Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal


  • This topic is locked This topic is locked
36 replies to this topic

#1 thermoebia

thermoebia

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 30 April 2012 - 05:59 PM

Hi,

Each time I try to get onto Google, I get redirected to a page that says "Welcome to nginx!". I've read all of the information on your site and gone through the preparation steps. Here is the DDS log. Thanks so much for your help getting rid of this. I appreciate any help you can give me.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tre at 15:37:08 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3893 [GMT -7:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120314145014.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [<NO NAME>]
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\Tre\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B633A733-BA5F-4F7B-9C8F-3C4444F8AA94} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B633A733-BA5F-4F7B-9C8F-3C4444F8AA94}\57E6779627564623 : DhcpNameServer = 192.168.7.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: I Want This: {11111111-1111-1111-1111-110011221158} - C:\Program Files (x86)\I Want This\I Want This.dll
BHO-X64: CrossriderApp0002258 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120314145014.dll
BHO-X64: scriptproxy - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [(Default)]
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
.
=============== Created Last 30 ================
.
2012-04-30 22:31:43 -------- d-----w- C:\ProgramData\McAfee Anti-Theft
2012-04-15 19:15:28 -------- d-----w- C:\Users\Tre\AppData\Roaming\OpenOffice.org
2012-04-12 23:01:35 -------- d-----w- C:\Users\Tre\AppData\Local\Apps
2012-04-12 04:51:14 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 04:51:13 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 04:51:13 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 04:51:13 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 04:51:13 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 04:51:13 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 04:51:13 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-04 02:05:16 -------- d-----w- C:\Program Files (x86)\Common Files\Telespree
2012-04-04 02:04:49 -------- d-----w- C:\Users\Tre\AppData\Local\Hewlett-Packard_Developme
2012-04-04 02:01:48 528384 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-04-04 02:01:47 431616 ----a-w- C:\Windows\System32\stcplx64.dll
2012-04-04 02:01:46 654336 ------w- C:\Windows\System32\stapi64.dll
2012-04-04 02:01:46 1965056 ----a-w- C:\Windows\System32\stapo64.dll
2012-04-04 02:01:23 -------- d-----w- C:\Program Files\IDT
2012-04-03 20:48:36 -------- d-----w- C:\ProgramData\TrueSuite
2012-04-03 15:42:19 -------- d-----w- C:\Users\Tre\AppData\Local\Adobe
2012-04-03 15:36:30 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-04-03 15:32:26 -------- d-----w- C:\Program Files\redist
2012-04-03 15:32:26 -------- d-----w- C:\Program Files\readmes
2012-04-03 15:32:26 -------- d-----w- C:\Program Files\licenses
.
==================== Find3M ====================
.
2012-04-02 23:44:39 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-04-02 23:44:38 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-04-02 23:44:38 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-22 14:27:18 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 20:11:25 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2011-01-18 08:53:32 2994688 ----a-w- C:\Program Files\openofficeorg33.msi
2011-01-18 08:52:10 475016 ----a-w- C:\Program Files\setup.exe
.
============= FINISH: 15:39:33.36 ===============



Here is the Attach DDS log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/14/2012 12:26:18 PM
System Uptime: 4/30/2012 11:54:00 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 358D
Processor: AMD A8-3500M APU with Radeon™ HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 538.281 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 1.62 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.089 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP14: 3/27/2012 8:27:22 AM - Installed HP Support Assistant
RP15: 3/27/2012 8:31:32 AM - Windows Modules Installer
RP16: 3/27/2012 8:32:16 AM - Windows Modules Installer
RP17: 4/2/2012 4:22:07 PM - HPSF Applying updates
RP18: 4/2/2012 4:34:51 PM - Removed HP On Screen Display
RP19: 4/2/2012 4:35:10 PM - Installed HP On Screen Display
RP20: 4/2/2012 4:36:15 PM - Installed Ralink Wireless LAN
RP21: 4/2/2012 4:38:57 PM - Removed HP Power Manager
RP22: 4/2/2012 4:39:16 PM - Installed HP Power Manager
RP23: 4/2/2012 4:40:41 PM - Configured PowerDVD
RP24: 4/3/2012 8:35:12 AM - Installed Java™ 6 Update 22
RP25: 4/3/2012 8:36:03 AM - Installed OpenOffice.org 3.3
RP26: 4/3/2012 6:52:06 PM - HPSF Applying updates
RP27: 4/3/2012 7:03:34 PM - Configured IDT Audio
RP28: 4/3/2012 7:05:38 PM - Removed HP Quick Launch
RP29: 4/3/2012 7:05:58 PM - Installed HP Quick Launch
RP30: 4/11/2012 11:01:24 AM - Scheduled Checkpoint
RP31: 4/11/2012 9:50:58 PM - Windows Update
RP32: 4/19/2012 8:35:44 AM - Scheduled Checkpoint
RP33: 4/26/2012 2:08:24 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD System Monitor
AMD VISION Engine Control Center
Anti-phishing Domain Advisor
Bejeweled 2 Deluxe
Bejeweled 3
Bing Bar
Blackhawk Striker 2
Blasterball 3
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
ESU for Microsoft Windows 7
Evernote v. 4.2.2
Farm Frenzy
FATE - The Traitor Soul
Hewlett-Packard ACLM.NET v1.1.2.0
HP Connection Manager
HP Customer Experience Enhancements
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HP Support Assistant
I Want This
IDT Audio
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
Junk Mail filter update
Magic Desktop
Mah Jong Medley
McAfee Total Protection
Mesh Runtime
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
OpenOffice.org 3.3
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Slingo Supreme
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== End Of File ===========================

Attached Files


Edited by thermoebia, 30 April 2012 - 07:00 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 01 May 2012 - 12:40 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 May 2012 - 09:01 PM

Thanks Gringo. I'll run these and post.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 01 May 2012 - 11:14 PM

ok I will be around most of the night


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 May 2012 - 11:20 PM

Here are the contents of the Security Check notepad document and the log from ComboFix. When I ran ComboFix, the only issues I faced were that it was really, really slow and when it was done, I ran into the files for deletion message and had to reboot. Not a big deal. It is a disappointment that my laptop is still being redirected to the "Welcome to Nginx!" page when I try to get onto Google. When I click onto the iGoogle tab on my toolbar, however, I can get onto that. I look forward to your advice on next steps. Thanks!

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Total Protection
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 22
Java™ 6 Update 31
Java version out of date!
Adobe Reader X (10.1.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


ComboFix 12-05-01.03 - Tre 05/01/2012 20:00:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.4251 [GMT -7:00]
Running from: c:\users\Tre\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 03:15 . 2012-05-02 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 04:02 . 2012-05-01 04:02 -------- d-----w- c:\users\Tre\AppData\Roaming\Malwarebytes
2012-05-01 04:02 . 2012-05-01 04:02 -------- d-----w- c:\programdata\Malwarebytes
2012-05-01 04:02 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 04:02 . 2012-05-01 04:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-30 22:31 . 2012-04-30 22:31 -------- d-----w- c:\programdata\McAfee Anti-Theft
2012-04-15 19:15 . 2012-04-15 19:15 -------- d-----w- c:\users\Tre\AppData\Roaming\OpenOffice.org
2012-04-12 23:01 . 2012-04-12 23:01 -------- d-----w- c:\users\Tre\AppData\Local\Apps
2012-04-12 04:51 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:51 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:51 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:51 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:51 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 04:51 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 04:51 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 02:05 . 2012-04-04 02:05 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-04-04 02:04 . 2012-04-04 02:04 -------- d-----w- c:\users\Tre\AppData\Local\Hewlett-Packard_Developme
2012-04-04 02:01 . 2012-04-04 02:00 528384 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-04-04 02:01 . 2012-04-04 02:00 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-04-04 02:01 . 2012-04-04 02:00 654336 ------w- c:\windows\system32\stapi64.dll
2012-04-04 02:01 . 2012-04-04 02:00 1965056 ----a-w- c:\windows\system32\stapo64.dll
2012-04-04 02:01 . 2012-04-04 02:03 -------- d-----w- c:\program files\IDT
2012-04-03 20:48 . 2012-04-03 20:48 -------- d-----w- c:\programdata\TrueSuite
2012-04-03 15:42 . 2012-04-03 15:42 -------- d-----w- c:\users\Tre\AppData\Local\Adobe
2012-04-03 15:36 . 2012-04-03 15:36 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-04-03 15:32 . 2012-04-03 15:32 -------- d-----w- c:\program files\redist
2012-04-03 15:32 . 2012-04-03 15:32 -------- d-----w- c:\program files\readmes
2012-04-03 15:32 . 2012-04-03 15:32 -------- d-----w- c:\program files\licenses
2012-04-02 23:35 . 2012-04-02 23:35 -------- d-----w- c:\users\Tre\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 02:00 . 2011-06-08 18:00 1128448 ----a-w- c:\windows\sttray64.exe
2012-04-04 02:00 . 2011-06-08 18:00 4779520 ----a-w- c:\windows\system32\stlang64.dll
2012-04-04 02:00 . 2011-06-08 17:59 224256 ----a-w- c:\windows\system32\staco64.dll
2012-04-04 02:00 . 2011-06-08 18:00 6382080 ----a-w- c:\windows\system32\IDTNGUI.exe
2012-04-04 02:00 . 2011-06-08 18:00 4933120 ----a-w- c:\windows\system32\IDTNHP.dll
2012-04-04 02:00 . 2011-06-08 18:00 212480 ----a-w- c:\windows\system32\IDTNJ.exe
2012-04-04 02:00 . 2011-06-08 18:00 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-04-04 02:00 . 2011-06-08 18:00 1029120 ----a-w- c:\windows\system32\IDTNX.dll
2012-04-04 02:00 . 2011-06-08 18:00 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-04-04 02:00 . 2011-06-08 18:00 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-04-04 02:00 . 2011-06-08 18:00 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-04-04 02:00 . 2011-06-08 18:00 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-04-04 02:00 . 2011-06-08 18:00 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2012-04-02 23:44 . 2011-06-08 18:14 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-04-02 23:44 . 2003-03-19 03:14 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-02 23:44 . 2003-02-21 11:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-22 14:27 . 2012-03-22 14:27 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-14 20:11 . 2011-04-29 00:39 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-14 19:48 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-17 06:38 . 2012-03-14 19:43 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 19:43 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 19:43 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 19:43 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 16:13 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 16:13 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-15 16:13 3145728 ----a-w- c:\windows\system32\win32k.sys
2011-01-18 08:53 . 2011-01-18 08:53 2994688 ----a-w- c:\program files\openofficeorg33.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-02-21 232616]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-04-02 75048]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-05-23 103992]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-07-11 574008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2012/04/02 16:48;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-02-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-05-23 1098296]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-01-28 225216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-04-04 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-02 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-07-11 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-12-07 208536]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\HPCeeScheduleForTRE-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForTre.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"McPvTray_exe"="c:\program files\McAfee\MAT\McPvTray.exe" [2011-04-08 436384]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-04 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Completion time: 2012-05-01 20:40:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 03:40
.
Pre-Run: 579,272,282,112 bytes free
Post-Run: 579,499,266,048 bytes free
.
- - End Of File - - 25DDE04BEC3F08E6D144D501D05EE667


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 01 May 2012 - 11:23 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 01 May 2012 - 11:27 PM

Hi,

Do I need to close/disable anti-virus and anti-malware programs with these?

Thanks.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 01 May 2012 - 11:42 PM

yes anytime you are doing an active scan shut down your antivirus



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 02 May 2012 - 12:13 PM

Hey Gringo,


TDSSKiller log:

09:06:27.0967 3080 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:06:29.0074 3080 ============================================================
09:06:29.0074 3080 Current date / time: 2012/05/02 09:06:29.0074
09:06:29.0074 3080 SystemInfo:
09:06:29.0074 3080
09:06:29.0074 3080 OS Version: 6.1.7601 ServicePack: 1.0
09:06:29.0074 3080 Product type: Workstation
09:06:29.0074 3080 ComputerName: TRE-HP
09:06:29.0074 3080 UserName: Tre
09:06:29.0074 3080 Windows directory: C:\Windows
09:06:29.0074 3080 System windows directory: C:\Windows
09:06:29.0074 3080 Running under WOW64
09:06:29.0074 3080 Processor architecture: Intel x64
09:06:29.0074 3080 Number of processors: 4
09:06:29.0074 3080 Page size: 0x1000
09:06:29.0074 3080 Boot type: Normal boot
09:06:29.0074 3080 ============================================================
09:06:30.0041 3080 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:06:30.0041 3080 ============================================================
09:06:30.0041 3080 \Device\Harddisk0\DR0:
09:06:30.0041 3080 MBR partitions:
09:06:30.0041 3080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:06:30.0041 3080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48A95800
09:06:30.0041 3080 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x48AF9800, BlocksNum 0x1D2A800
09:06:30.0041 3080 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
09:06:30.0041 3080 ============================================================
09:06:30.0057 3080 C: <-> \Device\Harddisk0\DR0\Partition1
09:06:30.0119 3080 D: <-> \Device\Harddisk0\DR0\Partition2
09:06:30.0135 3080 F: <-> \Device\Harddisk0\DR0\Partition3
09:06:30.0135 3080 ============================================================
09:06:30.0135 3080 Initialize success
09:06:30.0135 3080 ============================================================
09:06:36.0453 4188 ============================================================
09:06:36.0453 4188 Scan started
09:06:36.0453 4188 Mode: Manual;
09:06:36.0453 4188 ============================================================
09:06:37.0997 4188 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:06:37.0997 4188 1394ohci - ok
09:06:38.0060 4188 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
09:06:38.0075 4188 Accelerometer - ok
09:06:38.0169 4188 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:06:38.0185 4188 ACPI - ok
09:06:38.0231 4188 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:06:38.0231 4188 AcpiPmi - ok
09:06:38.0465 4188 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:06:38.0465 4188 AdobeARMservice - ok
09:06:38.0528 4188 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:06:38.0543 4188 adp94xx - ok
09:06:38.0606 4188 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:06:38.0606 4188 adpahci - ok
09:06:38.0653 4188 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:06:38.0653 4188 adpu320 - ok
09:06:38.0684 4188 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:06:38.0684 4188 AeLookupSvc - ok
09:06:38.0762 4188 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
09:06:38.0777 4188 AESTFilters - ok
09:06:38.0840 4188 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:06:38.0855 4188 AFD - ok
09:06:38.0887 4188 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:06:38.0902 4188 agp440 - ok
09:06:38.0918 4188 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:06:38.0933 4188 ALG - ok
09:06:38.0949 4188 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:06:38.0949 4188 aliide - ok
09:06:39.0011 4188 AMD External Events Utility (3de8dc285540733818588cc94e7fc96e) C:\Windows\system32\atiesrxx.exe
09:06:39.0011 4188 AMD External Events Utility - ok
09:06:39.0027 4188 AMD FUEL Service - ok
09:06:39.0074 4188 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
09:06:39.0074 4188 amdhub30 - ok
09:06:39.0105 4188 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:06:39.0121 4188 amdide - ok
09:06:39.0152 4188 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
09:06:39.0152 4188 amdiox64 - ok
09:06:39.0199 4188 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:06:39.0199 4188 AmdK8 - ok
09:06:39.0901 4188 amdkmdag (42d53daf85f948c39ce1351a8f5b5808) C:\Windows\system32\DRIVERS\atikmdag.sys
09:06:40.0103 4188 amdkmdag - ok
09:06:40.0275 4188 amdkmdap (75182b5784015b271932088551616a96) C:\Windows\system32\DRIVERS\atikmpag.sys
09:06:40.0275 4188 amdkmdap - ok
09:06:40.0322 4188 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
09:06:40.0322 4188 AmdPPM - ok
09:06:40.0369 4188 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:06:40.0369 4188 amdsata - ok
09:06:40.0400 4188 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:06:40.0400 4188 amdsbs - ok
09:06:40.0447 4188 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:06:40.0447 4188 amdxata - ok
09:06:40.0493 4188 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
09:06:40.0509 4188 amdxhc - ok
09:06:40.0525 4188 amd_sata (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
09:06:40.0525 4188 amd_sata - ok
09:06:40.0556 4188 amd_xata (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
09:06:40.0556 4188 amd_xata - ok
09:06:40.0603 4188 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:06:40.0603 4188 AppID - ok
09:06:40.0634 4188 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:06:40.0634 4188 AppIDSvc - ok
09:06:40.0665 4188 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:06:40.0665 4188 Appinfo - ok
09:06:40.0727 4188 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:06:40.0727 4188 arc - ok
09:06:40.0759 4188 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:06:40.0759 4188 arcsas - ok
09:06:40.0852 4188 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
09:06:40.0852 4188 aspnet_state - ok
09:06:40.0883 4188 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:06:40.0883 4188 AsyncMac - ok
09:06:40.0930 4188 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:06:40.0930 4188 atapi - ok
09:06:41.0008 4188 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
09:06:41.0008 4188 AtiHDAudioService - ok
09:06:41.0117 4188 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:06:41.0117 4188 AudioEndpointBuilder - ok
09:06:41.0133 4188 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:06:41.0149 4188 AudioSrv - ok
09:06:41.0195 4188 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:06:41.0195 4188 AxInstSV - ok
09:06:41.0258 4188 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:06:41.0273 4188 b06bdrv - ok
09:06:41.0336 4188 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:06:41.0336 4188 b57nd60a - ok
09:06:41.0429 4188 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
09:06:41.0429 4188 BBSvc - ok
09:06:41.0570 4188 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:06:41.0585 4188 BCM43XX - ok
09:06:41.0632 4188 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:06:41.0632 4188 BDESVC - ok
09:06:41.0695 4188 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:06:41.0695 4188 Beep - ok
09:06:41.0788 4188 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:06:41.0804 4188 BFE - ok
09:06:41.0882 4188 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:06:41.0897 4188 BITS - ok
09:06:41.0960 4188 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
09:06:41.0960 4188 blbdrive - ok
09:06:42.0007 4188 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:06:42.0007 4188 bowser - ok
09:06:42.0038 4188 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:06:42.0038 4188 BrFiltLo - ok
09:06:42.0038 4188 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:06:42.0053 4188 BrFiltUp - ok
09:06:42.0085 4188 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:06:42.0085 4188 BridgeMP - ok
09:06:42.0163 4188 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:06:42.0163 4188 Browser - ok
09:06:42.0209 4188 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:06:42.0209 4188 Brserid - ok
09:06:42.0225 4188 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:06:42.0225 4188 BrSerWdm - ok
09:06:42.0241 4188 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:06:42.0241 4188 BrUsbMdm - ok
09:06:42.0256 4188 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:06:42.0256 4188 BrUsbSer - ok
09:06:42.0256 4188 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:06:42.0256 4188 BTHMODEM - ok
09:06:42.0303 4188 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:06:42.0303 4188 bthserv - ok
09:06:42.0319 4188 catchme - ok
09:06:42.0365 4188 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:06:42.0365 4188 cdfs - ok
09:06:42.0412 4188 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:06:42.0412 4188 cdrom - ok
09:06:42.0443 4188 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:06:42.0459 4188 CertPropSvc - ok
09:06:42.0490 4188 cfwids (ed0263b2eb24f0f4e3898036fa1d28a1) C:\Windows\system32\drivers\cfwids.sys
09:06:42.0490 4188 cfwids - ok
09:06:42.0537 4188 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
09:06:42.0537 4188 circlass - ok
09:06:42.0584 4188 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:06:42.0599 4188 CLFS - ok
09:06:42.0724 4188 CLKMSVC10_38F51D56 (524dc3807cb1746225f9d26add19c319) C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
09:06:42.0740 4188 CLKMSVC10_38F51D56 - ok
09:06:42.0802 4188 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:06:42.0802 4188 clr_optimization_v2.0.50727_32 - ok
09:06:42.0865 4188 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:06:42.0880 4188 clr_optimization_v2.0.50727_64 - ok
09:06:42.0943 4188 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:06:42.0958 4188 clr_optimization_v4.0.30319_32 - ok
09:06:43.0036 4188 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:06:43.0036 4188 clr_optimization_v4.0.30319_64 - ok
09:06:43.0239 4188 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
09:06:43.0255 4188 clwvd - ok
09:06:43.0286 4188 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
09:06:43.0286 4188 CmBatt - ok
09:06:43.0301 4188 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:06:43.0317 4188 cmdide - ok
09:06:43.0395 4188 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:06:43.0395 4188 CNG - ok
09:06:43.0442 4188 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:06:43.0442 4188 Compbatt - ok
09:06:43.0473 4188 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:06:43.0473 4188 CompositeBus - ok
09:06:43.0489 4188 COMSysApp - ok
09:06:43.0504 4188 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:06:43.0504 4188 crcdisk - ok
09:06:43.0567 4188 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:06:43.0567 4188 CryptSvc - ok
09:06:43.0598 4188 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys
09:06:43.0598 4188 dc3d - ok
09:06:43.0676 4188 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:06:43.0691 4188 DcomLaunch - ok
09:06:43.0738 4188 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:06:43.0754 4188 defragsvc - ok
09:06:43.0785 4188 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:06:43.0801 4188 DfsC - ok
09:06:43.0863 4188 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:06:43.0879 4188 Dhcp - ok
09:06:43.0894 4188 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:06:43.0910 4188 discache - ok
09:06:43.0957 4188 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:06:43.0957 4188 Disk - ok
09:06:44.0019 4188 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:06:44.0019 4188 Dnscache - ok
09:06:44.0050 4188 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:06:44.0066 4188 dot3svc - ok
09:06:44.0097 4188 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:06:44.0097 4188 DPS - ok
09:06:44.0144 4188 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:06:44.0144 4188 drmkaud - ok
09:06:44.0237 4188 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:06:44.0253 4188 DXGKrnl - ok
09:06:44.0284 4188 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:06:44.0300 4188 EapHost - ok
09:06:44.0549 4188 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:06:44.0627 4188 ebdrv - ok
09:06:44.0737 4188 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:06:44.0737 4188 EFS - ok
09:06:44.0846 4188 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:06:44.0861 4188 ehRecvr - ok
09:06:44.0893 4188 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:06:44.0893 4188 ehSched - ok
09:06:45.0002 4188 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:06:45.0017 4188 elxstor - ok
09:06:45.0017 4188 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:06:45.0017 4188 ErrDev - ok
09:06:45.0095 4188 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:06:45.0111 4188 EventSystem - ok
09:06:45.0158 4188 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:06:45.0158 4188 exfat - ok
09:06:45.0173 4188 ezSharedSvc - ok
09:06:45.0220 4188 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:06:45.0220 4188 fastfat - ok
09:06:45.0314 4188 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:06:45.0329 4188 Fax - ok
09:06:45.0345 4188 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:06:45.0345 4188 fdc - ok
09:06:45.0392 4188 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:06:45.0392 4188 fdPHost - ok
09:06:45.0407 4188 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:06:45.0407 4188 FDResPub - ok
09:06:45.0439 4188 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:06:45.0439 4188 FileInfo - ok
09:06:45.0454 4188 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:06:45.0454 4188 Filetrace - ok
09:06:45.0485 4188 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:06:45.0485 4188 flpydisk - ok
09:06:45.0532 4188 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:06:45.0532 4188 FltMgr - ok
09:06:45.0641 4188 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:06:45.0657 4188 FontCache - ok
09:06:45.0735 4188 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:06:45.0751 4188 FontCache3.0.0.0 - ok
09:06:45.0844 4188 FPLService (6aa4e6b4ea50620ab622a048394c4aa2) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
09:06:45.0860 4188 FPLService - ok
09:06:45.0938 4188 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:06:45.0938 4188 FsDepends - ok
09:06:45.0985 4188 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:06:45.0985 4188 Fs_Rec - ok
09:06:46.0031 4188 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:06:46.0031 4188 fvevol - ok
09:06:46.0063 4188 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:06:46.0063 4188 gagp30kx - ok
09:06:46.0109 4188 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
09:06:46.0125 4188 GamesAppService - ok
09:06:46.0203 4188 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:06:46.0219 4188 gpsvc - ok
09:06:46.0265 4188 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:06:46.0265 4188 hcw85cir - ok
09:06:46.0328 4188 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:06:46.0328 4188 HdAudAddService - ok
09:06:46.0359 4188 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:06:46.0359 4188 HDAudBus - ok
09:06:46.0390 4188 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:06:46.0390 4188 HidBatt - ok
09:06:46.0406 4188 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:06:46.0406 4188 HidBth - ok
09:06:46.0421 4188 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:06:46.0421 4188 HidIr - ok
09:06:46.0453 4188 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:06:46.0453 4188 hidserv - ok
09:06:46.0499 4188 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:06:46.0499 4188 HidUsb - ok
09:06:46.0546 4188 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:06:46.0546 4188 hkmsvc - ok
09:06:46.0593 4188 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:06:46.0593 4188 HomeGroupListener - ok
09:06:46.0640 4188 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:06:46.0640 4188 HomeGroupProvider - ok
09:06:46.0733 4188 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:06:46.0733 4188 HP Support Assistant Service - ok
09:06:46.0843 4188 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
09:06:46.0858 4188 HPAuto - ok
09:06:46.0905 4188 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:06:46.0905 4188 HPClientSvc - ok
09:06:47.0030 4188 hpCMSrv (c5d2f308e1c12a5c328ef549696dbc05) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
09:06:47.0045 4188 hpCMSrv - ok
09:06:47.0108 4188 HPDrvMntSvc.exe (b19ff523b533a3f198b9239e1749c940) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:06:47.0108 4188 HPDrvMntSvc.exe - ok
09:06:47.0248 4188 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
09:06:47.0248 4188 hpdskflt - ok
09:06:47.0373 4188 hpqwmiex (01091b900e15878b4434f9c726c4541d) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:06:47.0389 4188 hpqwmiex - ok
09:06:47.0435 4188 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:06:47.0435 4188 HpSAMD - ok
09:06:47.0467 4188 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
09:06:47.0467 4188 hpsrv - ok
09:06:47.0529 4188 HPWMISVC (491ce9b6321fb74e4b37af2c47f98434) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:06:47.0529 4188 HPWMISVC - ok
09:06:47.0607 4188 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:06:47.0623 4188 HTTP - ok
09:06:47.0654 4188 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:06:47.0654 4188 hwpolicy - ok
09:06:47.0685 4188 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:06:47.0685 4188 i8042prt - ok
09:06:47.0747 4188 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:06:47.0763 4188 iaStorV - ok
09:06:48.0013 4188 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:06:48.0028 4188 IconMan_R - ok
09:06:48.0200 4188 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:06:48.0215 4188 idsvc - ok
09:06:48.0325 4188 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:06:48.0325 4188 iirsp - ok
09:06:48.0403 4188 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:06:48.0418 4188 IKEEXT - ok
09:06:48.0449 4188 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:06:48.0449 4188 intelide - ok
09:06:48.0465 4188 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
09:06:48.0465 4188 intelppm - ok
09:06:48.0496 4188 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:06:48.0496 4188 IPBusEnum - ok
09:06:48.0543 4188 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:06:48.0543 4188 IpFilterDriver - ok
09:06:48.0621 4188 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:06:48.0637 4188 iphlpsvc - ok
09:06:48.0652 4188 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:06:48.0652 4188 IPMIDRV - ok
09:06:48.0668 4188 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:06:48.0668 4188 IPNAT - ok
09:06:48.0699 4188 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:06:48.0699 4188 IRENUM - ok
09:06:48.0715 4188 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:06:48.0715 4188 isapnp - ok
09:06:48.0746 4188 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:06:48.0746 4188 iScsiPrt - ok
09:06:48.0777 4188 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:06:48.0777 4188 kbdclass - ok
09:06:48.0808 4188 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
09:06:48.0808 4188 kbdhid - ok
09:06:48.0855 4188 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:06:48.0855 4188 KeyIso - ok
09:06:48.0871 4188 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:06:48.0871 4188 KSecDD - ok
09:06:48.0902 4188 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:06:48.0902 4188 KSecPkg - ok
09:06:48.0933 4188 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:06:48.0949 4188 ksthunk - ok
09:06:48.0995 4188 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:06:49.0011 4188 KtmRm - ok
09:06:49.0073 4188 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:06:49.0073 4188 LanmanServer - ok
09:06:49.0136 4188 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:06:49.0136 4188 LanmanWorkstation - ok
09:06:49.0198 4188 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:06:49.0198 4188 lltdio - ok
09:06:49.0245 4188 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:06:49.0261 4188 lltdsvc - ok
09:06:49.0276 4188 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:06:49.0276 4188 lmhosts - ok
09:06:49.0323 4188 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:06:49.0323 4188 LSI_FC - ok
09:06:49.0339 4188 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:06:49.0339 4188 LSI_SAS - ok
09:06:49.0354 4188 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:06:49.0354 4188 LSI_SAS2 - ok
09:06:49.0370 4188 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:06:49.0370 4188 LSI_SCSI - ok
09:06:49.0401 4188 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:06:49.0417 4188 luafv - ok
09:06:49.0448 4188 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:06:49.0448 4188 MBAMProtector - ok
09:06:49.0604 4188 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:06:49.0604 4188 MBAMService - ok
09:06:49.0697 4188 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0697 4188 McAfee SiteAdvisor Service - ok
09:06:49.0760 4188 McAWFwk (f48571922079bbab289c57bafefe88f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe
09:06:49.0775 4188 McAWFwk - ok
09:06:49.0791 4188 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0791 4188 McMPFSvc - ok
09:06:49.0807 4188 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0807 4188 mcmscsvc - ok
09:06:49.0822 4188 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0822 4188 McNaiAnn - ok
09:06:49.0838 4188 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0838 4188 McNASvc - ok
09:06:49.0916 4188 McODS (b3914a7c97a81acb1e9befe07e4c387f) C:\Program Files\McAfee\VirusScan\mcods.exe
09:06:49.0916 4188 McODS - ok
09:06:49.0931 4188 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0931 4188 McOobeSv - ok
09:06:49.0931 4188 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:49.0947 4188 McProxy - ok
09:06:50.0072 4188 McPvDrv (a0c364079e7ae6c3127bee8e196f00e5) C:\Windows\system32\drivers\McPvDrv.sys
09:06:50.0072 4188 McPvDrv - ok
09:06:50.0134 4188 McShield (4a463d645b48bb487ca7df12ba5d1602) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
09:06:50.0134 4188 McShield - ok
09:06:50.0165 4188 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:06:50.0165 4188 Mcx2Svc - ok
09:06:50.0197 4188 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:06:50.0197 4188 megasas - ok
09:06:50.0228 4188 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:06:50.0228 4188 MegaSR - ok
09:06:50.0275 4188 mfeapfk (ef3acfb7e3f82d5f7cde9ef5f0a4e2e2) C:\Windows\system32\drivers\mfeapfk.sys
09:06:50.0275 4188 mfeapfk - ok
09:06:50.0353 4188 mfeavfk (e7a60bdb4365b561d896019b82fb7dd0) C:\Windows\system32\drivers\mfeavfk.sys
09:06:50.0353 4188 mfeavfk - ok
09:06:50.0399 4188 mfeavfk01 - ok
09:06:50.0462 4188 mfefire (c53b7aba204d9f7e9568ec147a1485c5) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
09:06:50.0462 4188 mfefire - ok
09:06:50.0524 4188 mfefirek (670dffe55e2f9ab99d9169c428bcece9) C:\Windows\system32\drivers\mfefirek.sys
09:06:50.0540 4188 mfefirek - ok
09:06:50.0602 4188 mfehidk (1892616b7f9291fd77c3fa0a5811fe9f) C:\Windows\system32\drivers\mfehidk.sys
09:06:50.0618 4188 mfehidk - ok
09:06:50.0649 4188 mfenlfk (1721261c77f6e7a9e0cb51b7d9f31b60) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:06:50.0649 4188 mfenlfk - ok
09:06:50.0680 4188 mferkdet (65776bd8029e409935b90de30bf99526) C:\Windows\system32\drivers\mferkdet.sys
09:06:50.0680 4188 mferkdet - ok
09:06:50.0743 4188 mfevtp (8f3b3c3625e3aaa11d6d4db8423e1721) C:\Windows\system32\mfevtps.exe
09:06:50.0758 4188 mfevtp - ok
09:06:50.0805 4188 mfewfpk (4f17d8b85b903d96ef7033bb6ef50516) C:\Windows\system32\drivers\mfewfpk.sys
09:06:50.0805 4188 mfewfpk - ok
09:06:50.0836 4188 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:06:50.0836 4188 MMCSS - ok
09:06:50.0867 4188 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:06:50.0883 4188 Modem - ok
09:06:50.0899 4188 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:06:50.0899 4188 monitor - ok
09:06:50.0945 4188 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:06:50.0945 4188 mouclass - ok
09:06:50.0977 4188 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:06:50.0977 4188 mouhid - ok
09:06:51.0023 4188 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:06:51.0039 4188 mountmgr - ok
09:06:51.0070 4188 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:06:51.0070 4188 mpio - ok
09:06:51.0117 4188 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:06:51.0117 4188 mpsdrv - ok
09:06:51.0242 4188 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:06:51.0257 4188 MpsSvc - ok
09:06:51.0289 4188 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:06:51.0289 4188 MRxDAV - ok
09:06:51.0320 4188 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:06:51.0335 4188 mrxsmb - ok
09:06:51.0367 4188 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:06:51.0367 4188 mrxsmb10 - ok
09:06:51.0398 4188 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:06:51.0398 4188 mrxsmb20 - ok
09:06:51.0429 4188 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:06:51.0429 4188 msahci - ok
09:06:51.0460 4188 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:06:51.0460 4188 msdsm - ok
09:06:51.0491 4188 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:06:51.0507 4188 MSDTC - ok
09:06:51.0538 4188 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:06:51.0538 4188 Msfs - ok
09:06:51.0554 4188 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:06:51.0554 4188 mshidkmdf - ok
09:06:51.0569 4188 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:06:51.0569 4188 msisadrv - ok
09:06:51.0616 4188 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:06:51.0616 4188 MSiSCSI - ok
09:06:51.0632 4188 msiserver - ok
09:06:51.0710 4188 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
09:06:51.0710 4188 MSK80Service - ok
09:06:51.0757 4188 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:06:51.0757 4188 MSKSSRV - ok
09:06:51.0772 4188 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:06:51.0772 4188 MSPCLOCK - ok
09:06:51.0772 4188 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:06:51.0772 4188 MSPQM - ok
09:06:51.0819 4188 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:06:51.0819 4188 MsRPC - ok
09:06:51.0835 4188 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:06:51.0835 4188 mssmbios - ok
09:06:51.0866 4188 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:06:51.0866 4188 MSTEE - ok
09:06:51.0881 4188 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:06:51.0881 4188 MTConfig - ok
09:06:51.0897 4188 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:06:51.0897 4188 Mup - ok
09:06:51.0959 4188 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:06:51.0975 4188 napagent - ok
09:06:52.0037 4188 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:06:52.0053 4188 NativeWifiP - ok
09:06:52.0131 4188 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:06:52.0147 4188 NDIS - ok
09:06:52.0178 4188 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:06:52.0178 4188 NdisCap - ok
09:06:52.0209 4188 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:06:52.0209 4188 NdisTapi - ok
09:06:52.0256 4188 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:06:52.0256 4188 Ndisuio - ok
09:06:52.0287 4188 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:06:52.0287 4188 NdisWan - ok
09:06:52.0334 4188 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:06:52.0334 4188 NDProxy - ok
09:06:52.0349 4188 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:06:52.0365 4188 NetBIOS - ok
09:06:52.0412 4188 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:06:52.0412 4188 NetBT - ok
09:06:52.0459 4188 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:06:52.0459 4188 Netlogon - ok
09:06:52.0537 4188 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:06:52.0537 4188 Netman - ok
09:06:52.0630 4188 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:06:52.0630 4188 NetMsmqActivator - ok
09:06:52.0646 4188 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:06:52.0646 4188 NetPipeActivator - ok
09:06:52.0724 4188 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:06:52.0739 4188 netprofm - ok
09:06:52.0895 4188 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys
09:06:52.0927 4188 netr28x - ok
09:06:53.0036 4188 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:06:53.0036 4188 NetTcpActivator - ok
09:06:53.0051 4188 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
09:06:53.0051 4188 NetTcpPortSharing - ok
09:06:53.0161 4188 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:06:53.0161 4188 nfrd960 - ok
09:06:53.0223 4188 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:06:53.0239 4188 NlaSvc - ok
09:06:53.0254 4188 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:06:53.0254 4188 Npfs - ok
09:06:53.0270 4188 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:06:53.0285 4188 nsi - ok
09:06:53.0301 4188 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:06:53.0317 4188 nsiproxy - ok
09:06:53.0457 4188 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:06:53.0488 4188 Ntfs - ok
09:06:53.0597 4188 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:06:53.0597 4188 Null - ok
09:06:53.0660 4188 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
09:06:53.0675 4188 NVENETFD - ok
09:06:53.0722 4188 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:06:53.0722 4188 nvraid - ok
09:06:53.0753 4188 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:06:53.0769 4188 nvstor - ok
09:06:53.0800 4188 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:06:53.0800 4188 nv_agp - ok
09:06:53.0816 4188 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:06:53.0816 4188 ohci1394 - ok
09:06:53.0863 4188 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:06:53.0878 4188 p2pimsvc - ok
09:06:53.0941 4188 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:06:53.0941 4188 p2psvc - ok
09:06:53.0987 4188 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:06:53.0987 4188 Parport - ok
09:06:54.0019 4188 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:06:54.0019 4188 partmgr - ok
09:06:54.0065 4188 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:06:54.0081 4188 PcaSvc - ok
09:06:54.0097 4188 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:06:54.0112 4188 pci - ok
09:06:54.0128 4188 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:06:54.0143 4188 pciide - ok
09:06:54.0175 4188 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:06:54.0175 4188 pcmcia - ok
09:06:54.0206 4188 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:06:54.0206 4188 pcw - ok
09:06:54.0284 4188 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:06:54.0299 4188 PEAUTH - ok
09:06:54.0393 4188 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:06:54.0393 4188 PerfHost - ok
09:06:54.0518 4188 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:06:54.0549 4188 pla - ok
09:06:54.0643 4188 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:06:54.0643 4188 PlugPlay - ok
09:06:54.0674 4188 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:06:54.0689 4188 PNRPAutoReg - ok
09:06:54.0721 4188 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:06:54.0721 4188 PNRPsvc - ok
09:06:54.0799 4188 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
09:06:54.0799 4188 Point64 - ok
09:06:54.0861 4188 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:06:54.0877 4188 PolicyAgent - ok
09:06:54.0923 4188 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:06:54.0923 4188 Power - ok
09:06:54.0970 4188 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:06:54.0986 4188 PptpMiniport - ok
09:06:55.0001 4188 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:06:55.0001 4188 Processor - ok
09:06:55.0048 4188 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:06:55.0048 4188 ProfSvc - ok
09:06:55.0079 4188 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:06:55.0079 4188 ProtectedStorage - ok
09:06:55.0142 4188 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:06:55.0157 4188 Psched - ok
09:06:55.0313 4188 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:06:55.0345 4188 ql2300 - ok
09:06:55.0469 4188 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:06:55.0469 4188 ql40xx - ok
09:06:55.0516 4188 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:06:55.0532 4188 QWAVE - ok
09:06:55.0547 4188 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:06:55.0563 4188 QWAVEdrv - ok
09:06:55.0579 4188 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:06:55.0579 4188 RasAcd - ok
09:06:55.0610 4188 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:06:55.0610 4188 RasAgileVpn - ok
09:06:55.0672 4188 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:06:55.0672 4188 RasAuto - ok
09:06:55.0719 4188 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:06:55.0735 4188 Rasl2tp - ok
09:06:55.0797 4188 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:06:55.0813 4188 RasMan - ok
09:06:55.0844 4188 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:06:55.0844 4188 RasPppoe - ok
09:06:55.0875 4188 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:06:55.0891 4188 RasSstp - ok
09:06:55.0922 4188 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:06:55.0922 4188 rdbss - ok
09:06:55.0937 4188 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
09:06:55.0953 4188 rdpbus - ok
09:06:55.0953 4188 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:06:55.0953 4188 RDPCDD - ok
09:06:55.0984 4188 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:06:56.0000 4188 RDPENCDD - ok
09:06:56.0015 4188 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:06:56.0015 4188 RDPREFMP - ok
09:06:56.0047 4188 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:06:56.0062 4188 RDPWD - ok
09:06:56.0109 4188 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:06:56.0109 4188 rdyboost - ok
09:06:56.0156 4188 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:06:56.0156 4188 RemoteAccess - ok
09:06:56.0203 4188 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:06:56.0218 4188 RemoteRegistry - ok
09:06:56.0312 4188 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
09:06:56.0312 4188 RoxioNow Service - ok
09:06:56.0343 4188 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:06:56.0359 4188 RpcEptMapper - ok
09:06:56.0374 4188 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:06:56.0374 4188 RpcLocator - ok
09:06:56.0437 4188 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:06:56.0452 4188 RpcSs - ok
09:06:56.0530 4188 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
09:06:56.0546 4188 RSPCIESTOR - ok
09:06:56.0577 4188 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:06:56.0593 4188 rspndr - ok
09:06:56.0671 4188 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:06:56.0686 4188 RTL8167 - ok
09:06:56.0717 4188 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:06:56.0717 4188 SamSs - ok
09:06:56.0749 4188 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:06:56.0749 4188 sbp2port - ok
09:06:56.0780 4188 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:06:56.0795 4188 SCardSvr - ok
09:06:56.0827 4188 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:06:56.0827 4188 scfilter - ok
09:06:56.0936 4188 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:06:56.0967 4188 Schedule - ok
09:06:56.0998 4188 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:06:57.0014 4188 SCPolicySvc - ok
09:06:57.0061 4188 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
09:06:57.0061 4188 sdbus - ok
09:06:57.0107 4188 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:06:57.0107 4188 SDRSVC - ok
09:06:57.0201 4188 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
09:06:57.0201 4188 SeaPort - ok
09:06:57.0232 4188 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:06:57.0232 4188 secdrv - ok
09:06:57.0248 4188 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:06:57.0263 4188 seclogon - ok
09:06:57.0295 4188 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:06:57.0295 4188 SENS - ok
09:06:57.0341 4188 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:06:57.0341 4188 SensrSvc - ok
09:06:57.0373 4188 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
09:06:57.0373 4188 Serenum - ok
09:06:57.0404 4188 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
09:06:57.0404 4188 Serial - ok
09:06:57.0419 4188 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:06:57.0435 4188 sermouse - ok
09:06:57.0482 4188 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:06:57.0482 4188 SessionEnv - ok
09:06:57.0497 4188 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:06:57.0497 4188 sffdisk - ok
09:06:57.0513 4188 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:06:57.0513 4188 sffp_mmc - ok
09:06:57.0529 4188 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:06:57.0529 4188 sffp_sd - ok
09:06:57.0544 4188 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:06:57.0544 4188 sfloppy - ok
09:06:57.0591 4188 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:06:57.0607 4188 SharedAccess - ok
09:06:57.0653 4188 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:06:57.0669 4188 ShellHWDetection - ok
09:06:57.0700 4188 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:06:57.0700 4188 SiSRaid2 - ok
09:06:57.0731 4188 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:06:57.0731 4188 SiSRaid4 - ok
09:06:57.0747 4188 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:06:57.0763 4188 Smb - ok
09:06:57.0809 4188 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:06:57.0809 4188 SNMPTRAP - ok
09:06:57.0825 4188 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:06:57.0825 4188 spldr - ok
09:06:57.0887 4188 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:06:57.0887 4188 Spooler - ok
09:06:58.0153 4188 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:06:58.0168 4188 sppsvc - ok
09:06:58.0293 4188 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:06:58.0293 4188 sppuinotify - ok
09:06:58.0402 4188 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:06:58.0402 4188 srv - ok
09:06:58.0449 4188 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:06:58.0465 4188 srv2 - ok
09:06:58.0511 4188 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:06:58.0527 4188 SrvHsfHDA - ok
09:06:58.0636 4188 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:06:58.0667 4188 SrvHsfV92 - ok
09:06:58.0855 4188 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:06:58.0870 4188 SrvHsfWinac - ok
09:06:58.0901 4188 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:06:58.0917 4188 srvnet - ok
09:06:58.0964 4188 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:06:58.0964 4188 SSDPSRV - ok
09:06:58.0979 4188 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:06:58.0995 4188 SstpSvc - ok
09:06:59.0089 4188 STacSV (20e27aa5bcc01c2149830c05fe22f675) C:\Program Files\IDT\WDM\STacSV64.exe
09:06:59.0104 4188 STacSV - ok
09:06:59.0120 4188 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:06:59.0135 4188 stexstor - ok
09:06:59.0291 4188 STHDA (beb37ce4e7456f5efa52d783d1e06d8c) C:\Windows\system32\DRIVERS\stwrt64.sys
09:06:59.0291 4188 STHDA - ok
09:06:59.0385 4188 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:06:59.0401 4188 stisvc - ok
09:06:59.0432 4188 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:06:59.0432 4188 swenum - ok
09:06:59.0494 4188 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:06:59.0510 4188 swprv - ok
09:06:59.0588 4188 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
09:06:59.0588 4188 SynTP - ok
09:06:59.0744 4188 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:06:59.0775 4188 SysMain - ok
09:06:59.0947 4188 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:06:59.0962 4188 TabletInputService - ok
09:07:00.0009 4188 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:07:00.0009 4188 TapiSrv - ok
09:07:00.0056 4188 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:07:00.0056 4188 TBS - ok
09:07:00.0259 4188 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:07:00.0290 4188 Tcpip - ok
09:07:00.0555 4188 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:07:00.0586 4188 TCPIP6 - ok
09:07:00.0711 4188 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:07:00.0711 4188 tcpipreg - ok
09:07:00.0742 4188 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:07:00.0742 4188 TDPIPE - ok
09:07:00.0773 4188 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:07:00.0773 4188 TDTCP - ok
09:07:00.0805 4188 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:07:00.0805 4188 tdx - ok
09:07:00.0836 4188 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:07:00.0836 4188 TermDD - ok
09:07:00.0914 4188 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:07:00.0929 4188 TermService - ok
09:07:00.0961 4188 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:07:00.0961 4188 Themes - ok
09:07:00.0976 4188 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:07:00.0976 4188 THREADORDER - ok
09:07:01.0007 4188 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:07:01.0023 4188 TrkWks - ok
09:07:01.0070 4188 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:07:01.0070 4188 TrustedInstaller - ok
09:07:01.0101 4188 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:07:01.0101 4188 tssecsrv - ok
09:07:01.0163 4188 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:07:01.0163 4188 TsUsbFlt - ok
09:07:01.0179 4188 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:07:01.0179 4188 TsUsbGD - ok
09:07:01.0241 4188 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:07:01.0257 4188 tunnel - ok
09:07:01.0273 4188 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:07:01.0273 4188 uagp35 - ok
09:07:01.0304 4188 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:07:01.0319 4188 udfs - ok
09:07:01.0351 4188 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:07:01.0351 4188 UI0Detect - ok
09:07:01.0397 4188 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:07:01.0397 4188 uliagpkx - ok
09:07:01.0429 4188 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:07:01.0429 4188 umbus - ok
09:07:01.0444 4188 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
09:07:01.0444 4188 UmPass - ok
09:07:01.0491 4188 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:07:01.0507 4188 upnphost - ok
09:07:01.0538 4188 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:07:01.0553 4188 usbccgp - ok
09:07:01.0585 4188 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:07:01.0585 4188 usbcir - ok
09:07:01.0616 4188 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
09:07:01.0616 4188 usbehci - ok
09:07:01.0647 4188 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
09:07:01.0647 4188 usbfilter - ok
09:07:01.0709 4188 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:07:01.0709 4188 usbhub - ok
09:07:01.0725 4188 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
09:07:01.0725 4188 usbohci - ok
09:07:01.0772 4188 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:07:01.0772 4188 usbprint - ok
09:07:01.0803 4188 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:07:01.0819 4188 usbscan - ok
09:07:01.0850 4188 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:07:01.0865 4188 USBSTOR - ok
09:07:01.0881 4188 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:07:01.0881 4188 usbuhci - ok
09:07:01.0943 4188 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
09:07:01.0943 4188 usbvideo - ok
09:07:01.0975 4188 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:07:01.0975 4188 UxSms - ok
09:07:02.0006 4188 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:07:02.0006 4188 VaultSvc - ok
09:07:02.0021 4188 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:07:02.0021 4188 vdrvroot - ok
09:07:02.0099 4188 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:07:02.0115 4188 vds - ok
09:07:02.0146 4188 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:07:02.0146 4188 vga - ok
09:07:02.0162 4188 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:07:02.0162 4188 VgaSave - ok
09:07:02.0177 4188 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:07:02.0193 4188 vhdmp - ok
09:07:02.0209 4188 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:07:02.0209 4188 viaide - ok
09:07:02.0240 4188 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:07:02.0240 4188 volmgr - ok
09:07:02.0271 4188 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:07:02.0287 4188 volmgrx - ok
09:07:02.0302 4188 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:07:02.0302 4188 volsnap - ok
09:07:02.0365 4188 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:07:02.0365 4188 vsmraid - ok
09:07:02.0505 4188 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:07:02.0536 4188 VSS - ok
09:07:02.0677 4188 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:07:02.0677 4188 vwifibus - ok
09:07:02.0708 4188 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:07:02.0708 4188 vwififlt - ok
09:07:02.0755 4188 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:07:02.0770 4188 W32Time - ok
09:07:02.0801 4188 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:07:02.0801 4188 WacomPen - ok
09:07:02.0848 4188 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:02.0848 4188 WANARP - ok
09:07:02.0864 4188 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:07:02.0864 4188 Wanarpv6 - ok
09:07:03.0004 4188 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:07:03.0020 4188 WatAdminSvc - ok
09:07:03.0176 4188 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:07:03.0207 4188 wbengine - ok
09:07:03.0332 4188 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:07:03.0347 4188 WbioSrvc - ok
09:07:03.0394 4188 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:07:03.0410 4188 wcncsvc - ok
09:07:03.0441 4188 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:07:03.0441 4188 WcsPlugInService - ok
09:07:03.0503 4188 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:07:03.0503 4188 Wd - ok
09:07:03.0566 4188 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:07:03.0581 4188 Wdf01000 - ok
09:07:03.0613 4188 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:07:03.0613 4188 WdiServiceHost - ok
09:07:03.0628 4188 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:07:03.0628 4188 WdiSystemHost - ok
09:07:03.0691 4188 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:07:03.0691 4188 WebClient - ok
09:07:03.0737 4188 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:07:03.0737 4188 Wecsvc - ok
09:07:03.0769 4188 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:07:03.0784 4188 wercplsupport - ok
09:07:03.0815 4188 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:07:03.0831 4188 WerSvc - ok
09:07:03.0878 4188 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:07:03.0878 4188 WfpLwf - ok
09:07:03.0893 4188 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:07:03.0909 4188 WIMMount - ok
09:07:03.0940 4188 WinDefend - ok
09:07:03.0971 4188 WinHttpAutoProxySvc - ok
09:07:04.0034 4188 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:07:04.0034 4188 Winmgmt - ok
09:07:04.0190 4188 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:07:04.0221 4188 WinRM - ok
09:07:04.0361 4188 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
09:07:04.0361 4188 WinUsb - ok
09:07:04.0455 4188 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:07:04.0471 4188 Wlansvc - ok
09:07:04.0549 4188 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:07:04.0549 4188 wlcrasvc - ok
09:07:04.0736 4188 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:07:04.0751 4188 wlidsvc - ok
09:07:05.0001 4188 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:07:05.0001 4188 WmiAcpi - ok
09:07:05.0063 4188 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:07:05.0079 4188 wmiApSrv - ok
09:07:05.0157 4188 WMPNetworkSvc - ok
09:07:05.0188 4188 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:07:05.0204 4188 WPCSvc - ok
09:07:05.0235 4188 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:07:05.0235 4188 WPDBusEnum - ok
09:07:05.0266 4188 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:07:05.0266 4188 ws2ifsl - ok
09:07:05.0297 4188 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:07:05.0313 4188 wscsvc - ok
09:07:05.0313 4188 WSearch - ok
09:07:05.0531 4188 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:07:05.0547 4188 wuauserv - ok
09:07:05.0672 4188 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:07:05.0672 4188 WudfPf - ok
09:07:05.0703 4188 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:07:05.0719 4188 WUDFRd - ok
09:07:05.0750 4188 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:07:05.0750 4188 wudfsvc - ok
09:07:05.0797 4188 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:07:05.0812 4188 WwanSvc - ok
09:07:05.0859 4188 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:07:05.0906 4188 \Device\Harddisk0\DR0 - ok
09:07:05.0921 4188 Boot (0x1200) (dabef4c74a9497c4c9d8fe696d6a670a) \Device\Harddisk0\DR0\Partition0
09:07:05.0921 4188 \Device\Harddisk0\DR0\Partition0 - ok
09:07:05.0953 4188 Boot (0x1200) (e890d68ff42a261b5a906974cfa6a4f4) \Device\Harddisk0\DR0\Partition1
09:07:05.0953 4188 \Device\Harddisk0\DR0\Partition1 - ok
09:07:05.0999 4188 Boot (0x1200) (d7fbfdb1eff879c01e374e171868069a) \Device\Harddisk0\DR0\Partition2
09:07:05.0999 4188 \Device\Harddisk0\DR0\Partition2 - ok
09:07:06.0015 4188 Boot (0x1200) (fa66211891f5976d8d32a628d1cb6895) \Device\Harddisk0\DR0\Partition3
09:07:06.0015 4188 \Device\Harddisk0\DR0\Partition3 - ok
09:07:06.0015 4188 ============================================================
09:07:06.0015 4188 Scan finished
09:07:06.0015 4188 ============================================================
09:07:06.0031 5824 Detected object count: 0
09:07:06.0031 5824 Actual detected object count: 0
09:09:36.0976 6036 Deinitialize success


aswMBR report:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-02 09:14:42
-----------------------------
09:14:42.649 OS Version: Windows x64 6.1.7601 Service Pack 1
09:14:42.649 Number of processors: 4 586 0x100
09:14:42.664 ComputerName: TRE-HP UserName: Tre
09:14:44.505 Initialize success
09:18:28.237 AVAST engine defs: 12050200
09:57:45.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006b
09:57:45.359 Disk 0 Vendor: Hitachi_ JEDO Size: 610480MB BusType: 11
09:57:45.359 Disk 0 MBR read successfully
09:57:45.359 Disk 0 MBR scan
09:57:45.374 Disk 0 Windows 7 default MBR code
09:57:45.374 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:57:45.374 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 595243 MB offset 409600
09:57:45.421 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14933 MB offset 1219467264
09:57:45.437 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
09:57:45.468 Disk 0 scanning C:\Windows\system32\drivers
09:57:54.703 Service scanning
09:58:21.254 Modules scanning
09:58:21.254 Disk 0 trace - called modules:
09:58:21.286 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
09:58:21.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80060d3060]
09:58:21.301 3 CLASSPNP.SYS[fffff88001bc143f] -> nt!IofCallDriver -> [0xfffffa8005e2bb10]
09:58:21.301 5 hpdskflt.sys[fffff88001b68189] -> nt!IofCallDriver -> [0xfffffa8005c78040]
09:58:21.301 7 amd_xata.sys[fffff880010eb8f7] -> nt!IofCallDriver -> \Device\0000006b[0xfffffa8005c7b060]
09:58:22.814 AVAST engine scan C:\Windows
09:58:26.028 AVAST engine scan C:\Windows\system32
10:01:02.309 AVAST engine scan C:\Windows\system32\drivers
10:01:13.666 AVAST engine scan C:\Users\Tre
10:03:25.205 AVAST engine scan C:\ProgramData
10:03:50.119 Scan finished successfully
10:05:47.940 Disk 0 MBR has been saved successfully to "C:\Users\Tre\Desktop\MBR.dat"
10:05:47.955 The log file has been saved successfully to "C:\Users\Tre\Desktop\aswMBR.txt"







#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 02 May 2012 - 11:00 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 03 May 2012 - 01:11 AM

Hi,

Ok, here is the OTL log. Are others having luck getting rid of this sucker? It's nasty, isn't it? Thanks for your help!



OTL logfile created on: 5/2/2012 10:59:32 PM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Tre\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 4.25 Gb Available Physical Memory | 77.51% Memory free
10.96 Gb Paging File | 8.89 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.29 Gb Total Space | 538.62 Gb Free Space | 92.66% Space Free | Partition Type: NTFS
Drive D: | 14.58 Gb Total Space | 1.62 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
Drive F: | 99.34 Mb Total Space | 91.19 Mb Free Space | 91.80% Space Free | Partition Type: FAT32

Computer Name: TRE-HP | User Name: Tre | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tre\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (McAWFwk) -- c:\Program Files\McAfee\MSC\McAWFwk.exe (McAfee, Inc.)
SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McOobeSv) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink)
SRV - (RoxioNow Service) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Roxio)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (McPvDrv) -- C:\Windows\SysNative\drivers\McPvDrv.sys (McAfee, Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=28A64790A71A6DC8BA85AB3A&q={searchTerms}
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{8CA707B9-453E-4F86-968E-4D44CD699242}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F0F70576-BDBD-462D-A609-7E078BD7E031&apn_sauid=0EEFAE52-3D2E-424F-B68C-AFC0F7CB38C6
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/03/14 14:50:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/03/18 07:20:24 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/05/01 20:17:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120314145014.dll (McAfee, Inc.)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120314145014.dll (McAfee, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [McPvTray_exe] C:\Program Files\McAfee\MAT\McPvTray.exe (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B633A733-BA5F-4F7B-9C8F-3C4444F8AA94}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 90 Days ==========

[2012/05/02 22:55:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tre\Desktop\OTL.exe
[2012/05/02 08:55:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Tre\Desktop\aswMBR.exe
[2012/05/02 08:54:44 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tre\Desktop\tdsskiller.exe
[2012/05/01 20:40:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/01 20:17:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/01 19:58:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/01 19:58:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/01 19:58:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/01 19:58:01 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/01 19:57:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/01 19:56:01 | 004,480,858 | R--- | C] (Swearware) -- C:\Users\Tre\Desktop\ComboFix.exe
[2012/04/30 21:02:28 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Malwarebytes
[2012/04/30 21:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/30 21:02:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/30 21:02:05 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/30 21:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/30 15:31:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Anti-Theft
[2012/04/30 15:17:07 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tre\Desktop\dds.scr
[2012/04/15 12:15:28 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\OpenOffice.org
[2012/04/12 16:01:35 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Apps
[2012/04/11 21:53:46 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 21:53:46 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 21:53:44 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 21:53:44 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 21:53:44 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 21:53:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 21:53:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 21:53:43 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 21:53:43 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 21:53:43 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 21:53:43 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 21:53:28 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 21:53:27 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 21:53:27 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 21:51:14 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 21:51:13 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 21:51:13 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/03 19:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Telespree
[2012/04/03 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Hewlett-Packard_Developme
[2012/04/03 19:01:48 | 000,528,384 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2012/04/03 19:01:47 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2012/04/03 19:01:46 | 001,965,056 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2012/04/03 19:01:46 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2012/04/03 19:01:23 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/04/03 13:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueSuite
[2012/04/03 08:42:19 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Adobe
[2012/04/03 08:36:59 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012/04/03 08:36:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/04/03 08:35:59 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/03 08:35:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/03 08:35:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/03 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2012/04/03 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2012/04/03 08:32:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2012/04/02 16:48:31 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2012/04/02 16:35:49 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\InstallShield
[2012/03/27 08:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/03/27 08:27:52 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/03/27 08:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
[2012/03/22 07:27:18 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/21 09:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
[2012/03/21 09:24:54 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\blekkotb_005
[2012/03/21 09:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/03/21 09:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Google
[2012/03/20 15:26:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2012/03/16 07:49:38 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/03/16 07:49:37 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/03/16 07:49:28 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/03/16 07:49:28 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/03/16 07:49:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/03/16 07:49:28 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/03/16 07:49:27 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/03/16 07:49:27 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/03/16 07:49:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/03/16 01:36:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/03/16 01:36:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/03/15 22:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/03/15 09:14:03 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/03/15 09:13:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/03/15 09:13:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/03/15 09:13:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/03/15 09:13:58 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/03/15 09:13:58 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/03/15 09:13:58 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/03/15 09:13:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/03/15 09:13:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/03/15 09:13:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/03/15 09:13:44 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/03/15 09:13:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/03/15 09:13:41 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/15 09:13:41 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/03/15 09:13:39 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/03/15 09:13:39 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/03/15 09:13:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/03/15 09:13:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/03/15 09:13:34 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/15 09:13:30 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/03/15 09:13:30 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/03/15 09:13:29 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/03/15 09:13:28 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/03/15 09:13:28 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/03/15 09:13:27 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/03/15 09:13:27 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/03/15 09:13:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/03/15 09:13:27 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/03/15 09:13:27 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/03/15 09:13:26 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/03/15 09:13:26 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/03/15 09:13:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/03/15 09:13:19 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/03/15 09:13:19 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/03/15 09:13:18 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/03/15 09:13:18 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/03/15 09:13:18 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/03/15 09:13:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/03/15 09:13:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/03/15 09:13:11 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/15 09:13:11 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/15 09:13:09 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/03/15 09:13:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/15 09:13:07 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/15 09:12:57 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/03/15 09:12:57 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/03/15 09:12:55 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/03/15 09:12:55 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/03/15 09:12:54 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/03/15 09:12:54 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/03/15 09:12:33 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/03/15 09:12:33 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/03/15 09:12:32 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/03/15 09:12:32 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/03/15 09:12:30 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/03/15 09:12:28 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/03/15 09:12:28 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/03/15 09:12:27 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/03/15 09:12:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/03/15 09:12:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/03/15 09:12:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/03/15 09:12:22 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/03/15 09:11:53 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/03/15 09:11:52 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/03/15 09:11:52 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/03/15 09:11:52 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/03/15 09:11:52 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/03/15 09:11:51 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/03/15 09:11:51 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/03/15 09:11:28 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/03/15 09:11:28 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/03/15 09:11:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/03/15 09:11:27 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/03/15 09:11:27 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/03/15 09:11:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/03/15 09:11:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/03/15 09:11:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/03/15 09:11:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/03/15 09:11:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/03/15 09:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/15 09:11:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/15 09:11:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/03/15 09:11:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/15 09:11:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/03/15 09:11:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/15 09:11:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/15 09:11:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/15 09:11:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/15 09:11:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/15 09:11:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/15 09:11:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/15 09:11:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/15 09:11:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/15 09:11:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/15 09:11:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/15 09:11:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/15 09:11:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/15 09:11:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/15 09:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/15 09:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/15 09:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/15 09:11:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/15 09:11:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/15 09:11:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/15 09:11:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/15 09:11:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/15 09:11:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/15 09:11:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/15 09:11:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/15 09:11:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/15 09:11:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/15 09:11:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/15 09:11:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/15 09:11:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/15 09:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/15 09:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/15 09:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/15 09:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/15 09:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/15 09:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/15 09:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/15 09:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/15 09:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/15 09:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/15 09:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/15 09:11:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/15 09:11:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/15 09:11:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/15 09:11:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/15 09:11:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/15 09:11:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/15 09:11:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/15 09:11:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/15 09:11:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/15 09:11:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/15 09:11:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/15 09:11:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/15 09:11:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/03/15 09:11:06 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/03/15 09:11:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/03/15 09:11:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/03/15 09:11:03 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/03/15 09:11:02 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/03/15 09:10:58 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/15 09:10:53 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/03/15 09:10:53 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/03/15 09:10:51 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/03/15 09:10:50 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/03/15 09:09:54 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/03/15 09:09:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/03/15 09:09:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/03/14 14:50:37 | 000,071,800 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2012/03/14 14:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/03/14 14:50:35 | 000,000,000 | R-SD | C] -- C:\Users\Tre\Documents\McAfee Vaults
[2012/03/14 14:50:35 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\McAfee Anti-Theft
[2012/03/14 14:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/03/14 14:50:14 | 000,010,248 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/03/14 14:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/03/14 14:49:50 | 000,284,648 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
[2012/03/14 14:49:49 | 000,647,080 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
[2012/03/14 14:49:49 | 000,481,768 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2012/03/14 14:49:49 | 000,229,528 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/03/14 14:49:49 | 000,160,280 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
[2012/03/14 14:49:49 | 000,100,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/03/14 14:49:49 | 000,075,808 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfenlfk.sys
[2012/03/14 14:49:49 | 000,065,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2012/03/14 14:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/03/14 14:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/03/14 14:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/03/14 14:49:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/03/14 14:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[2012/03/14 14:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP SimplePass 2011
[2012/03/14 14:26:59 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\CrashDumps
[2012/03/14 14:18:15 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\HP
[2012/03/14 14:18:13 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\AuthenTec
[2012/03/14 14:15:05 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Macromedia
[2012/03/14 13:28:51 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Microsoft Games
[2012/03/14 13:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/03/14 13:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/14 13:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/14 13:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/03/14 13:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/14 12:56:36 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Adobe
[2012/03/14 12:56:21 | 000,156,792 | R--- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys.e1b0.deleteme
[2012/03/14 12:56:20 | 000,639,216 | R--- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys.c9b6.deleteme
[2012/03/14 12:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/03/14 12:43:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 12:43:37 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 12:43:37 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 12:43:36 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 12:43:36 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 12:37:13 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\AMD
[2012/03/14 12:37:04 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\ATI
[2012/03/14 12:37:04 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\ATI
[2012/03/14 12:36:03 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Synaptics
[2012/03/14 12:36:03 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\hpqLog
[2012/03/14 12:35:50 | 000,000,000 | R--D | C] -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/14 12:35:50 | 000,000,000 | R--D | C] -- C:\Users\Tre\Searches
[2012/03/14 12:35:50 | 000,000,000 | R--D | C] -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/14 12:35:50 | 000,000,000 | -H-D | C] -- C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/14 12:35:42 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Identities
[2012/03/14 12:35:40 | 000,000,000 | R--D | C] -- C:\Users\Tre\Contacts
[2012/03/14 12:35:18 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\RemEngine
[2012/03/14 12:28:16 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Hewlett-Packard
[2012/03/14 12:28:07 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Hewlett-Packard
[2012/03/14 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Hewlett-Packard_Company
[2012/03/14 12:26:59 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\VirtualStore
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\AppData\Local\Temporary Internet Files
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Templates
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Start Menu
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\SendTo
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Recent
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\PrintHood
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\NetHood
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Documents\My Videos
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Documents\My Pictures
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Documents\My Music
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\My Documents
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Local Settings
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\AppData\Local\History
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Cookies
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\Application Data
[2012/03/14 12:26:24 | 000,000,000 | -HSD | C] -- C:\Users\Tre\AppData\Local\Application Data
[2012/03/14 12:26:21 | 000,000,000 | --SD | C] -- C:\Users\Tre\AppData\Roaming\Microsoft
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Videos
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Saved Games
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Pictures
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Music
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Links
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Favorites
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Downloads
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Documents
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\Desktop
[2012/03/14 12:26:21 | 000,000,000 | R--D | C] -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/14 12:26:21 | 000,000,000 | -H-D | C] -- C:\Users\Tre\AppData
[2012/03/14 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Temp
[2012/03/14 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Local\Microsoft
[2012/03/14 12:26:21 | 000,000,000 | ---D | C] -- C:\Users\Tre\AppData\Roaming\Media Center Programs

========== Files - Modified Within 90 Days ==========

[2012/05/02 22:55:52 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tre\Desktop\OTL.exe
[2012/05/02 22:49:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 22:49:36 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/02 22:46:18 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/02 22:46:18 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/02 22:46:17 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/02 22:46:17 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/05/02 22:41:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/02 22:41:41 | 117,624,831 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/02 10:05:47 | 000,000,512 | ---- | M] () -- C:\Users\Tre\Desktop\MBR.dat
[2012/05/02 08:55:57 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Tre\Desktop\aswMBR.exe
[2012/05/02 08:54:59 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tre\Desktop\tdsskiller.exe
[2012/05/01 20:17:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/01 20:17:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTRE-HP$.job
[2012/05/01 19:56:32 | 004,480,858 | R--- | M] (Swearware) -- C:\Users\Tre\Desktop\ComboFix.exe
[2012/05/01 18:53:22 | 000,879,714 | ---- | M] () -- C:\Users\Tre\Desktop\SecurityCheck.exe
[2012/04/30 21:18:06 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTre.job
[2012/04/30 21:02:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 18:17:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/04/30 15:17:08 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tre\Desktop\dds.scr
[2012/04/30 14:40:05 | 000,000,000 | ---- | M] () -- C:\Users\Tre\Desktop\defogger_reenable
[2012/04/28 16:31:24 | 000,024,931 | ---- | M] () -- C:\Users\Tre\Documents\50th anniversary card for mom and dad.odt
[2012/04/25 12:10:29 | 000,279,306 | ---- | M] () -- C:\Users\Tre\Documents\T Rowe statement April 2012.pdf
[2012/04/24 15:39:39 | 000,033,824 | ---- | M] () -- C:\Users\Tre\Documents\TMoehring_Resume_2012_2.odt
[2012/04/24 10:20:50 | 000,557,079 | ---- | M] () -- C:\Users\Tre\Documents\Credit Card Form -signed.pdf
[2012/04/24 10:06:12 | 000,173,679 | ---- | M] () -- C:\Users\Tre\Documents\Diagnosis-signed.pdf
[2012/04/23 11:06:37 | 000,031,270 | ---- | M] () -- C:\Users\Tre\Documents\TMoehring_Resume_2012.odt
[2012/04/16 18:49:45 | 000,020,328 | ---- | M] () -- C:\Users\Tre\Documents\2011 Twain Harte log.ods
[2012/04/16 18:49:03 | 000,009,139 | ---- | M] () -- C:\Users\Tre\Documents\2012 Twain Harte log.ods
[2012/04/16 14:58:42 | 000,025,804 | ---- | M] () -- C:\Users\Tre\Documents\Tax deductions - Landlord.odt
[2012/04/15 12:45:41 | 000,001,239 | ---- | M] () -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/04/11 09:55:19 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/04 07:36:08 | 000,295,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/03 19:00:48 | 001,128,448 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2012/04/03 19:00:48 | 000,528,384 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2012/04/03 19:00:47 | 004,779,520 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2012/04/03 19:00:47 | 001,965,056 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2012/04/03 19:00:47 | 000,654,336 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2012/04/03 19:00:47 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll
[2012/04/03 19:00:46 | 000,224,256 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2012/04/03 19:00:45 | 006,382,080 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2012/04/03 19:00:45 | 004,933,120 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2012/04/03 19:00:45 | 001,523,712 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2012/04/03 19:00:45 | 001,029,120 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2012/04/03 19:00:45 | 000,212,480 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2012/04/03 19:00:44 | 000,221,184 | ---- | M] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2012/04/03 19:00:42 | 000,442,368 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTEC64.dll
[2012/04/03 19:00:42 | 000,162,304 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAC64.dll
[2012/04/03 19:00:42 | 000,090,624 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTCo64.dll
[2012/04/03 19:00:42 | 000,068,608 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AESTAR64.dll
[2012/04/03 08:36:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/04/02 16:44:39 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012/03/27 08:29:58 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/22 07:27:18 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/15 22:54:35 | 000,772,682 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/14 13:25:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/03/14 13:23:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/14 13:14:03 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/14 13:14:03 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/14 13:13:33 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012/03/14 13:11:25 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/14 13:11:25 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/14 13:11:25 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/14 13:11:25 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/14 13:09:32 | 000,001,441 | ---- | M] () -- C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/05 23:53:37 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/05 22:59:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/05 22:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/02/29 23:38:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/02/29 23:33:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/27 23:56:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/27 23:48:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/27 23:48:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/27 23:45:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/27 23:43:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/27 23:39:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/27 18:11:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/27 18:09:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/27 18:06:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/27 18:03:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/27 17:59:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/16 23:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/16 22:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/09 23:36:07 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

========== Files Created - No Company Name ==========

[2012/05/02 10:05:47 | 000,000,512 | ---- | C] () -- C:\Users\Tre\Desktop\MBR.dat
[2012/05/01 19:58:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/01 19:58:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/01 19:58:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/01 19:58:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/01 19:58:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/01 18:53:21 | 000,879,714 | ---- | C] () -- C:\Users\Tre\Desktop\SecurityCheck.exe
[2012/04/30 21:02:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 18:17:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/04/30 14:40:05 | 000,000,000 | ---- | C] () -- C:\Users\Tre\Desktop\defogger_reenable
[2012/04/28 09:43:29 | 000,024,931 | ---- | C] () -- C:\Users\Tre\Documents\50th anniversary card for mom and dad.odt
[2012/04/25 12:10:29 | 000,279,306 | ---- | C] () -- C:\Users\Tre\Documents\T Rowe statement April 2012.pdf
[2012/04/24 15:25:33 | 000,033,824 | ---- | C] () -- C:\Users\Tre\Documents\TMoehring_Resume_2012_2.odt
[2012/04/24 10:20:50 | 000,557,079 | ---- | C] () -- C:\Users\Tre\Documents\Credit Card Form -signed.pdf
[2012/04/24 10:06:12 | 000,173,679 | ---- | C] () -- C:\Users\Tre\Documents\Diagnosis-signed.pdf
[2012/04/18 13:52:19 | 000,031,270 | ---- | C] () -- C:\Users\Tre\Documents\TMoehring_Resume_2012.odt
[2012/04/16 18:49:02 | 000,009,139 | ---- | C] () -- C:\Users\Tre\Documents\2012 Twain Harte log.ods
[2012/04/16 14:58:39 | 000,025,804 | ---- | C] () -- C:\Users\Tre\Documents\Tax deductions - Landlord.odt
[2012/04/15 13:36:30 | 000,020,328 | ---- | C] () -- C:\Users\Tre\Documents\2011 Twain Harte log.ods
[2012/04/15 12:45:41 | 000,001,239 | ---- | C] () -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012/04/04 07:44:50 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/04/03 08:36:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012/04/02 16:36:38 | 000,014,119 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2012/04/02 16:36:37 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012/03/27 08:29:58 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/03/21 12:48:33 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTRE-HP$.job
[2012/03/14 14:51:07 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/03/14 13:25:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012/03/14 13:23:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_dc3d_01009.Wdf
[2012/03/14 13:09:32 | 000,001,441 | ---- | C] () -- C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/14 12:35:59 | 000,001,413 | ---- | C] () -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/14 12:35:51 | 000,001,447 | ---- | C] () -- C:\Users\Tre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/14 12:35:20 | 000,000,324 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForTre.job
[2012/03/14 12:27:56 | 000,002,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2012/03/14 12:27:56 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2012/03/14 12:26:22 | 000,000,290 | ---- | C] () -- C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/14 12:26:21 | 000,000,272 | ---- | C] () -- C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/06/08 11:05:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/08 10:59:19 | 000,772,682 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/06/08 10:48:08 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/28 17:37:23 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/21 19:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/01/18 01:53:32 | 002,994,688 | ---- | C] () -- C:\Program Files\openofficeorg33.msi
[2011/01/18 01:50:56 | 132,609,310 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2011/01/18 01:05:08 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

< End of report >




#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 03 May 2012 - 02:28 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>
    IE:64bit: - HKLM\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = <http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms>}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = <http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms>}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>
    IE - HKLM\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = <http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms>}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = <http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms>}
    IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = <http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF>
    IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = <http://blekko.com/ws/?source=f45f13b3&tbp=rbox&toolbarid=blekkotb_005&u=28A64790A71A6DC8BA85AB3A&q={searchTerms>}
    IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{8CA707B9-453E-4F86-968E-4D44CD699242}: "URL" = <http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=F0F70576-BDBD-462D-A609-7E078BD7E031&apn_sauid=0EEFAE52-3D2E-424F-B68C-AFC0F7CB38C6>
    IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}: "URL" = <http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms>}
    IE - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = <http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms>}
    O3 - HKU\S-1-5-21-3139890736-3921819157-3585904417-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    [2012/03/21 09:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars
    [2012/03/14 13:09:32 | 000,001,441 | ---- | M] () -- C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 03 May 2012 - 09:34 AM

Hi Gringo,

Ok, I'll run this. Yes, I forgot to mention after I gave you the last logs that I'm still being redirected to the Welcome to Nginx page when I try to go onto Google.

Thanks.

#14 thermoebia

thermoebia
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:00 PM

Posted 03 May 2012 - 09:47 AM

Hi Gringo,

I ran the custom script in OTL.exe. The log is below. I'm still being redirected to the Welcome to Nginx page when I try to get onto Google, unfortunately.



========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry key HKEY_USERS\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8CA707B9-453E-4F86-968E-4D44CD699242}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CA707B9-453E-4F86-968E-4D44CD699242}\ not found.
Registry key HKEY_USERS\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Internet Explorer\SearchScopes\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A22F7BA3-591A-4DDB-B9A3-C974A5B67BEB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.
Registry value HKEY_USERS\S-1-5-21-3139890736-3921819157-3585904417-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\ProgramData\blekko toolbars folder moved successfully.
C:\Users\Tre\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tre\Desktop\cmd.bat deleted successfully.
C:\Users\Tre\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tre
->Java cache emptied: 3165972 bytes

Total Java Files Cleaned = 3.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tre
->Flash cache emptied: 470 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 05032012_074257

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:00 PM

Posted 03 May 2012 - 12:26 PM

does this happen in all browsers or does it happen in just one and which ones does it happen in



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users