Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet redirect - possible google redirect?? Unable to remove


  • This topic is locked This topic is locked
37 replies to this topic

#1 glack

glack

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 15 July 2011 - 11:55 PM

As instructed in another post. Topic referenced is here: http://www.bleepingcomputer.com/forums/topic409507.html ~ OB Here are my Defogger, DDS and GMER logs

Defogger Log;

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:24 on 15/07/2011 (AEI)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


DDS log:

DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by AEI at 20:26:42 on 2011-07-15
.
============== Running Processes ================
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Users\AEI\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uURLSearchHooks: {472734EA-242A-422b-ADF8-83D1E48CC825} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: GuardId.MSIEBrowser.BHO: {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} -
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110628215345.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [Google Update] "C:\Users\AEI\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - file:///C:/Users/AEI/Crestron/Programs!/Wood/10-15-10/Wood%20Xpanel.xweb/XPanel.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://192.168.1.41/Xinit.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{61F26071-B436-40DA-A35F-501BCD78BA17} : DHCPNameServer = 192.168.4.1
TCP: Interfaces\{CFBBD951-0F50-4A53-93F7-5434750405BA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CFBBD951-0F50-4A53-93F7-5434750405BA}\3556368616E6 : DHCPNameServer = 192.168.2.1
Handler: msdaipp - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 relog_ap
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110628215345.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: msdaipp - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? BlackBox;BlackBox SR2
R? Bridge0;Bridge0
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? htcnprot;HTC NDIS Protocol Driver
R? IGRS;IGRS
R? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc
R? Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc
R? McShield;McShield
R? mferkdet;McAfee Inc. mferkdet
R? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? Normandy;Normandy SR2
R? osppsvc;Office Software Protection Platform
R? PS_MDP;ReadyComm Presentation Space Helper Service
R? ReadyComm.DirectRouter;ReadyComm.DirectRouter
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? StorSvc;Storage Service
R? WatAdminSvc;Windows Activation Technologies Service
R? wsvd;wsvd
S? ACPIVPC;Lenovo Virtual Power Controller Driver
S? AdobeARMservice;Adobe Acrobat Update Service
S? cvhsvc;Client Virtualization Handler
S? ETD;ELAN PS/2 Port Input Device
S? HECIx64;Intel® Management Engine Interface
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? Impcd;Impcd
S? IntcDAud;Intel® Display Audio
S? Lbd;Lbd
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? Oasis2Service;Oasis2Service
S? PassThru Service;Internet Pass-Through Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? UNS;Intel® Management & Security Application User Notification Service
S? vm331avs;Digital Camera 1
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? wdmirror;wdmirror
.
=============== Created Last 30 ================
.
2011-07-16 02:52:25 -------- d-----w- C:\windows\SysWow64\drivers\ect
2011-07-15 16:57:38 -------- d-----w- C:\Users\AEI\AppData\Local\{777FD1FC-09B5-4B4B-B87D-6B773A966342}
2011-07-15 16:37:05 -------- d-----w- C:\Program Files (x86)\Linksys
2011-07-15 13:18:40 -------- d-----w- C:\ProgramData\PC Tools
2011-07-15 13:11:19 -------- d-----w- C:\Users\AEI\AppData\Local\{89320B39-EF46-492F-AD9F-13F5340648A0}
2011-07-15 12:44:57 12872 ----a-w- C:\windows\System32\bootdelete.exe
2011-07-15 06:27:46 23112 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-07-15 06:26:23 -------- d-----w- C:\ProgramData\Hitman Pro
2011-07-15 04:34:17 -------- d-----w- C:\Users\AEI\AppData\Local\{4A2E5545-5690-45F2-9D10-0CCBF9282F19}
2011-07-14 23:24:03 -------- d-----w- C:\Users\AEI\AppData\Local\{7894CE22-8CC2-4E14-93CC-2B980E648A88}
2011-07-14 22:49:20 -------- d-----w- C:\Users\AEI\AppData\Local\{E79A65EC-2E47-480B-9663-2074DBCC6F71}
2011-07-14 22:39:49 -------- d-----w- C:\Users\AEI\AppData\Local\{FD35E9DD-4B22-4210-B40D-E28FEB22F0DF}
2011-07-14 13:30:16 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-14 13:30:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-14 13:11:36 -------- d-----w- C:\Users\AEI\AppData\Roaming\SUPERAntiSpyware.com
2011-07-14 13:11:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-14 07:16:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-14 06:36:31 34560 ----a-w- C:\windows\SysWow64\drivers\Normandy.sys
2011-07-14 06:30:29 35712 ----a-w- C:\windows\SysWow64\drivers\BlackBox.sys
2011-07-14 04:11:33 -------- d-----w- C:\Users\AEI\AppData\Local\{B26DD316-B2A5-4F4A-B3A4-DB27FD860DFC}
2011-07-14 01:32:07 244416 ----a-w- C:\windows\SysWow64\MSFLXGRD.OCX
2011-07-14 01:32:06 -------- d-----w- C:\Program Files (x86)\SpeakerCraft
2011-07-14 01:32:05 278581 ----a-w- C:\windows\SysWow64\temp.001
2011-07-14 01:32:03 65024 ----a-w- C:\windows\SysWow64\temp.000
2011-07-14 01:31:20 97280 ----a-w- C:\windows\System32\drivers\ser2pl64.sys
2011-07-14 01:31:17 26719 ----a-w- C:\windows\SysWow64\SERSPL.VXD
2011-07-14 01:31:16 35892 ----a-w- C:\windows\SysWow64\SER9PL.sys
2011-07-14 01:27:00 -------- d-----w- C:\Program Files (x86)\Prolific Technology Inc
2011-07-13 22:36:52 16432 ----a-w- C:\windows\System32\lsdelete.exe
2011-07-13 20:21:02 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-07-13 20:13:33 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2011-07-13 20:13:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-07-13 15:12:55 -------- d-----w- C:\Users\AEI\AppData\Roaming\Malwarebytes
2011-07-13 15:12:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-13 15:12:35 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-13 15:11:40 -------- d-----w- C:\Users\AEI\Malware
2011-07-13 14:56:41 -------- d-----w- C:\Users\AEI\AppData\Local\{75933CA3-0E5C-4225-9544-F4C0E8149E11}
2011-07-13 13:42:56 52224 ----a-w- C:\windows\System32\drivers\usbehci.sys
2011-07-13 13:41:55 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-13 13:41:55 338944 ----a-w- C:\windows\System32\conhost.exe
2011-07-13 13:41:55 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-13 13:41:54 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-13 13:41:54 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-13 13:41:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-13 13:41:54 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-13 13:41:54 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-13 13:41:54 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-13 13:41:54 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-13 13:41:48 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-13 07:07:24 -------- d-----w- C:\Users\AEI\AppData\Local\{6D78C245-34C9-49BC-987D-05B7B032DA7C}
2011-07-12 23:58:28 -------- d-----we C:\windows\system64
2011-07-12 22:58:11 -------- d-----w- C:\Users\AEI\AppData\Roaming\uPlayer
2011-07-12 22:57:39 -------- d-----w- C:\Program Files (x86)\uPlayer
2011-07-12 22:26:12 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-12 22:25:47 -------- d-----w- C:\Users\AEI\AppData\Local\Microsoft Help
2011-07-12 14:50:00 -------- d-----w- C:\Users\AEI\AppData\Local\{2BE74B5F-5CA5-4BC2-BB11-B0B231F3C074}
2011-07-12 14:19:45 -------- d-----w- C:\Users\AEI\AppData\Roaming\GetRightToGo
2011-07-12 14:15:25 49448 ----a-w- C:\windows\SysWow64\Usa19hPropPage.dll
2011-07-12 14:15:14 -------- d-----w- C:\Program Files (x86)\Keyspan
2011-07-12 01:27:57 -------- d-----w- C:\Users\AEI\AppData\Local\{8189B42B-E1CA-4AC8-85DA-113EE1FAD75E}
2011-07-11 20:22:46 -------- d-----w- C:\Users\AEI\AppData\Local\{23588097-34BF-41A0-96C4-53A3E20E7888}
2011-07-11 15:50:54 -------- d-----w- C:\Users\AEI\AppData\Local\{A42D847B-5885-42CF-96C4-ACFEA2102296}
2011-07-11 13:25:59 -------- d-----w- C:\Users\AEI\AppData\Local\{4699F362-9427-4AE7-8E3C-17EDD9A46644}
2011-07-11 04:19:45 -------- d-----w- C:\Users\AEI\AppData\Local\{B50CD224-4373-44D8-B31E-D89F1D3B2200}
2011-07-11 00:20:53 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
2011-07-11 00:17:38 -------- d-----w- C:\Users\AEI\AppData\Local\{F1FD47EA-1F7B-4DA4-831D-6664933F3B96}
2011-07-10 22:56:33 -------- d-----w- C:\Users\AEI\AppData\Local\{2CDBC383-A0F2-4B1F-A03A-09F86E9253F0}
2011-07-10 22:35:24 -------- d-----w- C:\Users\AEI\AppData\Local\Conduit
2011-07-10 19:57:25 -------- d-----w- C:\Users\AEI\AppData\Roaming\NCH Software
2011-07-10 18:56:53 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
2011-07-10 16:43:13 -------- d-----w- C:\Users\AEI\AppData\Local\{F63F6469-CB92-48D1-A6D8-DFA6334DBDD5}
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-07-10 03:50:03 -------- d-----w- C:\Users\AEI\AppData\Local\Apple
2011-07-09 18:52:57 -------- d-----w- C:\Users\AEI\AppData\Local\{47975C33-4D1D-4B0E-85B9-94BFA40D42FE}
2011-07-09 05:28:45 -------- d-----w- C:\Users\AEI\AppData\Local\{5E02CCCB-BD16-4DE3-BB34-346012944E94}
2011-07-08 13:06:24 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-08 04:19:17 -------- d-----w- C:\Users\AEI\AppData\Local\{13FAC5B9-6B50-4820-92D8-18F9D3E987BC}
2011-07-07 23:30:55 -------- d-----w- C:\Users\AEI\AppData\Local\{795CBCE4-E92E-4A4B-9C08-CB3A9F031362}
2011-07-07 06:26:08 -------- d-----w- C:\Users\AEI\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-07-07 06:25:57 -------- d-----w- C:\Users\AEI\AppData\Roaming\HTC
2011-07-07 06:23:32 -------- d-----w- C:\Users\AEI\AppData\Local\Downloaded Installations
2011-07-07 06:23:14 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2011-07-07 06:22:54 -------- d-----w- C:\Program Files (x86)\HTC
2011-07-07 02:51:23 -------- d-----w- C:\Users\AEI\AppData\Local\{04524586-8C9F-44C1-97AC-C4990DA4B334}
2011-07-07 00:26:18 -------- d-----w- C:\Users\AEI\AppData\Local\{D0E8BB86-C079-46BF-B22F-7A23214B9AE6}
2011-07-06 03:45:48 -------- d-----w- C:\Users\AEI\AppData\Local\{91C3E740-61DD-4BEE-B8DA-DCC33A0FC656}
2011-07-06 03:45:48 -------- d-----w- C:\Users\AEI\AppData\Local\{35913336-9388-4527-AB50-AC17E76668B7}
2011-07-05 03:19:35 -------- d-----w- C:\Users\AEI\AppData\Local\{D8C435E3-8450-4863-96B5-B31B794F07A1}
2011-07-04 14:58:31 -------- d-----w- C:\Users\AEI\AppData\Local\{156492FF-9447-4FC6-9F5C-7A512FDA2E05}
2011-07-03 18:15:25 -------- d-----w- C:\Users\AEI\AppData\Local\{631F4289-8AB3-4E17-A94A-EA9728F2D9FE}
2011-07-03 15:36:17 -------- d-----w- C:\Users\AEI\AppData\Local\{564FFBA8-9868-4EEA-AE25-1206F9CF1841}
2011-07-03 05:55:45 -------- d-----w- C:\Users\AEI\AppData\Local\Microsoft Games
2011-07-02 19:59:12 -------- d-----w- C:\Users\AEI\AppData\Local\{1C2C70D1-D8FA-4498-8BE7-0D953101347E}
2011-07-02 04:38:23 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-07-02 04:38:05 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-02 04:37:21 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-02 04:36:53 -------- d-----w- C:\Users\AEI\AppData\Local\{AE4BFBFA-D800-42AB-A766-06F73E2317EA}
2011-07-02 02:15:38 -------- d-----w- C:\Users\AEI\AppData\Local\{275619E7-B281-4658-82B9-47D59810C694}
2011-07-01 06:58:10 -------- d-----w- C:\Users\AEI\AppData\Local\{9DF8AEC9-9CF6-4963-92DE-DD04507ABBE9}
2011-07-01 03:44:16 81952 ----a-w- C:\windows\System32\drivers\tifsfilt.sys
2011-07-01 03:44:16 711712 ----a-w- C:\windows\System32\drivers\timntr.sys
2011-07-01 03:44:14 11264 ----a-w- C:\windows\System32\relog_ap.dll
2011-07-01 03:44:13 235040 ----a-w- C:\windows\System32\drivers\snapman.sys
2011-07-01 03:44:12 593952 ----a-w- C:\windows\System32\drivers\tdrpman.sys
2011-07-01 02:20:03 -------- d-----w- C:\Users\AEI\Acronis
2011-06-30 17:14:34 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-06-30 16:23:21 -------- d-----w- C:\Users\AEI\AppData\Local\{F9B6A35C-05BA-4A69-8D98-6CD12193F4C2}
2011-06-30 07:04:36 -------- d-----w- C:\Users\AEI\Tracing
2011-06-30 06:05:23 -------- d-----w- C:\Users\AEI\My Others
2011-06-30 06:05:23 -------- d-----w- C:\Users\AEI\AppData\Roaming\ArcSyncConfig
2011-06-30 03:34:55 -------- d-----w- C:\Users\AEI\AppData\Local\{EBD2CA51-32BD-4981-9C50-23CDCCC9D879}
2011-06-29 19:55:38 -------- d-----w- C:\Users\AEI\AppData\Roaming\ZeeVee
2011-06-29 19:55:38 -------- d-----w- C:\Users\AEI\AppData\Local\ZeeVee
2011-06-29 19:55:08 -------- d-----w- C:\Program Files (x86)\ZeeVee
2011-06-29 19:54:19 -------- d-----w- C:\Users\AEI\ZeeVee
2011-06-29 19:39:22 258048 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2011-06-29 19:33:46 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-29 19:27:56 -------- d-----w- C:\Users\AEI\Visio
2011-06-29 19:26:30 -------- d-----w- C:\Users\AEI\Middle atlantic
2011-06-29 18:12:17 -------- d-----w- C:\Users\AEI\AppData\Local\Google
2011-06-29 18:11:59 -------- d-----w- C:\Users\AEI\AppData\Local\Deployment
2011-06-29 18:11:59 -------- d-----w- C:\Users\AEI\AppData\Local\Apps
2011-06-29 13:26:41 -------- d-----w- C:\Users\AEI\AppData\Roaming\Windows Live Writer
2011-06-29 13:26:41 -------- d-----w- C:\Users\AEI\AppData\Local\Windows Live Writer
2011-06-29 13:07:32 -------- d-----w- C:\0f107ee6d8bf05866cc8b659047625ac
2011-06-29 06:42:24 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-06-29 06:42:24 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-06-29 06:41:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-06-29 06:40:37 -------- d-----w- C:\windows\en
2011-06-29 06:39:25 -------- d-----w- C:\Users\AEI\AppData\Roaming\Lenovo
2011-06-29 06:36:25 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-06-29 06:36:15 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-06-29 06:36:13 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-06-29 06:36:13 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-06-29 06:36:13 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-06-29 06:36:13 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-06-29 06:36:10 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2011-06-29 06:36:10 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2011-06-29 06:34:06 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8ab372c71cc36262e\InstallManager_WLE_WLE.exe
2011-06-29 06:33:50 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81e078e31cc362622\MeshBetaRemover.exe
2011-06-29 06:33:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78a4c2731cc36261a\DSETUP.dll
2011-06-29 06:33:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78a4c2731cc36261a\DXSETUP.exe
2011-06-29 06:33:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78a4c2731cc36261a\dsetup32.dll
2011-06-29 06:33:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\779304331cc362619\DXSETUP.exe
2011-06-29 06:33:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\779304331cc362619\dsetup32.dll
2011-06-29 06:33:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\779304331cc362619\DSETUP.dll
2011-06-29 06:32:45 -------- d-----w- C:\Users\AEI\AppData\Local\Windows Live
2011-06-29 06:32:20 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2011-06-29 06:32:20 206848 ----a-w- C:\windows\System32\mfps.dll
2011-06-29 06:32:20 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2011-06-29 06:32:20 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2011-06-29 06:32:20 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2011-06-29 06:32:19 4068864 ----a-w- C:\windows\System32\mf.dll
2011-06-29 06:32:19 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2011-06-29 06:00:10 -------- d-----w- C:\Users\AEI\AppData\Local\CyberLink
2011-06-29 05:55:33 -------- dc----w- C:\Users\AEI\AppData\Local\MigWiz
2011-06-29 04:53:44 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2011-06-29 04:53:34 149032 ----a-w- C:\windows\System32\mfevtps.exe
2011-06-29 04:53:32 94992 ----a-w- C:\windows\System32\drivers\mferkdet.sys
2011-06-29 04:53:32 75160 ----a-w- C:\windows\System32\drivers\mfenlfk.sys
2011-06-29 04:53:32 63056 ----a-w- C:\windows\System32\drivers\cfwids.sys
2011-06-29 04:53:32 530304 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2011-06-29 04:53:32 441840 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2011-06-29 04:53:32 283744 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2011-06-29 04:53:32 190520 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2011-06-29 04:53:32 121376 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2011-06-29 04:37:58 -------- d-----w- C:\Users\AEI\AppData\Local\WinZip
2011-06-29 04:28:41 -------- d-----w- C:\Users\AEI\WinZip
2011-06-29 04:12:03 -------- d-----w- C:\Users\AEI\AppData\Local\Ilivid Player
2011-06-29 03:59:57 -------- d-----w- C:\Users\AEI\AppData\Local\PackageAware
2011-06-29 01:48:17 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 SDK
2011-06-29 01:47:15 707418 ----a-w- C:\windows\unins001.exe
2011-06-29 00:29:17 -------- d-----w- C:\windows\SysWow64\Wat
2011-06-29 00:29:16 -------- d-----w- C:\windows\System32\Wat
2011-06-28 14:01:04 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2011-06-28 14:01:04 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2011-06-28 14:01:04 48960 ----a-w- C:\windows\System32\netfxperf.dll
2011-06-28 14:01:04 444752 ----a-w- C:\windows\System32\mscoree.dll
2011-06-28 14:01:04 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2011-06-28 14:01:04 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2011-06-28 14:01:04 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2011-06-28 14:01:04 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-06-28 14:01:04 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2011-06-28 14:01:04 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2011-06-28 13:55:14 243712 ----a-w- C:\windows\System32\drivers\ks.sys
2011-06-28 13:55:14 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2011-06-28 13:43:20 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-06-28 13:43:20 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-06-28 13:43:20 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2011-06-28 13:43:19 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2011-06-28 13:43:00 714752 ----a-w- C:\windows\System32\kerberos.dll
2011-06-28 13:43:00 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-06-28 13:42:56 84992 ----a-w- C:\windows\System32\asycfilt.dll
2011-06-28 13:42:56 67584 ----a-w- C:\windows\SysWow64\asycfilt.dll
2011-06-28 13:42:55 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys
2011-06-28 13:42:54 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-06-28 13:42:54 2048 ----a-w- C:\windows\System32\tzres.dll
2011-06-28 13:42:36 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-06-28 13:42:36 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-06-28 13:41:41 2870272 ----a-w- C:\windows\explorer.exe
2011-06-28 13:41:41 2614784 ----a-w- C:\windows\SysWow64\explorer.exe
2011-06-28 13:41:33 961024 ----a-w- C:\windows\System32\CPFilters.dll
2011-06-28 13:41:33 723968 ----a-w- C:\windows\System32\EncDec.dll
2011-06-28 13:41:33 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2011-06-28 13:41:32 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2011-06-28 13:41:32 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-06-28 13:41:32 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2011-06-28 13:41:32 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2011-06-28 13:41:32 1118720 ----a-w- C:\windows\System32\sbe.dll
2011-06-28 13:41:01 148992 ----a-w- C:\windows\System32\t2embed.dll
2011-06-28 13:41:00 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2011-06-28 13:39:19 483840 ----a-w- C:\windows\System32\StructuredQuery.dll
2011-06-28 13:38:31 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-06-28 13:38:30 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-06-28 13:38:30 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-06-28 13:38:25 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-06-28 13:38:25 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-06-28 13:38:18 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-06-28 13:38:17 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-06-28 13:38:17 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-06-28 13:36:57 558592 ----a-w- C:\windows\System32\spoolsv.exe
2011-06-28 13:35:56 144384 ----a-w- C:\windows\System32\cdd.dll
2011-06-28 13:35:20 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2011-06-28 13:35:19 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2011-06-28 13:33:36 3138048 ----a-w- C:\windows\System32\mstscax.dll
2011-06-28 13:33:35 2690560 ----a-w- C:\windows\SysWow64\mstscax.dll
2011-06-28 13:33:34 1097216 ----a-w- C:\windows\System32\mstsc.exe
2011-06-28 13:33:34 1034240 ----a-w- C:\windows\SysWow64\mstsc.exe
2011-06-28 13:31:59 236032 ----a-w- C:\windows\System32\srvsvc.dll
2011-06-28 13:31:58 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2011-06-28 13:28:18 707418 ----a-w- C:\windows\unins000.exe
2011-06-28 13:28:18 570128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao350.dll
2011-06-28 13:28:18 415504 ----a-w- C:\windows\SysWow64\msrepl35.dll
2011-06-28 13:28:18 368912 ----a-w- C:\windows\SysWow64\vbar332.dll
2011-06-28 13:28:18 287504 ----a-w- C:\windows\SysWow64\msxbse35.dll
2011-06-28 13:28:18 252176 ----a-w- C:\windows\SysWow64\Msrd2x35.dll
2011-06-28 13:28:18 24848 ----a-w- C:\windows\SysWow64\msjter35.dll
2011-06-28 13:28:18 123664 ----a-w- C:\windows\SysWow64\Msjint35.dll
2011-06-28 13:28:18 1046288 ----a-w- C:\windows\SysWow64\msjet35.dll
2011-06-28 13:24:52 -------- d-----w- C:\Program Files (x86)\Common Files\URC Shared
2011-06-28 13:24:44 -------- d-----w- C:\windows\Downloaded Installations
2011-06-28 13:12:25 884736 ----a-w- C:\windows\SysWow64\libeay32.dll
2011-06-28 13:12:25 163840 ----a-w- C:\windows\SysWow64\SSLeay32.dll
2011-06-28 13:12:25 109568 ----a-w- C:\windows\SysWow64\GCL52FW.dll
2011-06-28 13:12:24 98304 ----a-w- C:\windows\SysWow64\DUNZIP32.DLL
2011-06-28 13:12:24 880640 ----a-w- C:\windows\SysWow64\Cmlibeay32.dll
2011-06-28 13:12:24 200704 ----a-w- C:\windows\SysWow64\Cmpnl32.dll
2011-06-28 13:12:24 163840 ----a-w- C:\windows\SysWow64\CmSSLeay32.dll
2011-06-28 13:12:24 1269760 ----a-w- C:\windows\SysWow64\cmvpt32.dll
2011-06-28 13:12:24 125440 ----a-w- C:\windows\SysWow64\DZIP32.DLL
2011-06-28 13:12:24 118784 ----a-w- C:\windows\SysWow64\GCL52FWZ.DLL
2011-06-28 13:12:23 102400 ----a-w- C:\windows\SysWow64\CMUpdate.dll
2011-06-28 07:50:49 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-28 07:50:09 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-28 07:37:30 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-28 07:37:21 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-28 05:40:50 -------- d-----w- C:\Program Files\CCleaner
2011-06-28 04:34:46 -------- d-----w- C:\Users\AEI\AppData\Roaming\Dropbox
2011-06-28 04:34:18 -------- d-----r- C:\Users\AEI\Dropbox
2011-06-28 03:48:44 -------- d-----w- C:\Users\AEI\AppData\Local\Adobe
2011-06-28 02:41:57 -------- d-----w- C:\Program Files (x86)\Crestron
2011-06-28 01:19:22 -------- d-----w- C:\Users\AEI\AppData\Local\Diagnostics
2011-06-27 23:14:18 -------- d-----w- C:\Users\AEI\AppData\Local\ElevatedDiagnostics
2011-06-27 22:52:16 -------- d-----w- C:\ProgramData\VirtualizedApplications
2011-06-27 22:35:43 -------- d-----w- C:\Users\AEI\Bruce
2011-06-27 22:11:50 -------- d-----w- C:\Users\AEI\AEI
2011-06-27 21:53:08 -------- d-----w- C:\Users\AEI\Crestron
2011-06-27 20:41:41 -------- d-----w- C:\Users\AEI\AppData\Local\SoftGrid Client
2011-06-27 20:41:40 -------- d-----w- C:\Users\AEI\AppData\Roaming\SoftGrid Client
2011-06-27 20:40:54 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-06-27 20:40:47 -------- d-----w- C:\Users\AEI\AppData\Roaming\TP
2011-06-27 18:50:29 -------- d-----w- C:\Program Files (x86)\RTI
2011-06-27 18:50:08 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-06-27 18:50:08 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-06-27 18:50:08 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-06-27 18:50:08 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-06-27 18:50:08 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-06-27 18:50:08 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-06-27 18:50:02 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-06-27 18:50:02 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-06-27 18:40:06 45056 ----a-r- C:\Users\AEI\AppData\Roaming\Microsoft\Installer\{D923AD2E-5A59-40DA-9800-68782F199139}\NewShortcut2_FFF0C4D51EE74D15AC83931BB07E2F50.exe
2011-06-27 18:40:06 40960 ----a-r- C:\Users\AEI\AppData\Roaming\Microsoft\Installer\{D923AD2E-5A59-40DA-9800-68782F199139}\ARPPRODUCTICON.exe
2011-06-27 18:40:01 -------- d-----w- C:\Program Files (x86)\IntelliFile3
2011-06-27 18:35:36 -------- d-----w- C:\Users\AEI\Niles Audio
2011-06-27 18:34:33 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-27 18:30:38 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-06-27 18:19:44 -------- d-----w- C:\Users\AEI\RTI
2011-06-27 18:18:19 -------- dc-h--w- C:\ProgramData\{DC88B4E9-0A30-46AE-A4D5-38E7C0D304E4}
2011-06-27 18:11:04 -------- d-----w- C:\ProgramData\White Sky, Inc
2011-06-27 18:09:06 -------- d-----w- C:\Users\AEI\AppData\Roaming\ID Vault
2011-06-27 18:08:54 220672 ----a-w- C:\windows\System32\wintrust.dll
2011-06-27 18:08:54 172032 ----a-w- C:\windows\SysWow64\wintrust.dll
2011-06-27 18:08:53 139264 ----a-w- C:\windows\System32\cabview.dll
2011-06-27 18:08:53 132608 ----a-w- C:\windows\SysWow64\cabview.dll
2011-06-27 18:07:55 -------- d-----w- C:\Users\AEI\AppData\Local\White_Sky,_Inc
2011-06-27 18:07:55 -------- d-----w- C:\Users\AEI\AppData\Local\ID Vault
2011-06-27 18:07:12 -------- d-----w- C:\Users\AEI\AppData\Roaming\ooVoo Details
2011-06-27 18:04:29 -------- d-----w- C:\Users\AEI\AppData\Roaming\Intel Corporation
2011-06-27 18:00:54 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
2011-06-02 06:39:54 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-02 05:56:28 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-02 05:54:50 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:21:22 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-04-28 03:58:42 552448 ----a-w- C:\windows\System32\drivers\bthport.sys
2011-04-28 03:58:34 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2011-04-25 05:32:22 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\windows\SysWow64\html.iec
.
============= FINISH: 20:27:17.53 ===============


Attach Log:

.
==== Installed Programs ======================
.
Acrobat.com
Acronis True Image Home
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Apple Application Support
Apple Software Update
Bing Bar
Bing Bar Platform
CCleaner
Conexant HD Audio
Crescendo Music Notation Editor
Crestron D3Pro v2.08
Crestron Database 26.05.021.00
Crestron Device Database35.05.004.00
Crestron MasterInstaller
Crestron SIMPL Window 3.02.04.01
Crestron Toolbox 2.26.111.12
Crestron VisionTools Pro-e 4.2.12.01
CyberLink YouCam
D3DX10
DEAL for Windows
Definition update for Microsoft Office 2010 (KB982726)
Dropbox
Energy Management
Engraver v5.04
ETDWare PS/2-x64 7.0.4.17_WHQL
Express Burn Disc Burning Software
EZ Tools 4.0.1
Google Chrome
Google Earth
Google Talk Plugin
Google Update Helper
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ID Vault
Integration Designer
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
IntelliFile®3
Internet TV for Windows Media Center
Junk Mail filter update
Keyspan USB Serial Adapter
Lenovo DirectShare
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Lenovo Smile Dock
Lenovo_Wireless_Driver
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft CAPICOM 2.1.0.2 SDK
Microsoft IntelliPoint 8.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MixPad Audio Mixer
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MT-1000 Components
Oasis2Service 1.0
Onekey Theater
ooVoo
PL-2303 USB-to-Serial
PL-2303HXD Vista Driver Installer
Power2Go
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Excel 2010 (KB2523021)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
SIMPL+ Cross Compiler
SUPERAntiSpyware
Switch Sound File Converter
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
VeriFace
WavePad Sound Editor
Windows Driver Package - Crestron Electronics Inc. (WinUSB) Crestron (11/09/2010 3.0.0.0)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1)
Windows Driver Package - Remote Technologies Inc. (WinUSB) Control Device (04/07/2009 2.0.0.201)
Windows Driver Package - RTI ZB-Pro Driver Package (02/17/2009 2.04.16)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
WinZip 15.5
ZvBox Utilities
.
==== End Of File ===========================


GMER Log:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-15 21:34:15
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ec2d88
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ec2d88 (not active ControlSet)

---- EOF - GMER 1.0.15 ----



the redirect starts with a www.100ksearches.com link and changes to another as the ffinal as a generic page with search links. if I click on the web address tab on top while loading the correct page will load, if not the spoof page loads

Attached Files


Edited by Orange Blossom, 17 July 2011 - 02:19 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 22 July 2011 - 06:05 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 22 July 2011 - 07:58 PM

What is happening is when searching in IE8 or google I may search for "Honda Motorcycle" and that opens a page of links as usual, now if I click a link it starts the search for that link but the Status bar changes to a "www.100ksearches.com/?search=honda+motorcycle then goes to a page "http://63.209.69.107/search/web/honda%20motorcycle/a53/itcg-23573/v5" and wont let me go back to my yahoo page search results, only can close it or click a link on that page


DDS Log

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by AEI at 17:38:38 on 2011-07-22
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Users\AEI\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\AEI\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = Preserve
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: GuardId.MSIEBrowser.BHO: {5b0a01d2-b8a0-4e56-9e6b-cba0ef4b4eb5} - mscoree.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110628215345.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized
uRun: [Google Update] "C:\Users\AEI\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {15A7CF10-CB3E-4265-8779-9FD22619E8ED} - file:///C:/Users/AEI/Crestron/Programs!/Wood/10-15-10/Wood%20Xpanel.xweb/XPanel.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F74959B0-1779-472E-BE6E-3023E1DBEC73} - hxxp://192.168.1.41/Xinit.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110628215345.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
mRun-x64: [IgfxTray] C:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\windows\system32\igfxpers.exe
mRun-x64: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
mRun-x64: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun-x64: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
mRun-x64: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
mRun-x64: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
mRun-x64: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R? BlackBox;BlackBox SR2
R? Bridge0;Bridge0
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? htcnprot;HTC NDIS Protocol Driver
R? IGRS;IGRS
R? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc
R? Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc
R? McShield;McShield
R? mferkdet;McAfee Inc. mferkdet
R? netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
R? Normandy;Normandy SR2
R? osppsvc;Office Software Protection Platform
R? PS_MDP;ReadyComm Presentation Space Helper Service
R? ReadyComm.DirectRouter;ReadyComm.DirectRouter
R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader
R? RTL8167;Realtek 8167 NT Driver
R? StorSvc;Storage Service
R? vm331avs;Digital Camera 1
R? WatAdminSvc;Windows Activation Technologies Service
R? wsvd;wsvd
S? ACPIVPC;Lenovo Virtual Power Controller Driver
S? AdobeARMservice;Adobe Acrobat Update Service
S? cvhsvc;Client Virtualization Handler
S? ETD;ELAN PS/2 Port Input Device
S? HECIx64;Intel® Management Engine Interface
S? IAStorDataMgrSvc;Intel® Rapid Storage Technology
S? Impcd;Impcd
S? IntcDAud;Intel® Display Audio
S? Lbd;Lbd
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? Oasis2Service;Oasis2Service
S? PassThru Service;Internet Pass-Through Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? UNS;Intel® Management & Security Application User Notification Service
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? wdmirror;wdmirror
.
=============== Created Last 30 ================
.
2011-07-22 02:51:56 -------- d-----w- C:\Users\AEI\AppData\Local\{A4AD9049-F8C7-4C9C-95CC-7A4B60D23E9E}
2011-07-21 18:42:47 948144 ----a-w- C:\Users\AEI\setup_377476.exe
2011-07-21 07:29:07 8873296 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0902FBB-AC36-4EFC-B68C-0BB1391426BE}\mpengine.dll
2011-07-21 07:29:05 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-07-21 05:52:15 -------- d-----w- C:\Users\AEI\AppData\Local\{96EA182C-3A4D-4666-8A78-85AECD3037E3}
2011-07-21 05:01:36 36864 ----a-r- C:\Users\AEI\AppData\Roaming\Microsoft\Installer\{2C7F7830-E66E-40D8-8E26-28FAFF288A29}\_A4737580989A_11D6_9AF7_00B0D09B38B0.exe
2011-07-21 05:01:33 -------- d-----w- C:\Program Files (x86)\ProntoEdit4
2011-07-20 17:50:47 -------- d-----w- C:\Users\AEI\AppData\Local\{70F2F58D-C051-4F88-9C6C-52CE6425A3EB}
2011-07-20 00:07:03 -------- d-----w- C:\Users\AEI\AppData\Local\{3508070E-19D5-486F-80A5-5586D5C84D7D}
2011-07-19 16:18:53 -------- d-----w- C:\Users\AEI\AppData\Local\{C9A1E58B-B148-4F2F-A320-8DDAD7A12765}
2011-07-19 01:51:06 -------- d-----w- C:\Users\AEI\AppData\Local\{9CBD75FE-7607-4F37-9418-08AE6DC611F2}
2011-07-18 19:56:00 212240 ----a-w- C:\windows\SysWow64\RICHTX32.OCX
2011-07-18 19:10:44 -------- d-----w- C:\Program Files\Crestron
2011-07-18 13:50:19 -------- d-----w- C:\Users\AEI\AppData\Local\{33C267D2-A8CC-4DD5-A638-EB328FEFBDF4}
2011-07-17 19:00:04 -------- d-----w- C:\Users\AEI\AppData\Local\{236DF97A-DFEF-4093-B061-119B0E02AE50}
2011-07-17 06:25:12 -------- d-----w- C:\Users\AEI\AppData\Local\{1205C610-3140-41A3-A64C-A2F0CBE63ECB}
2011-07-17 06:24:27 -------- d-----w- C:\Users\AEI\AppData\Local\{0C167BA7-728A-450C-A0C7-6D1425DFA40F}
2011-07-16 05:59:39 -------- d-----w- C:\Users\AEI\AppData\Local\{F438A7CB-9156-4CBB-A01C-EE7AC5CC475D}
2011-07-16 02:52:25 -------- d-----w- C:\windows\SysWow64\drivers\ect
2011-07-15 16:57:38 -------- d-----w- C:\Users\AEI\AppData\Local\{777FD1FC-09B5-4B4B-B87D-6B773A966342}
2011-07-15 16:37:05 -------- d-----w- C:\Program Files (x86)\Linksys
2011-07-15 13:18:40 -------- d-----w- C:\ProgramData\PC Tools
2011-07-15 13:11:19 -------- d-----w- C:\Users\AEI\AppData\Local\{89320B39-EF46-492F-AD9F-13F5340648A0}
2011-07-15 12:44:57 12872 ----a-w- C:\windows\System32\bootdelete.exe
2011-07-15 06:27:46 23112 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-07-15 06:26:23 -------- d-----w- C:\ProgramData\Hitman Pro
2011-07-15 04:34:17 -------- d-----w- C:\Users\AEI\AppData\Local\{4A2E5545-5690-45F2-9D10-0CCBF9282F19}
2011-07-14 23:24:03 -------- d-----w- C:\Users\AEI\AppData\Local\{7894CE22-8CC2-4E14-93CC-2B980E648A88}
2011-07-14 22:49:20 -------- d-----w- C:\Users\AEI\AppData\Local\{E79A65EC-2E47-480B-9663-2074DBCC6F71}
2011-07-14 22:39:49 -------- d-----w- C:\Users\AEI\AppData\Local\{FD35E9DD-4B22-4210-B40D-E28FEB22F0DF}
2011-07-14 13:30:16 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-14 13:30:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-14 13:11:36 -------- d-----w- C:\Users\AEI\AppData\Roaming\SUPERAntiSpyware.com
2011-07-14 13:11:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-14 07:16:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-14 06:36:31 34560 ----a-w- C:\windows\SysWow64\drivers\Normandy.sys
2011-07-14 06:30:29 35712 ----a-w- C:\windows\SysWow64\drivers\BlackBox.sys
2011-07-14 04:11:33 -------- d-----w- C:\Users\AEI\AppData\Local\{B26DD316-B2A5-4F4A-B3A4-DB27FD860DFC}
2011-07-14 01:32:07 244416 ----a-w- C:\windows\SysWow64\MSFLXGRD.OCX
2011-07-14 01:32:06 -------- d-----w- C:\Program Files (x86)\SpeakerCraft
2011-07-14 01:32:05 278581 ----a-w- C:\windows\SysWow64\temp.001
2011-07-14 01:32:03 65024 ----a-w- C:\windows\SysWow64\temp.000
2011-07-14 01:31:20 97280 ----a-w- C:\windows\System32\drivers\ser2pl64.sys
2011-07-14 01:31:17 26719 ----a-w- C:\windows\SysWow64\SERSPL.VXD
2011-07-14 01:31:16 35892 ----a-w- C:\windows\SysWow64\SER9PL.sys
2011-07-14 01:27:00 -------- d-----w- C:\Program Files (x86)\Prolific Technology Inc
2011-07-13 22:36:52 16432 ----a-w- C:\windows\System32\lsdelete.exe
2011-07-13 20:21:02 55384 ----a-w- C:\windows\System32\drivers\SBREDrv.sys
2011-07-13 20:13:33 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2011-07-13 20:13:29 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-07-13 15:12:55 -------- d-----w- C:\Users\AEI\AppData\Roaming\Malwarebytes
2011-07-13 15:12:38 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-13 15:12:35 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-07-13 15:11:40 -------- d-----w- C:\Users\AEI\Malware
2011-07-13 14:56:41 -------- d-----w- C:\Users\AEI\AppData\Local\{75933CA3-0E5C-4225-9544-F4C0E8149E11}
2011-07-13 13:42:56 52224 ----a-w- C:\windows\System32\drivers\usbehci.sys
2011-07-13 13:41:55 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-13 13:41:55 338944 ----a-w- C:\windows\System32\conhost.exe
2011-07-13 13:41:55 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-07-13 13:41:54 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-13 13:41:54 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-13 13:41:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-13 13:41:54 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-13 13:41:54 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-13 13:41:54 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-13 13:41:54 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-13 13:41:48 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-13 07:07:24 -------- d-----w- C:\Users\AEI\AppData\Local\{6D78C245-34C9-49BC-987D-05B7B032DA7C}
2011-07-12 23:58:28 -------- d-----we C:\windows\system64
2011-07-12 22:58:11 -------- d-----w- C:\Users\AEI\AppData\Roaming\uPlayer
2011-07-12 22:57:39 -------- d-----w- C:\Program Files (x86)\uPlayer
2011-07-12 22:26:12 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2011-07-12 22:25:47 -------- d-----w- C:\Users\AEI\AppData\Local\Microsoft Help
2011-07-12 14:50:00 -------- d-----w- C:\Users\AEI\AppData\Local\{2BE74B5F-5CA5-4BC2-BB11-B0B231F3C074}
2011-07-12 14:19:45 -------- d-----w- C:\Users\AEI\AppData\Roaming\GetRightToGo
2011-07-12 14:15:25 49448 ----a-w- C:\windows\SysWow64\Usa19hPropPage.dll
2011-07-12 14:15:14 -------- d-----w- C:\Program Files (x86)\Keyspan
2011-07-12 01:27:57 -------- d-----w- C:\Users\AEI\AppData\Local\{8189B42B-E1CA-4AC8-85DA-113EE1FAD75E}
2011-07-11 20:22:46 -------- d-----w- C:\Users\AEI\AppData\Local\{23588097-34BF-41A0-96C4-53A3E20E7888}
2011-07-11 15:50:54 -------- d-----w- C:\Users\AEI\AppData\Local\{A42D847B-5885-42CF-96C4-ACFEA2102296}
2011-07-11 13:25:59 -------- d-----w- C:\Users\AEI\AppData\Local\{4699F362-9427-4AE7-8E3C-17EDD9A46644}
2011-07-11 04:19:45 -------- d-----w- C:\Users\AEI\AppData\Local\{B50CD224-4373-44D8-B31E-D89F1D3B2200}
2011-07-11 00:20:53 14336 ----a-w- C:\windows\System32\drivers\sffp_sd.sys
2011-07-11 00:17:38 -------- d-----w- C:\Users\AEI\AppData\Local\{F1FD47EA-1F7B-4DA4-831D-6664933F3B96}
2011-07-10 22:56:33 -------- d-----w- C:\Users\AEI\AppData\Local\{2CDBC383-A0F2-4B1F-A03A-09F86E9253F0}
2011-07-10 22:35:24 -------- d-----w- C:\Users\AEI\AppData\Local\Conduit
2011-07-10 19:57:25 -------- d-----w- C:\Users\AEI\AppData\Roaming\NCH Software
2011-07-10 18:56:53 -------- d-----w- C:\Program Files (x86)\NCH Swift Sound
2011-07-10 16:43:13 -------- d-----w- C:\Users\AEI\AppData\Local\{F63F6469-CB92-48D1-A6D8-DFA6334DBDD5}
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-07-10 03:51:59 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-07-10 03:50:03 -------- d-----w- C:\Users\AEI\AppData\Local\Apple
2011-07-09 18:52:57 -------- d-----w- C:\Users\AEI\AppData\Local\{47975C33-4D1D-4B0E-85B9-94BFA40D42FE}
2011-07-09 05:28:45 -------- d-----w- C:\Users\AEI\AppData\Local\{5E02CCCB-BD16-4DE3-BB34-346012944E94}
2011-07-08 13:06:24 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-07-08 04:19:17 -------- d-----w- C:\Users\AEI\AppData\Local\{13FAC5B9-6B50-4820-92D8-18F9D3E987BC}
2011-07-07 23:30:55 -------- d-----w- C:\Users\AEI\AppData\Local\{795CBCE4-E92E-4A4B-9C08-CB3A9F031362}
2011-07-07 06:26:08 -------- d-----w- C:\Users\AEI\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2011-07-07 06:25:57 -------- d-----w- C:\Users\AEI\AppData\Roaming\HTC
2011-07-07 06:23:32 -------- d-----w- C:\Users\AEI\AppData\Local\Downloaded Installations
2011-07-07 06:23:14 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2011-07-07 06:22:54 -------- d-----w- C:\Program Files (x86)\HTC
2011-07-07 02:51:23 -------- d-----w- C:\Users\AEI\AppData\Local\{04524586-8C9F-44C1-97AC-C4990DA4B334}
2011-07-07 00:26:18 -------- d-----w- C:\Users\AEI\AppData\Local\{D0E8BB86-C079-46BF-B22F-7A23214B9AE6}
2011-07-06 03:45:48 -------- d-----w- C:\Users\AEI\AppData\Local\{91C3E740-61DD-4BEE-B8DA-DCC33A0FC656}
2011-07-06 03:45:48 -------- d-----w- C:\Users\AEI\AppData\Local\{35913336-9388-4527-AB50-AC17E76668B7}
2011-07-05 03:19:35 -------- d-----w- C:\Users\AEI\AppData\Local\{D8C435E3-8450-4863-96B5-B31B794F07A1}
2011-07-04 14:58:31 -------- d-----w- C:\Users\AEI\AppData\Local\{156492FF-9447-4FC6-9F5C-7A512FDA2E05}
2011-07-03 18:15:25 -------- d-----w- C:\Users\AEI\AppData\Local\{631F4289-8AB3-4E17-A94A-EA9728F2D9FE}
2011-07-03 15:36:17 -------- d-----w- C:\Users\AEI\AppData\Local\{564FFBA8-9868-4EEA-AE25-1206F9CF1841}
2011-07-03 05:55:45 -------- d-----w- C:\Users\AEI\AppData\Local\Microsoft Games
2011-07-02 19:59:12 -------- d-----w- C:\Users\AEI\AppData\Local\{1C2C70D1-D8FA-4498-8BE7-0D953101347E}
2011-07-02 04:38:23 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-07-02 04:38:05 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-07-02 04:37:21 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-07-02 04:36:53 -------- d-----w- C:\Users\AEI\AppData\Local\{AE4BFBFA-D800-42AB-A766-06F73E2317EA}
2011-07-02 02:15:38 -------- d-----w- C:\Users\AEI\AppData\Local\{275619E7-B281-4658-82B9-47D59810C694}
2011-07-01 06:58:10 -------- d-----w- C:\Users\AEI\AppData\Local\{9DF8AEC9-9CF6-4963-92DE-DD04507ABBE9}
2011-07-01 03:44:16 81952 ----a-w- C:\windows\System32\drivers\tifsfilt.sys
2011-07-01 03:44:16 711712 ----a-w- C:\windows\System32\drivers\timntr.sys
2011-07-01 03:44:14 11264 ----a-w- C:\windows\System32\relog_ap.dll
2011-07-01 03:44:13 235040 ----a-w- C:\windows\System32\drivers\snapman.sys
2011-07-01 03:44:12 593952 ----a-w- C:\windows\System32\drivers\tdrpman.sys
2011-07-01 02:20:03 -------- d-----w- C:\Users\AEI\Acronis
2011-06-30 17:14:34 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-06-30 16:23:21 -------- d-----w- C:\Users\AEI\AppData\Local\{F9B6A35C-05BA-4A69-8D98-6CD12193F4C2}
2011-06-30 07:04:36 -------- d-----w- C:\Users\AEI\Tracing
2011-06-30 06:05:23 -------- d-----w- C:\Users\AEI\My Others
2011-06-30 06:05:23 -------- d-----w- C:\Users\AEI\AppData\Roaming\ArcSyncConfig
2011-06-30 03:34:55 -------- d-----w- C:\Users\AEI\AppData\Local\{EBD2CA51-32BD-4981-9C50-23CDCCC9D879}
2011-06-29 19:55:38 -------- d-----w- C:\Users\AEI\AppData\Roaming\ZeeVee
2011-06-29 19:55:38 -------- d-----w- C:\Users\AEI\AppData\Local\ZeeVee
2011-06-29 19:55:08 -------- d-----w- C:\Program Files (x86)\ZeeVee
2011-06-29 19:54:19 -------- d-----w- C:\Users\AEI\ZeeVee
2011-06-29 19:39:22 258048 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2011-06-29 19:33:46 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
2011-06-29 19:27:56 -------- d-----w- C:\Users\AEI\Visio
2011-06-29 19:26:30 -------- d-----w- C:\Users\AEI\Middle atlantic
2011-06-29 18:12:17 -------- d-----w- C:\Users\AEI\AppData\Local\Google
2011-06-29 18:11:59 -------- d-----w- C:\Users\AEI\AppData\Local\Deployment
2011-06-29 18:11:59 -------- d-----w- C:\Users\AEI\AppData\Local\Apps
2011-06-29 13:26:41 -------- d-----w- C:\Users\AEI\AppData\Roaming\Windows Live Writer
2011-06-29 13:26:41 -------- d-----w- C:\Users\AEI\AppData\Local\Windows Live Writer
2011-06-29 13:07:32 -------- d-----w- C:\0f107ee6d8bf05866cc8b659047625ac
2011-06-29 06:42:24 367104 ----a-w- C:\windows\System32\wcncsvc.dll
2011-06-29 06:42:24 276992 ----a-w- C:\windows\SysWow64\wcncsvc.dll
2011-06-29 06:41:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-06-29 06:40:37 -------- d-----w- C:\windows\en
2011-06-29 06:39:25 -------- d-----w- C:\Users\AEI\AppData\Roaming\Lenovo
2011-06-29 06:36:25 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2011-06-29 06:36:15 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2011-06-29 06:36:13 69464 ----a-w- C:\windows\SysWow64\XAPOFX1_3.dll
2011-06-29 06:36:13 523088 ----a-w- C:\windows\System32\d3dx10_42.dll
2011-06-29 06:36:13 515416 ----a-w- C:\windows\SysWow64\XAudio2_5.dll
2011-06-29 06:36:13 453456 ----a-w- C:\windows\SysWow64\d3dx10_42.dll
2011-06-29 06:36:10 4398360 ----a-w- C:\windows\System32\d3dx9_32.dll
2011-06-29 06:36:10 3426072 ----a-w- C:\windows\SysWow64\d3dx9_32.dll
2011-06-29 06:34:06 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\8ab372c71cc36262e\InstallManager_WLE_WLE.exe
2011-06-29 06:33:50 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\81e078e31cc362622\MeshBetaRemover.exe
2011-06-29 06:33:35 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78a4c2731cc36261a\DSETUP.dll
2011-06-29 06:33:35 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78a4c2731cc36261a\DXSETUP.exe
2011-06-29 06:33:35 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\78a4c2731cc36261a\dsetup32.dll
2011-06-29 06:33:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\779304331cc362619\DXSETUP.exe
2011-06-29 06:33:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\779304331cc362619\dsetup32.dll
2011-06-29 06:33:33 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\779304331cc362619\DSETUP.dll
2011-06-29 06:32:45 -------- d-----w- C:\Users\AEI\AppData\Local\Windows Live
2011-06-29 06:32:20 257024 ----a-w- C:\windows\System32\mfreadwrite.dll
2011-06-29 06:32:20 206848 ----a-w- C:\windows\System32\mfps.dll
2011-06-29 06:32:20 196608 ----a-w- C:\windows\SysWow64\mfreadwrite.dll
2011-06-29 06:32:20 1888256 ----a-w- C:\windows\System32\WMVDECOD.DLL
2011-06-29 06:32:20 1619456 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2011-06-29 06:32:19 4068864 ----a-w- C:\windows\System32\mf.dll
2011-06-29 06:32:19 3181568 ----a-w- C:\windows\SysWow64\mf.dll
2011-06-29 06:00:10 -------- d-----w- C:\Users\AEI\AppData\Local\CyberLink
2011-06-29 05:55:33 -------- dc----w- C:\Users\AEI\AppData\Local\MigWiz
2011-06-29 04:53:44 9984 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2011-06-29 04:53:34 149032 ----a-w- C:\windows\System32\mfevtps.exe
2011-06-29 04:53:32 94992 ----a-w- C:\windows\System32\drivers\mferkdet.sys
2011-06-29 04:53:32 75160 ----a-w- C:\windows\System32\drivers\mfenlfk.sys
2011-06-29 04:53:32 63056 ----a-w- C:\windows\System32\drivers\cfwids.sys
2011-06-29 04:53:32 530304 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2011-06-29 04:53:32 441840 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2011-06-29 04:53:32 283744 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2011-06-29 04:53:32 190520 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2011-06-29 04:53:32 121376 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2011-06-29 04:37:58 -------- d-----w- C:\Users\AEI\AppData\Local\WinZip
2011-06-29 04:28:41 -------- d-----w- C:\Users\AEI\WinZip
2011-06-29 04:12:03 -------- d-----w- C:\Users\AEI\AppData\Local\Ilivid Player
2011-06-29 03:59:57 -------- d-----w- C:\Users\AEI\AppData\Local\PackageAware
2011-06-29 01:48:17 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2 SDK
2011-06-29 01:47:15 707418 ----a-w- C:\windows\unins001.exe
2011-06-29 00:29:17 -------- d-----w- C:\windows\SysWow64\Wat
2011-06-29 00:29:16 -------- d-----w- C:\windows\System32\Wat
2011-06-28 14:01:04 99176 ----a-w- C:\windows\SysWow64\PresentationHostProxy.dll
2011-06-28 14:01:04 49472 ----a-w- C:\windows\SysWow64\netfxperf.dll
2011-06-28 14:01:04 48960 ----a-w- C:\windows\System32\netfxperf.dll
2011-06-28 14:01:04 444752 ----a-w- C:\windows\System32\mscoree.dll
2011-06-28 14:01:04 320352 ----a-w- C:\windows\System32\PresentationHost.exe
2011-06-28 14:01:04 297808 ----a-w- C:\windows\SysWow64\mscoree.dll
2011-06-28 14:01:04 295264 ----a-w- C:\windows\SysWow64\PresentationHost.exe
2011-06-28 14:01:04 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-06-28 14:01:04 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2011-06-28 14:01:04 109912 ----a-w- C:\windows\System32\PresentationHostProxy.dll
2011-06-28 13:55:14 243712 ----a-w- C:\windows\System32\drivers\ks.sys
2011-06-28 13:55:14 184832 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2011-06-28 13:43:20 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2011-06-28 13:43:20 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2011-06-28 13:43:20 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
2011-06-28 13:43:19 12625920 ----a-w- C:\windows\System32\wmploc.DLL
2011-06-28 13:43:00 714752 ----a-w- C:\windows\System32\kerberos.dll
2011-06-28 13:43:00 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2011-06-28 13:42:56 84992 ----a-w- C:\windows\System32\asycfilt.dll
2011-06-28 13:42:56 67584 ----a-w- C:\windows\SysWow64\asycfilt.dll
2011-06-28 13:42:55 102400 ----a-w- C:\windows\System32\drivers\dfsc.sys
2011-06-28 13:42:54 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-06-28 13:42:54 2048 ----a-w- C:\windows\System32\tzres.dll
2011-06-28 13:42:36 142336 ----a-w- C:\windows\System32\poqexec.exe
2011-06-28 13:42:36 123904 ----a-w- C:\windows\SysWow64\poqexec.exe
2011-06-28 13:41:41 2870272 ----a-w- C:\windows\explorer.exe
2011-06-28 13:41:41 2614784 ----a-w- C:\windows\SysWow64\explorer.exe
2011-06-28 13:41:33 961024 ----a-w- C:\windows\System32\CPFilters.dll
2011-06-28 13:41:33 723968 ----a-w- C:\windows\System32\EncDec.dll
2011-06-28 13:41:33 642048 ----a-w- C:\windows\SysWow64\CPFilters.dll
2011-06-28 13:41:32 850432 ----a-w- C:\windows\SysWow64\sbe.dll
2011-06-28 13:41:32 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-06-28 13:41:32 259072 ----a-w- C:\windows\System32\mpg2splt.ax
2011-06-28 13:41:32 199680 ----a-w- C:\windows\SysWow64\mpg2splt.ax
2011-06-28 13:41:32 1118720 ----a-w- C:\windows\System32\sbe.dll
2011-06-28 13:41:01 148992 ----a-w- C:\windows\System32\t2embed.dll
2011-06-28 13:41:00 109056 ----a-w- C:\windows\SysWow64\t2embed.dll
2011-06-28 13:39:19 483840 ----a-w- C:\windows\System32\StructuredQuery.dll
2011-06-28 13:38:31 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-06-28 13:38:30 157696 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2011-06-28 13:38:30 126464 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2011-06-28 13:38:25 476160 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2011-06-28 13:38:25 288256 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2011-06-28 13:38:18 5509504 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-06-28 13:38:17 3957632 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-06-28 13:38:17 3901824 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-06-28 13:36:57 558592 ----a-w- C:\windows\System32\spoolsv.exe
2011-06-28 13:35:56 144384 ----a-w- C:\windows\System32\cdd.dll
2011-06-28 13:35:20 1024512 ----a-w- C:\windows\System32\wmpmde.dll
2011-06-28 13:35:19 738816 ----a-w- C:\windows\SysWow64\wmpmde.dll
2011-06-28 13:33:36 3138048 ----a-w- C:\windows\System32\mstscax.dll
2011-06-28 13:33:35 2690560 ----a-w- C:\windows\SysWow64\mstscax.dll
2011-06-28 13:33:34 1097216 ----a-w- C:\windows\System32\mstsc.exe
2011-06-28 13:33:34 1034240 ----a-w- C:\windows\SysWow64\mstsc.exe
2011-06-28 13:31:59 236032 ----a-w- C:\windows\System32\srvsvc.dll
2011-06-28 13:31:58 9728 ----a-w- C:\windows\SysWow64\sscore.dll
2011-06-28 13:28:18 707418 ----a-w- C:\windows\unins000.exe
2011-06-28 13:28:18 570128 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\dao350.dll
2011-06-28 13:28:18 368912 ----a-w- C:\windows\SysWow64\vbar332.dll
2011-06-28 13:28:18 287504 ----a-w- C:\windows\SysWow64\msxbse35.dll
2011-06-28 13:28:18 252176 ----a-w- C:\windows\SysWow64\Msrd2x35.dll
2011-06-28 13:28:18 24848 ----a-w- C:\windows\SysWow64\msjter35.dll
2011-06-28 13:28:18 123664 ----a-w- C:\windows\SysWow64\Msjint35.dll
2011-06-28 13:24:52 -------- d-----w- C:\Program Files (x86)\Common Files\URC Shared
2011-06-28 13:24:44 -------- d-----w- C:\windows\Downloaded Installations
2011-06-28 13:12:25 884736 ----a-w- C:\windows\SysWow64\libeay32.dll
2011-06-28 13:12:25 163840 ----a-w- C:\windows\SysWow64\SSLeay32.dll
2011-06-28 13:12:25 109568 ----a-w- C:\windows\SysWow64\GCL52FW.dll
2011-06-28 13:12:24 98304 ----a-w- C:\windows\SysWow64\DUNZIP32.dll
2011-06-28 13:12:24 880640 ----a-w- C:\windows\SysWow64\Cmlibeay32.dll
2011-06-28 13:12:24 200704 ----a-w- C:\windows\SysWow64\Cmpnl32.dll
2011-06-28 13:12:24 163840 ----a-w- C:\windows\SysWow64\CmSSLeay32.dll
2011-06-28 13:12:24 1269760 ----a-w- C:\windows\SysWow64\cmvpt32.dll
2011-06-28 13:12:24 125440 ----a-w- C:\windows\SysWow64\DZIP32.dll
2011-06-28 13:12:24 118784 ----a-w- C:\windows\SysWow64\GCL52FWZ.DLL
2011-06-28 13:12:23 102400 ----a-w- C:\windows\SysWow64\CMUpdate.dll
2011-06-28 07:50:49 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-28 07:50:09 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-28 07:37:30 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-28 07:37:21 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-28 05:40:50 -------- d-----w- C:\Program Files\CCleaner
2011-06-28 04:34:46 -------- d-----w- C:\Users\AEI\AppData\Roaming\Dropbox
2011-06-28 04:34:18 -------- d-----r- C:\Users\AEI\Dropbox
2011-06-28 03:48:44 -------- d-----w- C:\Users\AEI\AppData\Local\Adobe
2011-06-28 02:41:57 -------- d-----w- C:\Program Files (x86)\Crestron
2011-06-28 01:19:22 -------- d-----w- C:\Users\AEI\AppData\Local\Diagnostics
2011-06-27 23:14:18 -------- d-----w- C:\Users\AEI\AppData\Local\ElevatedDiagnostics
2011-06-27 22:52:16 -------- d-----w- C:\ProgramData\VirtualizedApplications
2011-06-27 22:35:43 -------- d-----w- C:\Users\AEI\Bruce
2011-06-27 22:11:50 -------- d-----w- C:\Users\AEI\AEI
2011-06-27 21:53:08 -------- d-----w- C:\Users\AEI\Crestron
2011-06-27 20:41:41 -------- d-----w- C:\Users\AEI\AppData\Local\SoftGrid Client
2011-06-27 20:41:40 -------- d-----w- C:\Users\AEI\AppData\Roaming\SoftGrid Client
2011-06-27 20:40:54 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-06-27 20:40:47 -------- d-----w- C:\Users\AEI\AppData\Roaming\TP
2011-06-27 18:50:29 -------- d-----w- C:\Program Files (x86)\RTI
2011-06-27 18:50:08 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-06-27 18:50:08 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-06-27 18:50:08 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-06-27 18:50:08 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-06-27 18:50:08 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-06-27 18:50:08 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-06-27 18:50:02 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-06-27 18:50:02 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-06-27 18:40:06 45056 ----a-r- C:\Users\AEI\AppData\Roaming\Microsoft\Installer\{D923AD2E-5A59-40DA-9800-68782F199139}\NewShortcut2_FFF0C4D51EE74D15AC83931BB07E2F50.exe
2011-06-27 18:40:06 40960 ----a-r- C:\Users\AEI\AppData\Roaming\Microsoft\Installer\{D923AD2E-5A59-40DA-9800-68782F199139}\ARPPRODUCTICON.exe
2011-06-27 18:40:01 -------- d-----w- C:\Program Files (x86)\IntelliFile3
2011-06-27 18:35:36 -------- d-----w- C:\Users\AEI\Niles Audio
2011-06-27 18:34:33 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-27 18:30:38 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
2011-06-27 18:19:44 -------- d-----w- C:\Users\AEI\RTI
2011-06-27 18:18:19 -------- dc-h--w- C:\ProgramData\{DC88B4E9-0A30-46AE-A4D5-38E7C0D304E4}
2011-06-27 18:11:04 -------- d-----w- C:\ProgramData\White Sky, Inc
2011-06-27 18:09:06 -------- d-----w- C:\Users\AEI\AppData\Roaming\ID Vault
2011-06-27 18:08:54 220672 ----a-w- C:\windows\System32\wintrust.dll
2011-06-27 18:08:54 172032 ----a-w- C:\windows\SysWow64\wintrust.dll
2011-06-27 18:08:53 139264 ----a-w- C:\windows\System32\cabview.dll
2011-06-27 18:08:53 132608 ----a-w- C:\windows\SysWow64\cabview.dll
2011-06-27 18:07:55 -------- d-----w- C:\Users\AEI\AppData\Local\White_Sky,_Inc
2011-06-27 18:07:55 -------- d-----w- C:\Users\AEI\AppData\Local\ID Vault
2011-06-27 18:07:12 -------- d-----w- C:\Users\AEI\AppData\Roaming\ooVoo Details
2011-06-27 18:04:29 -------- d-----w- C:\Users\AEI\AppData\Roaming\Intel Corporation
2011-06-27 18:00:54 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
2011-06-02 06:39:54 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-06-02 05:56:28 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-06-02 05:54:50 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:21:22 976896 ----a-w- C:\windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\windows\System32\drivers\srvnet.sys
2011-04-28 03:58:42 552448 ----a-w- C:\windows\System32\drivers\bthport.sys
2011-04-28 03:58:34 80384 ----a-w- C:\windows\System32\drivers\BTHUSB.SYS
2011-04-25 05:32:22 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH: 17:39:17.74 ===============

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 23 July 2011 - 12:17 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 23 July 2011 - 01:10 AM

OK ran combo fix and after the reboot, I received a blue screen of death and the computer would not reboot, it tried a reboot again then opened uo with a Dos screen asking if I wanted a restore or start windows normally, I opted for normaly which resulted in a blue screen again followed with the dos window with the restore or normal restart. This time I went with the restore, it went into a restore boot up and ran for abour 20 minutes then rebooted in a previous restore date as combofix is no longer on the desktop.

I still have the issues with the 100ksearches redirect

No combofix file to be found

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 23 July 2011 - 10:41 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 23 July 2011 - 11:18 AM

TDSSKiller report


2011/07/23 09:16:39.0188 1720 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/23 09:16:39.0485 1720 ================================================================================
2011/07/23 09:16:39.0485 1720 SystemInfo:
2011/07/23 09:16:39.0485 1720
2011/07/23 09:16:39.0485 1720 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/23 09:16:39.0485 1720 Product type: Workstation
2011/07/23 09:16:39.0485 1720 ComputerName: AEI-LENOVO
2011/07/23 09:16:39.0485 1720 UserName: AEI
2011/07/23 09:16:39.0485 1720 Windows directory: C:\windows
2011/07/23 09:16:39.0485 1720 System windows directory: C:\windows
2011/07/23 09:16:39.0485 1720 Running under WOW64
2011/07/23 09:16:39.0485 1720 Processor architecture: Intel x64
2011/07/23 09:16:39.0485 1720 Number of processors: 4
2011/07/23 09:16:39.0485 1720 Page size: 0x1000
2011/07/23 09:16:39.0485 1720 Boot type: Normal boot
2011/07/23 09:16:39.0485 1720 ================================================================================
2011/07/23 09:16:40.0015 1720 Initialize success
2011/07/23 09:16:51.0934 4360 ================================================================================
2011/07/23 09:16:51.0934 4360 Scan started
2011/07/23 09:16:51.0934 4360 Mode: Manual;
2011/07/23 09:16:51.0934 4360 ================================================================================
2011/07/23 09:16:52.0292 4360 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/23 09:16:52.0402 4360 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/23 09:16:52.0495 4360 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/23 09:16:52.0620 4360 ACPIVPC (dc201246a14cb3b274df59faf539ab07) C:\windows\system32\DRIVERS\AcpiVpc.sys
2011/07/23 09:16:52.0792 4360 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/23 09:16:52.0948 4360 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/23 09:16:53.0072 4360 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/23 09:16:53.0291 4360 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
2011/07/23 09:16:53.0369 4360 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2011/07/23 09:16:53.0509 4360 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2011/07/23 09:16:53.0634 4360 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2011/07/23 09:16:53.0759 4360 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/23 09:16:53.0884 4360 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/23 09:16:54.0008 4360 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
2011/07/23 09:16:54.0071 4360 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/23 09:16:54.0211 4360 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
2011/07/23 09:16:54.0289 4360 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2011/07/23 09:16:54.0445 4360 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2011/07/23 09:16:54.0492 4360 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/23 09:16:54.0586 4360 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/23 09:16:54.0695 4360 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2011/07/23 09:16:54.0835 4360 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
2011/07/23 09:16:55.0022 4360 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2011/07/23 09:16:55.0178 4360 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2011/07/23 09:16:55.0350 4360 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2011/07/23 09:16:55.0568 4360 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/23 09:16:55.0662 4360 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
2011/07/23 09:16:55.0740 4360 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/23 09:16:55.0787 4360 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/23 09:16:55.0912 4360 Bridge0 (34f786535f9245e4028c57b28248c9d8) C:\windows\system32\drivers\WDBridge.sys
2011/07/23 09:16:55.0990 4360 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2011/07/23 09:16:56.0021 4360 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/23 09:16:56.0068 4360 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/23 09:16:56.0083 4360 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/23 09:16:56.0177 4360 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
2011/07/23 09:16:56.0239 4360 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/23 09:16:56.0333 4360 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
2011/07/23 09:16:56.0411 4360 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\windows\System32\Drivers\BTHport.sys
2011/07/23 09:16:56.0489 4360 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\windows\System32\Drivers\BTHUSB.sys
2011/07/23 09:16:56.0582 4360 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/23 09:16:56.0660 4360 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/23 09:16:56.0785 4360 cfwids (676535b3156fecf7133cf80b4d2f6cf7) C:\windows\system32\drivers\cfwids.sys
2011/07/23 09:16:56.0894 4360 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2011/07/23 09:16:56.0941 4360 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2011/07/23 09:16:57.0097 4360 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/23 09:16:57.0144 4360 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/23 09:16:57.0206 4360 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2011/07/23 09:16:57.0347 4360 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
2011/07/23 09:16:57.0472 4360 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/23 09:16:57.0534 4360 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/23 09:16:57.0690 4360 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/23 09:16:57.0846 4360 CSC (4a6173c2279b498cd8f57cae504564cb) C:\windows\system32\drivers\csc.sys
2011/07/23 09:16:57.0986 4360 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
2011/07/23 09:16:58.0049 4360 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2011/07/23 09:16:58.0096 4360 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2011/07/23 09:16:58.0174 4360 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2011/07/23 09:16:58.0236 4360 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/23 09:16:58.0345 4360 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2011/07/23 09:16:58.0564 4360 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/23 09:16:58.0595 4360 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2011/07/23 09:16:58.0673 4360 ETD (f6ad6e0674ef94390f0554bf946977af) C:\windows\system32\DRIVERS\ETD.sys
2011/07/23 09:16:58.0735 4360 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2011/07/23 09:16:58.0751 4360 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2011/07/23 09:16:58.0844 4360 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2011/07/23 09:16:58.0907 4360 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2011/07/23 09:16:58.0938 4360 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2011/07/23 09:16:59.0000 4360 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/23 09:16:59.0047 4360 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2011/07/23 09:16:59.0172 4360 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2011/07/23 09:16:59.0219 4360 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/23 09:16:59.0359 4360 FTDIBUS (7442bca60ed46cc31c2f39728bbdd9ad) C:\windows\system32\drivers\ftdibus.sys
2011/07/23 09:16:59.0422 4360 FTSER2K (121af3148cdda212cffbc4f6240699c2) C:\windows\system32\drivers\ftser2k.sys
2011/07/23 09:16:59.0562 4360 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/23 09:16:59.0624 4360 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/23 09:16:59.0780 4360 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2011/07/23 09:16:59.0874 4360 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2011/07/23 09:16:59.0999 4360 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/23 09:17:00.0092 4360 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
2011/07/23 09:17:00.0124 4360 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/23 09:17:00.0186 4360 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/23 09:17:00.0217 4360 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2011/07/23 09:17:00.0311 4360 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/23 09:17:00.0436 4360 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/23 09:17:00.0545 4360 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\windows\system32\DRIVERS\htcnprot.sys
2011/07/23 09:17:00.0607 4360 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2011/07/23 09:17:00.0654 4360 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2011/07/23 09:17:00.0732 4360 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/23 09:17:00.0826 4360 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/23 09:17:00.0982 4360 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
2011/07/23 09:17:01.0231 4360 igfx (09ce164afa8483e41808784d7fca154e) C:\windows\system32\DRIVERS\igdkmd64.sys
2011/07/23 09:17:01.0574 4360 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/23 09:17:01.0699 4360 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
2011/07/23 09:17:01.0808 4360 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
2011/07/23 09:17:01.0902 4360 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2011/07/23 09:17:01.0964 4360 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/23 09:17:02.0089 4360 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2011/07/23 09:17:02.0152 4360 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/23 09:17:02.0214 4360 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2011/07/23 09:17:02.0323 4360 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2011/07/23 09:17:02.0417 4360 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/23 09:17:02.0479 4360 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/23 09:17:02.0557 4360 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys
2011/07/23 09:17:02.0620 4360 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/23 09:17:02.0698 4360 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/23 09:17:02.0729 4360 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2011/07/23 09:17:02.0776 4360 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/23 09:17:02.0838 4360 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2011/07/23 09:17:03.0025 4360 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/07/23 09:17:03.0103 4360 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys
2011/07/23 09:17:03.0259 4360 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/23 09:17:03.0415 4360 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/23 09:17:03.0462 4360 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/23 09:17:03.0509 4360 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/23 09:17:03.0524 4360 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/23 09:17:03.0556 4360 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2011/07/23 09:17:03.0696 4360 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2011/07/23 09:17:03.0712 4360 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/23 09:17:03.0836 4360 mfeapfk (31338e489314ae2a29534fbaa7ad2f1b) C:\windows\system32\drivers\mfeapfk.sys
2011/07/23 09:17:03.0868 4360 mfeavfk (5822e70233218bcf22a65fcea74d012d) C:\windows\system32\drivers\mfeavfk.sys
2011/07/23 09:17:03.0977 4360 mfefirek (5a24e7c834576313d8c5eaf0825da844) C:\windows\system32\drivers\mfefirek.sys
2011/07/23 09:17:04.0086 4360 mfehidk (a2607740bb18d631da01e01dcb81843b) C:\windows\system32\drivers\mfehidk.sys
2011/07/23 09:17:04.0117 4360 mfenlfk (50c3a9d7465d385061c0601deefb5a8e) C:\windows\system32\DRIVERS\mfenlfk.sys
2011/07/23 09:17:04.0148 4360 mferkdet (edf5ee799a0b3ed6dce8bb16a51f3d1f) C:\windows\system32\drivers\mferkdet.sys
2011/07/23 09:17:04.0273 4360 mfewfpk (9182faf9addd5ea6308d155ceb502c6f) C:\windows\system32\drivers\mfewfpk.sys
2011/07/23 09:17:04.0320 4360 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2011/07/23 09:17:04.0382 4360 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2011/07/23 09:17:04.0507 4360 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/23 09:17:04.0554 4360 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/23 09:17:04.0570 4360 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2011/07/23 09:17:04.0616 4360 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2011/07/23 09:17:04.0648 4360 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2011/07/23 09:17:04.0663 4360 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2011/07/23 09:17:04.0710 4360 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/23 09:17:04.0757 4360 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/23 09:17:04.0804 4360 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/23 09:17:04.0850 4360 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2011/07/23 09:17:04.0913 4360 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/23 09:17:05.0006 4360 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2011/07/23 09:17:05.0131 4360 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/23 09:17:05.0178 4360 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/23 09:17:05.0303 4360 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/23 09:17:05.0365 4360 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/23 09:17:05.0381 4360 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2011/07/23 09:17:05.0428 4360 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2011/07/23 09:17:05.0459 4360 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/23 09:17:05.0521 4360 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2011/07/23 09:17:05.0537 4360 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/23 09:17:05.0584 4360 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2011/07/23 09:17:05.0740 4360 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/23 09:17:05.0833 4360 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2011/07/23 09:17:05.0958 4360 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/23 09:17:06.0020 4360 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/23 09:17:06.0098 4360 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/23 09:17:06.0130 4360 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/23 09:17:06.0223 4360 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2011/07/23 09:17:06.0270 4360 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2011/07/23 09:17:06.0286 4360 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2011/07/23 09:17:06.0457 4360 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys
2011/07/23 09:17:06.0660 4360 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/23 09:17:06.0785 4360 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2011/07/23 09:17:06.0816 4360 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2011/07/23 09:17:06.0894 4360 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
2011/07/23 09:17:06.0956 4360 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2011/07/23 09:17:07.0019 4360 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
2011/07/23 09:17:07.0097 4360 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
2011/07/23 09:17:07.0159 4360 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/23 09:17:07.0253 4360 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/23 09:17:07.0315 4360 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2011/07/23 09:17:07.0362 4360 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2011/07/23 09:17:07.0393 4360 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2011/07/23 09:17:07.0440 4360 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2011/07/23 09:17:07.0456 4360 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/23 09:17:07.0487 4360 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2011/07/23 09:17:07.0518 4360 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2011/07/23 09:17:07.0627 4360 Point64 (33328fa8a580885ab0065be6db266e9f) C:\windows\system32\DRIVERS\point64.sys
2011/07/23 09:17:07.0768 4360 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/23 09:17:07.0814 4360 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2011/07/23 09:17:07.0908 4360 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2011/07/23 09:17:08.0017 4360 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/23 09:17:08.0126 4360 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/23 09:17:08.0189 4360 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2011/07/23 09:17:08.0236 4360 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/23 09:17:08.0314 4360 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/23 09:17:08.0345 4360 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/23 09:17:08.0376 4360 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/23 09:17:08.0407 4360 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/23 09:17:08.0438 4360 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/23 09:17:08.0470 4360 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/23 09:17:08.0501 4360 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/23 09:17:08.0548 4360 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\windows\system32\drivers\rdpdr.sys
2011/07/23 09:17:08.0641 4360 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2011/07/23 09:17:08.0657 4360 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2011/07/23 09:17:08.0688 4360 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2011/07/23 09:17:08.0750 4360 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2011/07/23 09:17:08.0891 4360 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
2011/07/23 09:17:08.0984 4360 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/23 09:17:09.0140 4360 RSUSBSTOR (5aab4808e8ccae8c2ecda5b791260616) C:\windows\system32\Drivers\RtsUStor.sys
2011/07/23 09:17:09.0203 4360 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\windows\system32\DRIVERS\Rt64win7.sys
2011/07/23 09:17:09.0343 4360 SASDIFSV (b2a29cc6c019fe738c39037c6218444c) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/07/23 09:17:09.0406 4360 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/07/23 09:17:09.0484 4360 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/23 09:17:09.0515 4360 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/23 09:17:09.0655 4360 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2011/07/23 09:17:09.0764 4360 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\windows\system32\DRIVERS\ser2pl64.sys
2011/07/23 09:17:09.0889 4360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2011/07/23 09:17:10.0030 4360 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2011/07/23 09:17:10.0045 4360 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/23 09:17:10.0108 4360 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
2011/07/23 09:17:10.0186 4360 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
2011/07/23 09:17:10.0264 4360 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\drivers\sffp_sd.sys
2011/07/23 09:17:10.0310 4360 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/23 09:17:10.0388 4360 Sftfs (72cd52403efc137290cb5a328510ebca) C:\windows\system32\DRIVERS\Sftfslh.sys
2011/07/23 09:17:10.0482 4360 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\windows\system32\DRIVERS\Sftplaylh.sys
2011/07/23 09:17:10.0544 4360 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\windows\system32\DRIVERS\Sftredirlh.sys
2011/07/23 09:17:10.0576 4360 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\windows\system32\DRIVERS\Sftvollh.sys
2011/07/23 09:17:10.0716 4360 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/23 09:17:10.0732 4360 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/23 09:17:10.0778 4360 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2011/07/23 09:17:10.0919 4360 snapman (8ac15211eb4bf019aab0022781cc8ad0) C:\windows\system32\DRIVERS\snapman.sys
2011/07/23 09:17:10.0966 4360 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2011/07/23 09:17:11.0044 4360 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
2011/07/23 09:17:11.0075 4360 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
2011/07/23 09:17:11.0122 4360 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/23 09:17:11.0184 4360 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/23 09:17:11.0309 4360 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2011/07/23 09:17:11.0402 4360 Tcpip (61dc720bb065d607d5823f13d2a64321) C:\windows\system32\drivers\tcpip.sys
2011/07/23 09:17:11.0527 4360 TCPIP6 (61dc720bb065d607d5823f13d2a64321) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/23 09:17:11.0636 4360 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2011/07/23 09:17:11.0699 4360 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2011/07/23 09:17:11.0761 4360 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\windows\system32\DRIVERS\tdrpman.sys
2011/07/23 09:17:11.0824 4360 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2011/07/23 09:17:11.0855 4360 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2011/07/23 09:17:11.0870 4360 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2011/07/23 09:17:12.0011 4360 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\windows\system32\DRIVERS\tifsfilt.sys
2011/07/23 09:17:12.0042 4360 timounter (ec4fd4d147985a97e881729e808e6f34) C:\windows\system32\DRIVERS\timntr.sys
2011/07/23 09:17:12.0120 4360 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/23 09:17:12.0182 4360 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/23 09:17:12.0214 4360 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/23 09:17:12.0245 4360 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2011/07/23 09:17:12.0292 4360 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/23 09:17:12.0432 4360 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2011/07/23 09:17:12.0463 4360 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2011/07/23 09:17:12.0619 4360 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/23 09:17:12.0697 4360 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/23 09:17:12.0775 4360 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/23 09:17:12.0838 4360 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/23 09:17:12.0884 4360 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
2011/07/23 09:17:12.0931 4360 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/23 09:17:13.0009 4360 usbser (0f0c72a657c622286013788b886968ad) C:\windows\system32\DRIVERS\usbser.sys
2011/07/23 09:17:13.0040 4360 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/23 09:17:13.0103 4360 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
2011/07/23 09:17:13.0181 4360 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\system32\Drivers\usbvideo.sys
2011/07/23 09:17:13.0259 4360 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/23 09:17:13.0290 4360 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/23 09:17:13.0306 4360 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2011/07/23 09:17:13.0337 4360 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/23 09:17:13.0352 4360 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2011/07/23 09:17:13.0430 4360 vm331avs (4d7427e0212d98cacb81c919e777b909) C:\windows\system32\Drivers\vm331avs.sys
2011/07/23 09:17:13.0508 4360 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/23 09:17:13.0540 4360 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2011/07/23 09:17:13.0571 4360 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/23 09:17:13.0633 4360 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/23 09:17:13.0664 4360 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/23 09:17:13.0680 4360 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/23 09:17:13.0742 4360 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
2011/07/23 09:17:13.0789 4360 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/23 09:17:13.0867 4360 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/23 09:17:13.0898 4360 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/23 09:17:13.0961 4360 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2011/07/23 09:17:13.0992 4360 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2011/07/23 09:17:14.0070 4360 wdmirror (2a444acf7dd446505bcc801f8f6ae5fd) C:\windows\system32\DRIVERS\WDMirror.sys
2011/07/23 09:17:14.0226 4360 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/23 09:17:14.0335 4360 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
2011/07/23 09:17:14.0413 4360 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2011/07/23 09:17:14.0569 4360 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUSB.sys
2011/07/23 09:17:14.0647 4360 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/23 09:17:14.0788 4360 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/23 09:17:14.0897 4360 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys
2011/07/23 09:17:14.0959 4360 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2011/07/23 09:17:15.0022 4360 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/23 09:17:15.0131 4360 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/23 09:17:15.0146 4360 Boot (0x1200) (c7f3615f20a85d95c406cd07a04f9803) \Device\Harddisk0\DR0\Partition0
2011/07/23 09:17:15.0193 4360 Boot (0x1200) (7d1e790fca789a1ad232731d1f118692) \Device\Harddisk0\DR0\Partition1
2011/07/23 09:17:15.0224 4360 Boot (0x1200) (26ad7066fad0f24fc1755221ba7f1a94) \Device\Harddisk0\DR0\Partition2
2011/07/23 09:17:15.0240 4360 ================================================================================
2011/07/23 09:17:15.0240 4360 Scan finished
2011/07/23 09:17:15.0240 4360 ================================================================================
2011/07/23 09:17:15.0240 2812 Detected object count: 0
2011/07/23 09:17:15.0240 2812 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 23 July 2011 - 12:09 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 23 July 2011 - 01:13 PM

Hey Gringo, same results

Blue screen and unable to boot computer. Reverted back to a restored point. Tried it in safe mode, Safe mode with network and same both times

Combofix runs but upon reboot its the blue screen error and have to run system restore to get it operational again.

Not sure why its happening

Edited by glack, 23 July 2011 - 01:14 PM.


#10 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 25 July 2011 - 05:33 PM

48 hr bump

Still wont allow reboot in safe mode. Continues with a Blue screen uppon reboot, continues to attemp to rebot then asks if I want to restore to a previous saved point and such. I have to do the restore or it never reboots to the safe mode, regular mode

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 26 July 2011 - 07:20 AM

Hello

Sorry for the delay


have you tried last known config that worked

when you do the restore do you always use the same restore point?



gringo

Edited by gringo_pr, 26 July 2011 - 07:21 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 26 July 2011 - 08:29 AM

I think it chooses the restore point when doing its restore. It comes up with a system restore or system recover and when selected it runs on its own.

I will run combofix again a little later and write down everything that happens, will get the blue screen error message report as well..Picture or write down the text

will also see if it allows me to select a restore point

Thanks again!!

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:42 AM

Posted 26 July 2011 - 08:32 AM

ok that sounds like a plan



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 26 July 2011 - 01:27 PM

OK, Ran Combo fix in safe mode, Combo fix starts its procedure with setting restore point

Then does its stages 1 thru 50, Then text shows stating its removing several files and goes into system restart
by shutting down and powering back up.

Laptop powers up and the starting windows logo appears, then Blue screen flashes (couldnt get info from it) but did say STOP an error has occured.........and some other lines of text

Screen reappears with Windows error recovery page

2 options

Launch Startup Recovery

start windows normally Selecting this starts the error recovery page again after the blue screen again

Launching the start up recover puts it into a start up repair page and sets it back a few days.
This runs for 10-12 minutes then rebots and all seems fine

Have tried in Safe Mode, Safe mode with networking and normal mode

#15 glack

glack
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Oregon
  • Local time:11:42 PM

Posted 26 July 2011 - 03:05 PM

Not sure if I mentioned this or not

New Lenovo laptop, Win 7 Pro, 64 bit machine




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users