition to what the guide from HP support said, I tried to copy over all things HP or that I felt dealt with the printer over to my main system. I copied registry keys, files, and system files the registry keys pointed too (I do have a backup.) It didn't work. Because the laptop is an HP I think this is why there is so many HP services on my desktop that are not working properly, because it is not an HP desktop. However, I have not received any error messages for it.

The desktop can connect with the printer without the drivers installed and print. To do this I extracted the HP_D110_AIO_drivers.msi file via 7-zip to a folder then pointed windows 7 to that folder with the "Have Disk" box to get it to work. The problem is that I cannot use HP scanning, which is a feature I use way more than printing. I scan all my homework to my computer and convert it to .pdf so I don't have to keep a huge stack of unorganized papers near semester time. The laptop can do this but with an AMD E-350 it's too time consuming. The past two weeks or so I have been just taking pictures of my papers with my HTC phone and syncing them over.

This post has been edited by DerekZ10: 06 February 2012 - 08:10 PM

#15 DerekZ10

New Member

Group: Members
Posts: 11
Joined: 05-February 12

Posted 08 February 2012 - 12:47 PM

After waking up today I went on the desktop and saw that the CPU Meter gadget was reading 50% load and 6.5GB of ram in use. Also the Network Meter gadget was showing an upload rate of around 500KB/s. It also said that 40GB was uploaded since the last restart, which would have been something like 3 days. The total data downloaded over the last 3 days was only 6GB and I haven't been running any torrents and the like. Also note that if I run a DSL speed test my upload rate is only about 60KB/s and Download is about 350KB/s. I'm clueless to where the data was going.

Task manager said spoolsvc.exe was using 1.4GB of ram and had 25% cpu usage, one whole core! I'm not sure where the rest of the memory and the other 25% was going but no listed app in the task manager was using it. I immediately shut the PC down. I am back on it now and there is no spoolsvc.exe running now, instead there is spoolsv.exe and another close one, sppsvc.exe.

Here's all the networked devices. Only one unlisted device, maybe the network switch? The one that starts with HP2 is the printer.
Posted Image