Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Malware "TROJ_GEN.FC5CBD" or H/W error

(In Progress)
(!)

rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
01-Jul-2012, 04:59 PM #1
Malware "TROJ_GEN.FC5CBD" or H/W error
TrendMicro Titanium identified and removed a "TROJ_GEN.FC5CBD" . I've had Titanium on this PC for months.

The Problem is that the PC continues locking up and or crashing (blue screen). When it crashes I get an "Address" type error.

QUESTION: Do I still have Malware or do I have a unrelated hardware problem.

Here is the Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:02:08 PM, on 6/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\hp\kbd\kbd.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mom\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.mortensenmathdirect.com/catalog.htm"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP SimpleSave Monitor.lnk = mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WNA1000M Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11213 bytes
Here is the ARK file:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-29 15:31:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000057 WDC_WD32 rev.12.0
Running: e7ru8l7c.exe; Driver: C:\Users\mom\AppData\Local\Temp\ugdiqpow.sys


---- System - GMER 1.0.15 ----

SSDT 87F84314 ZwCreateKey
SSDT 8801BF14 ZwCreateMutant
SSDT 8802B2BC ZwCreateProcess
SSDT 87FB74BC ZwCreateProcessEx
SSDT 8801BEA4 ZwCreateSymbolicLinkObject
SSDT 8800B35C ZwCreateThread
SSDT 8800B834 ZwDeleteKey
SSDT 8800B78C ZwDeleteValueKey
SSDT 8801BE6C ZwDuplicateObject
SSDT 8801BF4C ZwLoadDriver
SSDT 87FB546C ZwOpenProcess
SSDT 8800B3CC ZwOpenSection
SSDT 8801A00C ZwOpenThread
SSDT 8800B7FC ZwRenameKey
SSDT 8800B7C4 ZwRestoreKey
SSDT 8801BEDC ZwSetSystemInformation
SSDT 87F842DC ZwSetValueKey
SSDT 8801A044 ZwTerminateProcess
SSDT 87F8434C ZwTerminateThread
SSDT 8800B394 ZwWriteVirtualMemory
SSDT 8800B324 ZwCreateThreadEx
SSDT 87FB54A4 ZwCreateUserProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1E9 820BB8AC 4 Bytes [14, 43, F8, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820BB8B8 4 Bytes [14, BF, 01, 88]
.text ntkrnlpa.exe!KeSetEvent + 209 820BB8CC 8 Bytes [BC, B2, 02, 88, BC, 74, FB, ...]
.text ntkrnlpa.exe!KeSetEvent + 21D 820BB8E0 8 Bytes [A4, BE, 01, 88, 5C, B3, 00, ...]
.text ntkrnlpa.exe!KeSetEvent + 2D5 820BB998 4 Bytes [34, B8, 00, 88]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 09, 00] {SUB [EAX], AL; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 09, 00] {SUB [EBX], AL; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 09, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 09, 00] {TEST AL, 0x1; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B153C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 09, 00] {TEST AL, 0x2; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 09, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 09, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B15441 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 09, 00] {TEST AL, 0x0; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B1557F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 09, 00] {SUB [ECX], AL; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 09, 00] {SUB [EDX], AL; OR [EAX], EAX}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 09, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B18AC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B18B41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B18C7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 40, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B187C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B18841 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B1897F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 3D, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 22, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B16CC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 22, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 22, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B16D41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B16E7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]}
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 22, 00]
.text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----
__________________
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
03-Jul-2012, 02:36 PM #2
Hiya

Download Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-----------------

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.






Download and scan with SUPERAntiSpyware Free Edition for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click Scan your computer.
  • On the left, select all fixed drives.
  • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • [i][color=green]Click View Scan Logs.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Please include the MBAM log and, SUPERAntiSpyware Scan Log, checkup.txt and a fresh HijackThis log in your next reply

eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
05-Jul-2012, 05:45 PM #3
Scans as requested
*******Checkup Scan:

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java(TM) 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 18.0.1025.152
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

********MBAM LOG:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19272
mom :: ARLEEN-PC [administrator]

7/5/2012 10:32:46 AM
mbam-log-2012-07-05 (10-32-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 459381
Time elapsed: 2 hour(s), 36 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

******The SuperAntiSpyware identified 3 AdAware cookies as a threat and deleted them.

*******Hijackthis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:44:05 PM, on 7/5/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19272)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
C:\hp\kbd\kbd.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mom\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.mortensenmathdirect.com/catalog.htm"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP SimpleSave Monitor.lnk = mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: NETGEAR WNA1000M Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11852 bytes
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
08-Jul-2012, 01:00 PM #4
Your Java is out of date, so lets do that first:

Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")
  • Don't install any of the toolbars that are offered.


After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:
  • Applications and Applets
  • Trace and Log Files
OK out of all the screens.

---------------------------
Now, your Adobe Reader is out of date, so get the latest one from here and then uninstall Adobe Reader 9:

http://get.adobe.com/uk/reader/

Don't install any of the toolbars that are offered, and untick Free! McAfee Security Scan Plus.

====================

Can you run the following tools, and copy/paste the logs that they produce here. If its over a few posts, that's fine


Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.


  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.


  • Click the Start Scan button.


  • If a suspicious object is detected, the default action will be Skip, click on Continue.


  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.


  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


--------------------------

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


-------------------------

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
08-Jul-2012, 11:28 PM #5
More scans
20:43:10.0717 3448 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
20:43:12.0524 3448 ============================================================
20:43:12.0524 3448 Current date / time: 2012/07/08 20:43:12.0524
20:43:12.0524 3448 SystemInfo:
20:43:12.0524 3448
20:43:12.0524 3448 OS Version: 6.0.6002 ServicePack: 2.0
20:43:12.0524 3448 Product type: Workstation
20:43:12.0524 3448 ComputerName: ARLEEN-PC
20:43:12.0524 3448 UserName: mom
20:43:12.0524 3448 Windows directory: C:\Windows
20:43:12.0524 3448 System windows directory: C:\Windows
20:43:12.0524 3448 Processor architecture: Intel x86
20:43:12.0525 3448 Number of processors: 2
20:43:12.0525 3448 Page size: 0x1000
20:43:12.0525 3448 Boot type: Normal boot
20:43:12.0525 3448 ============================================================
20:43:13.0493 3448 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:43:13.0561 3448 ============================================================
20:43:13.0561 3448 \Device\Harddisk0\DR0:
20:43:13.0561 3448 MBR partitions:
20:43:13.0561 3448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2427B5BF
20:43:13.0561 3448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2427B5FE, BlocksNum 0x11B20C3
20:43:13.0561 3448 ============================================================
20:43:13.0593 3448 C: <-> \Device\Harddisk0\DR0\Partition0
20:43:13.0691 3448 D: <-> \Device\Harddisk0\DR0\Partition1
20:43:13.0691 3448 ============================================================
20:43:13.0691 3448 Initialize success
20:43:13.0691 3448 ============================================================
20:43:39.0821 4600 ============================================================
20:43:39.0821 4600 Scan started
20:43:39.0821 4600 Mode: Manual; SigCheck; TDLFS;
20:43:39.0821 4600 ============================================================
20:43:40.0558 4600 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:43:40.0705 4600 ACPI - ok
20:43:40.0821 4600 AdobeActiveFileMonitor4.0 (2486c8e3f14496341e90cf2ab8bc82ed) C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
20:43:40.0846 4600 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - warning
20:43:40.0846 4600 AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
20:43:40.0908 4600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:43:40.0954 4600 AdobeARMservice - ok
20:43:41.0058 4600 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:43:41.0104 4600 AdobeFlashPlayerUpdateSvc - ok
20:43:41.0170 4600 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
20:43:41.0279 4600 adp94xx - ok
20:43:41.0350 4600 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
20:43:41.0463 4600 adpahci - ok
20:43:41.0567 4600 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
20:43:41.0646 4600 adpu160m - ok
20:43:41.0670 4600 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
20:43:41.0726 4600 adpu320 - ok
20:43:41.0788 4600 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:43:41.0876 4600 AeLookupSvc - ok
20:43:41.0920 4600 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:43:42.0029 4600 AFD - ok
20:43:42.0070 4600 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
20:43:42.0112 4600 agp440 - ok
20:43:42.0124 4600 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:43:42.0169 4600 aic78xx - ok
20:43:42.0200 4600 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:43:42.0288 4600 ALG - ok
20:43:42.0304 4600 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
20:43:42.0342 4600 aliide - ok
20:43:42.0357 4600 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
20:43:42.0399 4600 amdagp - ok
20:43:42.0449 4600 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
20:43:42.0482 4600 amdide - ok
20:43:42.0501 4600 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
20:43:42.0570 4600 AmdK7 - ok
20:43:42.0612 4600 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
20:43:42.0646 4600 AmdK8 - ok
20:43:42.0753 4600 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
20:43:42.0780 4600 Amsp - ok
20:43:42.0822 4600 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:43:42.0867 4600 Appinfo - ok
20:43:42.0929 4600 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:43:42.0948 4600 Apple Mobile Device - ok
20:43:42.0968 4600 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
20:43:43.0004 4600 arc - ok
20:43:43.0037 4600 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
20:43:43.0075 4600 arcsas - ok
20:43:43.0121 4600 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:43.0172 4600 AsyncMac - ok
20:43:43.0207 4600 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:43:43.0244 4600 atapi - ok
20:43:43.0315 4600 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:43:43.0380 4600 AudioEndpointBuilder - ok
20:43:43.0395 4600 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:43:43.0437 4600 Audiosrv - ok
20:43:43.0496 4600 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:43:43.0553 4600 Beep - ok
20:43:43.0624 4600 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:43:43.0735 4600 BFE - ok
20:43:43.0894 4600 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
20:43:43.0966 4600 BITS - ok
20:43:43.0971 4600 blbdrive - ok
20:43:44.0273 4600 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
20:43:44.0298 4600 Bonjour Service - ok
20:43:44.0446 4600 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:43:44.0500 4600 bowser - ok
20:43:44.0539 4600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:43:44.0581 4600 BrFiltLo - ok
20:43:44.0589 4600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:43:44.0644 4600 BrFiltUp - ok
20:43:44.0775 4600 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:43:44.0834 4600 Browser - ok
20:43:44.0879 4600 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:43:44.0974 4600 Brserid - ok
20:43:45.0050 4600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:43:45.0137 4600 BrSerWdm - ok
20:43:45.0167 4600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:43:45.0233 4600 BrUsbMdm - ok
20:43:45.0294 4600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:43:45.0356 4600 BrUsbSer - ok
20:43:45.0378 4600 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:43:45.0446 4600 BTHMODEM - ok
20:43:45.0492 4600 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:45.0553 4600 cdfs - ok
20:43:45.0600 4600 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:43:45.0647 4600 cdrom - ok
20:43:45.0691 4600 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:43:45.0740 4600 CertPropSvc - ok
20:43:45.0751 4600 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
20:43:45.0821 4600 circlass - ok
20:43:45.0859 4600 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:43:45.0903 4600 CLFS - ok
20:43:45.0977 4600 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:46.0009 4600 clr_optimization_v2.0.50727_32 - ok
20:43:46.0091 4600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:43:46.0137 4600 clr_optimization_v4.0.30319_32 - ok
20:43:46.0152 4600 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
20:43:46.0188 4600 cmdide - ok
20:43:46.0223 4600 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
20:43:46.0257 4600 Compbatt - ok
20:43:46.0263 4600 COMSysApp - ok
20:43:46.0278 4600 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
20:43:46.0311 4600 crcdisk - ok
20:43:46.0393 4600 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
20:43:46.0459 4600 Crusoe - ok
20:43:46.0507 4600 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
20:43:46.0546 4600 CryptSvc - ok
20:43:46.0621 4600 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:43:46.0671 4600 DcomLaunch - ok
20:43:46.0693 4600 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:43:46.0743 4600 DfsC - ok
20:43:46.0872 4600 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:43:47.0026 4600 DFSR - ok
20:43:47.0142 4600 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
20:43:47.0170 4600 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
20:43:47.0170 4600 DgiVecp - detected UnsignedFile.Multi.Generic (1)
20:43:47.0402 4600 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:43:47.0447 4600 Dhcp - ok
20:43:47.0529 4600 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:43:47.0572 4600 disk - ok
20:43:47.0620 4600 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:43:47.0725 4600 Dnscache - ok
20:43:47.0766 4600 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:43:47.0828 4600 dot3svc - ok
20:43:47.0864 4600 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:43:47.0927 4600 DPS - ok
20:43:47.0964 4600 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:43:48.0014 4600 drmkaud - ok
20:43:48.0078 4600 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:43:48.0122 4600 DXGKrnl - ok
20:43:48.0155 4600 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:43:48.0258 4600 E1G60 - ok
20:43:48.0389 4600 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:43:48.0439 4600 EapHost - ok
20:43:48.0623 4600 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:43:48.0668 4600 Ecache - ok
20:43:48.0766 4600 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:43:48.0831 4600 ehRecvr - ok
20:43:48.0860 4600 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:43:48.0934 4600 ehSched - ok
20:43:48.0945 4600 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:43:48.0980 4600 ehstart - ok
20:43:49.0020 4600 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
20:43:49.0105 4600 elxstor - ok
20:43:49.0165 4600 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:43:49.0281 4600 EMDMgmt - ok
20:43:49.0363 4600 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:43:49.0401 4600 EventSystem - ok
20:43:49.0441 4600 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:43:49.0597 4600 exfat - ok
20:43:49.0652 4600 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:43:49.0717 4600 fastfat - ok
20:43:49.0777 4600 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:43:49.0823 4600 fdc - ok
20:43:49.0857 4600 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:43:49.0906 4600 fdPHost - ok
20:43:49.0926 4600 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:43:50.0002 4600 FDResPub - ok
20:43:50.0045 4600 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:43:50.0082 4600 FileInfo - ok
20:43:50.0124 4600 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:43:50.0211 4600 Filetrace - ok
20:43:50.0251 4600 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
20:43:50.0322 4600 flpydisk - ok
20:43:50.0374 4600 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:43:50.0426 4600 FltMgr - ok
20:43:50.0533 4600 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:43:50.0736 4600 FontCache - ok
20:43:50.0840 4600 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:43:50.0871 4600 FontCache3.0.0.0 - ok
20:43:50.0950 4600 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
20:43:51.0039 4600 Fs_Rec - ok
20:43:51.0093 4600 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
20:43:51.0126 4600 gagp30kx - ok
20:43:51.0264 4600 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:43:51.0291 4600 GEARAspiWDM - ok
20:43:51.0484 4600 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:43:51.0543 4600 gpsvc - ok
20:43:51.0630 4600 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:43:51.0660 4600 gupdate - ok
20:43:51.0674 4600 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:43:51.0693 4600 gupdatem - ok
20:43:51.0736 4600 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:43:51.0789 4600 gusvc - ok
20:43:51.0833 4600 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
20:43:51.0865 4600 hamachi - ok
20:43:51.0899 4600 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:43:52.0001 4600 HdAudAddService - ok
20:43:52.0063 4600 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:43:52.0128 4600 HDAudBus - ok
20:43:52.0189 4600 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:43:52.0264 4600 HidBth - ok
20:43:52.0308 4600 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:43:52.0380 4600 HidIr - ok
20:43:52.0477 4600 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
20:43:52.0510 4600 hidserv - ok
20:43:52.0556 4600 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:43:52.0618 4600 HidUsb - ok
20:43:52.0657 4600 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:43:52.0712 4600 hkmsvc - ok
20:43:52.0792 4600 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
20:43:52.0811 4600 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
20:43:52.0811 4600 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
20:43:52.0845 4600 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
20:43:52.0877 4600 HpCISSs - ok
20:43:52.0980 4600 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
20:43:53.0109 4600 HSF_DP - ok
20:43:53.0155 4600 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
20:43:53.0244 4600 HSXHWBS2 - ok
20:43:53.0295 4600 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:43:53.0408 4600 HTTP - ok
20:43:53.0434 4600 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
20:43:53.0472 4600 i2omp - ok
20:43:53.0604 4600 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:43:53.0664 4600 i8042prt - ok
20:43:53.0688 4600 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
20:43:53.0763 4600 iaStorV - ok
20:43:53.0832 4600 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
20:43:53.0901 4600 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:43:53.0901 4600 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:43:54.0020 4600 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:43:54.0106 4600 idsvc - ok
20:43:54.0141 4600 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:43:54.0175 4600 iirsp - ok
20:43:54.0231 4600 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:43:54.0312 4600 IKEEXT - ok
20:43:54.0584 4600 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
20:43:54.0798 4600 IntcAzAudAddService - ok
20:43:54.0897 4600 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
20:43:54.0933 4600 intelide - ok
20:43:55.0041 4600 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
20:43:55.0180 4600 intelppm - ok
20:43:55.0289 4600 IntuitUpdateService (1a263bd87c082fa7ab38093014c8fc79) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:43:55.0314 4600 IntuitUpdateService - ok
20:43:55.0378 4600 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:43:55.0522 4600 IPBusEnum - ok
20:43:55.0566 4600 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:43:55.0632 4600 IpFilterDriver - ok
20:43:55.0694 4600 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:43:55.0766 4600 iphlpsvc - ok
20:43:55.0771 4600 IpInIp - ok
20:43:55.0798 4600 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
20:43:55.0887 4600 IPMIDRV - ok
20:43:55.0934 4600 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:43:56.0062 4600 IPNAT - ok
20:43:56.0161 4600 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
20:43:56.0252 4600 iPod Service - ok
20:43:56.0291 4600 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:43:56.0389 4600 IRENUM - ok
20:43:56.0423 4600 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
20:43:56.0491 4600 isapnp - ok
20:43:56.0582 4600 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:43:56.0626 4600 iScsiPrt - ok
20:43:56.0651 4600 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:43:56.0721 4600 iteatapi - ok
20:43:56.0737 4600 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:43:56.0774 4600 iteraid - ok
20:43:56.0810 4600 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:43:56.0846 4600 kbdclass - ok
20:43:56.0876 4600 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
20:43:56.0942 4600 kbdhid - ok
20:43:56.0973 4600 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:43:57.0024 4600 KeyIso - ok
20:43:57.0061 4600 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:43:57.0114 4600 KSecDD - ok
20:43:57.0173 4600 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:43:57.0252 4600 KtmRm - ok
20:43:57.0534 4600 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
20:43:57.0604 4600 LanmanServer - ok
20:43:57.0746 4600 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:43:57.0818 4600 LanmanWorkstation - ok
20:43:58.0194 4600 LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
20:43:58.0216 4600 LightScribeService - ok
20:43:58.0272 4600 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:43:58.0335 4600 lltdio - ok
20:43:58.0383 4600 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:43:58.0489 4600 lltdsvc - ok
20:43:58.0604 4600 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:43:58.0674 4600 lmhosts - ok
20:43:58.0818 4600 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
20:43:58.0854 4600 LSI_FC - ok
20:43:58.0923 4600 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
20:43:58.0958 4600 LSI_SAS - ok
20:43:58.0976 4600 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
20:43:59.0011 4600 LSI_SCSI - ok
20:43:59.0057 4600 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:43:59.0091 4600 luafv - ok
20:43:59.0124 4600 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:43:59.0180 4600 Mcx2Svc - ok
20:43:59.0217 4600 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:43:59.0259 4600 mdmxsdk - ok
20:43:59.0283 4600 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
20:43:59.0314 4600 megasas - ok
20:43:59.0354 4600 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:43:59.0403 4600 MMCSS - ok
20:43:59.0425 4600 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:43:59.0461 4600 Modem - ok
20:43:59.0500 4600 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:43:59.0536 4600 monitor - ok
20:43:59.0567 4600 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:43:59.0600 4600 mouclass - ok
20:43:59.0613 4600 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
20:43:59.0678 4600 mouhid - ok
20:43:59.0806 4600 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:43:59.0840 4600 MountMgr - ok
20:43:59.0859 4600 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
20:43:59.0941 4600 mpio - ok
20:43:59.0985 4600 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:44:00.0032 4600 mpsdrv - ok
20:44:00.0088 4600 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:44:00.0157 4600 MpsSvc - ok
20:44:00.0208 4600 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:44:00.0239 4600 Mraid35x - ok
20:44:00.0582 4600 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:44:00.0624 4600 MRxDAV - ok
20:44:00.0655 4600 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:00.0708 4600 mrxsmb - ok
20:44:00.0746 4600 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:00.0795 4600 mrxsmb10 - ok
20:44:00.0812 4600 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:00.0859 4600 mrxsmb20 - ok
20:44:00.0937 4600 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
20:44:00.0971 4600 msahci - ok
20:44:01.0005 4600 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
20:44:01.0046 4600 msdsm - ok
20:44:01.0083 4600 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:44:01.0164 4600 MSDTC - ok
20:44:01.0207 4600 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:44:01.0257 4600 Msfs - ok
20:44:01.0303 4600 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:44:01.0332 4600 msisadrv - ok
20:44:01.0409 4600 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:44:01.0500 4600 MSiSCSI - ok
20:44:01.0505 4600 msiserver - ok
20:44:01.0566 4600 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:44:01.0636 4600 MSKSSRV - ok
20:44:01.0679 4600 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:01.0752 4600 MSPCLOCK - ok
20:44:01.0897 4600 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:44:01.0946 4600 MSPQM - ok
20:44:02.0200 4600 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:44:02.0262 4600 MsRPC - ok
20:44:02.0276 4600 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:44:02.0296 4600 mssmbios - ok
20:44:02.0358 4600 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:44:02.0423 4600 MSTEE - ok
20:44:02.0547 4600 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:44:02.0595 4600 Mup - ok
20:44:03.0049 4600 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:44:03.0128 4600 napagent - ok
20:44:03.0177 4600 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:44:03.0226 4600 NativeWifiP - ok
20:44:03.0317 4600 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:44:03.0348 4600 NDIS - ok
20:44:03.0395 4600 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:03.0437 4600 NdisTapi - ok
20:44:03.0474 4600 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:03.0520 4600 Ndisuio - ok
20:44:03.0539 4600 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:03.0630 4600 NdisWan - ok
20:44:03.0759 4600 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:44:03.0805 4600 NDProxy - ok
20:44:03.0835 4600 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:44:03.0890 4600 NetBIOS - ok
20:44:03.0936 4600 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:44:04.0005 4600 netbt - ok
20:44:04.0023 4600 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:04.0050 4600 Netlogon - ok
20:44:04.0092 4600 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:44:04.0166 4600 Netman - ok
20:44:04.0209 4600 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:44:04.0289 4600 netprofm - ok
20:44:04.0354 4600 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:44:04.0403 4600 NetTcpPortSharing - ok
20:44:04.0427 4600 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:44:04.0468 4600 nfrd960 - ok
20:44:04.0496 4600 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:44:04.0549 4600 NlaSvc - ok
20:44:04.0573 4600 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:44:04.0617 4600 Npfs - ok
20:44:04.0723 4600 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:44:04.0793 4600 nsi - ok
20:44:04.0865 4600 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:44:04.0910 4600 nsiproxy - ok
20:44:05.0003 4600 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:44:05.0145 4600 Ntfs - ok
20:44:05.0160 4600 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:44:05.0234 4600 ntrigdigi - ok
20:44:05.0263 4600 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:44:05.0320 4600 Null - ok
20:44:05.0409 4600 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
20:44:05.0517 4600 NVENETFD - ok
20:44:06.0265 4600 nvlddmkm (e0434dccf91a47d9d8a785af83865d7d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:44:06.0928 4600 nvlddmkm - ok
20:44:07.0051 4600 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
20:44:07.0107 4600 nvraid - ok
20:44:07.0121 4600 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
20:44:07.0162 4600 nvstor - ok
20:44:07.0199 4600 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\drivers\nvstor32.sys
20:44:07.0221 4600 nvstor32 - ok
20:44:07.0278 4600 nvsvc (2fe4fe6b316836afe396851eff6dea6b) C:\Windows\system32\nvvsvc.exe
20:44:07.0308 4600 nvsvc - ok
20:44:07.0332 4600 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
20:44:07.0389 4600 nv_agp - ok
20:44:07.0395 4600 NwlnkFlt - ok
20:44:07.0404 4600 NwlnkFwd - ok
20:44:07.0490 4600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:44:07.0571 4600 odserv - ok
20:44:07.0632 4600 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:44:07.0663 4600 ohci1394 - ok
20:44:07.0721 4600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:44:07.0769 4600 ose - ok
20:44:07.0842 4600 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:07.0969 4600 p2pimsvc - ok
20:44:07.0980 4600 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:08.0015 4600 p2psvc - ok
20:44:08.0080 4600 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:44:08.0165 4600 Parport - ok
20:44:08.0205 4600 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
20:44:08.0237 4600 partmgr - ok
20:44:08.0267 4600 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:44:08.0330 4600 Parvdm - ok
20:44:08.0383 4600 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:44:08.0420 4600 PcaSvc - ok
20:44:08.0437 4600 PcdrNdisuio - ok
20:44:08.0475 4600 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:44:08.0527 4600 pci - ok
20:44:08.0554 4600 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:44:08.0584 4600 pciide - ok
20:44:08.0604 4600 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:44:08.0649 4600 pcmcia - ok
20:44:08.0721 4600 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:44:08.0859 4600 PEAUTH - ok
20:44:09.0001 4600 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:44:09.0156 4600 pla - ok
20:44:09.0433 4600 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:44:09.0515 4600 PlugPlay - ok
20:44:09.0593 4600 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:09.0655 4600 PNRPAutoReg - ok
20:44:09.0669 4600 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:09.0733 4600 PNRPsvc - ok
20:44:09.0799 4600 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:44:09.0923 4600 PolicyAgent - ok
20:44:09.0983 4600 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:44:10.0048 4600 PptpMiniport - ok
20:44:10.0113 4600 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
20:44:10.0198 4600 Processor - ok
20:44:10.0325 4600 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:44:10.0421 4600 ProfSvc - ok
20:44:10.0463 4600 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:10.0485 4600 ProtectedStorage - ok
20:44:10.0526 4600 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
20:44:10.0567 4600 Ps2 - ok
20:44:10.0618 4600 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:44:10.0668 4600 PSched - ok
20:44:10.0815 4600 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
20:44:10.0849 4600 PxHelp20 - ok
20:44:10.0941 4600 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
20:44:11.0066 4600 ql2300 - ok
20:44:11.0088 4600 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:44:11.0145 4600 ql40xx - ok
20:44:11.0193 4600 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:44:11.0259 4600 QWAVE - ok
20:44:11.0300 4600 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:44:11.0338 4600 QWAVEdrv - ok
20:44:11.0386 4600 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:44:11.0438 4600 RasAcd - ok
20:44:11.0478 4600 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:44:11.0539 4600 RasAuto - ok
20:44:11.0618 4600 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:11.0683 4600 Rasl2tp - ok
20:44:11.0759 4600 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:44:11.0909 4600 RasMan - ok
20:44:11.0979 4600 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:12.0021 4600 RasPppoe - ok
20:44:12.0063 4600 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:44:12.0100 4600 RasSstp - ok
20:44:12.0153 4600 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:12.0204 4600 rdbss - ok
20:44:12.0248 4600 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:12.0308 4600 RDPCDD - ok
20:44:12.0508 4600 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
20:44:12.0607 4600 rdpdr - ok
20:44:12.0659 4600 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:44:12.0712 4600 RDPENCDD - ok
20:44:12.0956 4600 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
20:44:13.0061 4600 RDPWD - ok
20:44:13.0106 4600 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:44:13.0170 4600 RemoteAccess - ok
20:44:13.0201 4600 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:44:13.0282 4600 RemoteRegistry - ok
20:44:13.0777 4600 RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
20:44:13.0868 4600 RoxMediaDB9 - ok
20:44:13.0889 4600 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:44:13.0949 4600 RpcLocator - ok
20:44:13.0997 4600 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:44:14.0033 4600 RpcSs - ok
20:44:14.0087 4600 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:14.0136 4600 rspndr - ok
20:44:14.0175 4600 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
20:44:14.0243 4600 RTL8023xp - ok
20:44:14.0320 4600 RTL8192cu (1e4d2fd94e4f69431f376814b9b2bbd6) C:\Windows\system32\DRIVERS\WNA1000M.sys
20:44:14.0403 4600 RTL8192cu - ok
20:44:14.0446 4600 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
20:44:14.0476 4600 RtlProt - ok
20:44:14.0490 4600 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:14.0512 4600 SamSs - ok
20:44:14.0544 4600 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:44:14.0578 4600 sbp2port - ok
20:44:14.0627 4600 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:44:14.0679 4600 SCardSvr - ok
20:44:14.0834 4600 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:44:14.0881 4600 Schedule - ok
20:44:14.0909 4600 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:44:14.0940 4600 SCPolicySvc - ok
20:44:14.0982 4600 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:44:15.0014 4600 SDRSVC - ok
20:44:15.0031 4600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:44:15.0100 4600 secdrv - ok
20:44:15.0135 4600 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:44:15.0187 4600 seclogon - ok
20:44:15.0196 4600 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
20:44:15.0258 4600 SENS - ok
20:44:15.0275 4600 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:44:15.0338 4600 Serenum - ok
20:44:15.0356 4600 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:44:15.0431 4600 Serial - ok
20:44:15.0468 4600 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:44:15.0516 4600 sermouse - ok
20:44:15.0559 4600 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:44:15.0617 4600 SessionEnv - ok
20:44:15.0630 4600 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
20:44:15.0685 4600 sffdisk - ok
20:44:15.0720 4600 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
20:44:15.0772 4600 sffp_mmc - ok
20:44:15.0801 4600 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
20:44:15.0837 4600 sffp_sd - ok
20:44:15.0878 4600 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:44:15.0989 4600 sfloppy - ok
20:44:16.0037 4600 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:44:16.0100 4600 SharedAccess - ok
20:44:16.0142 4600 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:44:16.0224 4600 ShellHWDetection - ok
20:44:16.0241 4600 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
20:44:16.0272 4600 sisagp - ok
20:44:16.0283 4600 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
20:44:16.0316 4600 SiSRaid2 - ok
20:44:16.0336 4600 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
20:44:16.0371 4600 SiSRaid4 - ok
20:44:16.0571 4600 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:44:16.0689 4600 slsvc - ok
20:44:16.0999 4600 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:44:17.0054 4600 SLUINotify - ok
20:44:17.0104 4600 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:44:17.0150 4600 Smb - ok
20:44:17.0179 4600 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:44:17.0220 4600 SNMPTRAP - ok
20:44:17.0257 4600 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:44:17.0292 4600 spldr - ok
20:44:17.0331 4600 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:44:17.0380 4600 Spooler - ok
20:44:17.0426 4600 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:44:17.0482 4600 srv - ok
20:44:17.0512 4600 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:44:17.0579 4600 srv2 - ok
20:44:17.0602 4600 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:17.0674 4600 srvnet - ok
20:44:17.0692 4600 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:44:17.0752 4600 SSDPSRV - ok
20:44:17.0821 4600 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
20:44:17.0845 4600 SSPORT ( UnsignedFile.Multi.Generic ) - warning
20:44:17.0845 4600 SSPORT - detected UnsignedFile.Multi.Generic (1)
20:44:17.0961 4600 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:44:18.0055 4600 SstpSvc - ok
20:44:18.0499 4600 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:44:18.0838 4600 stisvc - ok
20:44:19.0006 4600 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:44:19.0057 4600 stllssvr - ok
20:44:19.0124 4600 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:44:19.0164 4600 swenum - ok
20:44:19.0272 4600 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:44:19.0343 4600 swprv - ok
20:44:19.0393 4600 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:44:19.0429 4600 Symc8xx - ok
20:44:19.0435 4600 SymIMMP - ok
20:44:19.0506 4600 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:44:19.0537 4600 Sym_hi - ok
20:44:19.0598 4600 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:44:19.0630 4600 Sym_u3 - ok
20:44:19.0735 4600 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:44:19.0797 4600 SysMain - ok
20:44:19.0827 4600 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:44:19.0921 4600 TabletInputService - ok
20:44:20.0148 4600 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:44:20.0242 4600 TapiSrv - ok
20:44:20.0337 4600 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:44:20.0377 4600 TBS - ok
20:44:20.0775 4600 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
20:44:20.0915 4600 Tcpip - ok
20:44:20.0931 4600 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
20:44:21.0042 4600 Tcpip6 - ok
20:44:21.0090 4600 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:44:21.0169 4600 tcpipreg - ok
20:44:21.0214 4600 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:44:21.0289 4600 TDPIPE - ok
20:44:21.0326 4600 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:44:21.0420 4600 TDTCP - ok
20:44:21.0548 4600 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:44:21.0608 4600 tdx - ok
20:44:21.0710 4600 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:44:21.0754 4600 TermDD - ok
20:44:22.0154 4600 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:44:22.0355 4600 TermService - ok
20:44:22.0418 4600 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:44:22.0453 4600 Themes - ok
20:44:22.0512 4600 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:44:22.0550 4600 THREADORDER - ok
20:44:22.0585 4600 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys
20:44:22.0619 4600 tmactmon - ok
20:44:22.0642 4600 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys
20:44:22.0693 4600 tmcomm - ok
20:44:22.0744 4600 tmeevw (f49ca5c26378f4d5603f2a2fc86e09a1) C:\Windows\system32\DRIVERS\tmeevw.sys
20:44:22.0798 4600 tmeevw - ok
20:44:22.0827 4600 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
20:44:22.0861 4600 tmevtmgr - ok
20:44:23.0156 4600 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\Windows\system32\DRIVERS\tmnciesc.sys
20:44:23.0206 4600 tmnciesc - ok
20:44:23.0420 4600 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys
20:44:23.0470 4600 tmtdi - ok
20:44:23.0548 4600 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:44:23.0612 4600 TrkWks - ok
20:44:23.0843 4600 truecrypt (ed5e4ce36c54f55e7698642e94d32ec7) C:\Windows\system32\drivers\truecrypt.sys
20:44:23.0906 4600 truecrypt - ok
20:44:23.0977 4600 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:44:24.0051 4600 TrustedInstaller - ok
20:44:24.0107 4600 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:44:24.0157 4600 tssecsrv - ok
20:44:24.0187 4600 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:44:24.0228 4600 tunmp - ok
20:44:24.0263 4600 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:44:24.0306 4600 tunnel - ok
20:44:24.0362 4600 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
20:44:24.0397 4600 uagp35 - ok
20:44:24.0437 4600 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:44:24.0511 4600 udfs - ok
20:44:24.0562 4600 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:44:24.0620 4600 UI0Detect - ok
20:44:24.0644 4600 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
20:44:24.0677 4600 uliagpkx - ok
20:44:24.0914 4600 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
20:44:24.0992 4600 uliahci - ok
20:44:25.0208 4600 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:44:25.0277 4600 UlSata - ok
20:44:25.0480 4600 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:44:25.0545 4600 ulsata2 - ok
20:44:25.0618 4600 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:44:25.0681 4600 umbus - ok
20:44:25.0752 4600 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:44:25.0825 4600 upnphost - ok
20:44:25.0891 4600 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:44:25.0939 4600 usbaudio - ok
20:44:26.0006 4600 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:44:26.0057 4600 usbccgp - ok
20:44:26.0085 4600 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:44:26.0160 4600 usbcir - ok
20:44:26.0203 4600 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:44:26.0254 4600 usbehci - ok
20:44:26.0299 4600 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:44:26.0350 4600 usbhub - ok
20:44:26.0360 4600 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:44:26.0400 4600 usbohci - ok
20:44:26.0420 4600 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:44:26.0467 4600 usbprint - ok
20:44:26.0484 4600 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:44:26.0527 4600 usbscan - ok
20:44:26.0566 4600 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:44:26.0619 4600 USBSTOR - ok
20:44:26.0637 4600 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
20:44:26.0703 4600 usbuhci - ok
20:44:26.0734 4600 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:44:26.0777 4600 UxSms - ok
20:44:26.0829 4600 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:44:26.0916 4600 vds - ok
20:44:27.0019 4600 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
20:44:27.0093 4600 vga - ok
20:44:27.0128 4600 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:44:27.0175 4600 VgaSave - ok
20:44:27.0202 4600 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
20:44:27.0233 4600 viaagp - ok
20:44:27.0248 4600 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
20:44:27.0316 4600 ViaC7 - ok
20:44:27.0330 4600 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
20:44:27.0360 4600 viaide - ok
20:44:27.0401 4600 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:44:27.0432 4600 volmgr - ok
20:44:27.0482 4600 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:44:27.0527 4600 volmgrx - ok
20:44:27.0572 4600 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:44:27.0616 4600 volsnap - ok
20:44:27.0650 4600 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
20:44:27.0694 4600 vsmraid - ok
20:44:27.0794 4600 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:44:28.0014 4600 VSS - ok
20:44:28.0054 4600 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:44:28.0126 4600 W32Time - ok
20:44:28.0198 4600 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:44:28.0268 4600 WacomPen - ok
20:44:28.0312 4600 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:28.0367 4600 Wanarp - ok
20:44:28.0371 4600 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:44:28.0404 4600 Wanarpv6 - ok
20:44:28.0455 4600 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:44:28.0542 4600 wcncsvc - ok
20:44:28.0600 4600 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:44:28.0664 4600 WcsPlugInService - ok
20:44:28.0683 4600 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
20:44:28.0714 4600 Wd - ok
20:44:28.0772 4600 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:44:28.0869 4600 Wdf01000 - ok
20:44:28.0911 4600 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:44:28.0962 4600 WdiServiceHost - ok
20:44:28.0967 4600 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:44:29.0008 4600 WdiSystemHost - ok
20:44:29.0073 4600 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:44:29.0169 4600 WebClient - ok
20:44:29.0200 4600 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:44:29.0253 4600 Wecsvc - ok
20:44:29.0289 4600 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:44:29.0339 4600 wercplsupport - ok
20:44:29.0377 4600 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:44:29.0430 4600 WerSvc - ok
20:44:29.0496 4600 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:44:29.0652 4600 winachsf - ok
20:44:29.0731 4600 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:44:29.0823 4600 WinDefend - ok
20:44:29.0832 4600 WinHttpAutoProxySvc - ok
20:44:29.0889 4600 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:44:29.0946 4600 Winmgmt - ok
20:44:30.0033 4600 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:44:30.0262 4600 WinRM - ok
20:44:30.0371 4600 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:44:30.0510 4600 Wlansvc - ok
20:44:30.0606 4600 WlanWpsSvc (eaf90575d9914c8104214e19f1d396b0) C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
20:44:30.0636 4600 WlanWpsSvc - ok
20:44:30.0683 4600 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
20:44:30.0799 4600 WmiAcpi - ok
20:44:30.0871 4600 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:44:30.0957 4600 wmiApSrv - ok
20:44:31.0063 4600 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:44:31.0234 4600 WMPNetworkSvc - ok
20:44:31.0288 4600 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:44:31.0335 4600 WPCSvc - ok
20:44:31.0370 4600 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:44:31.0420 4600 WPDBusEnum - ok
20:44:31.0463 4600 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:44:31.0500 4600 WpdUsb - ok
20:44:31.0637 4600 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:44:31.0700 4600 WPFFontCache_v0400 - ok
20:44:31.0736 4600 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:44:31.0783 4600 ws2ifsl - ok
20:44:31.0817 4600 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
20:44:31.0852 4600 wscsvc - ok
20:44:31.0857 4600 WSearch - ok
20:44:31.0992 4600 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
20:44:32.0080 4600 wuauserv - ok
20:44:32.0195 4600 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:44:32.0263 4600 WUDFRd - ok
20:44:32.0298 4600 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:44:32.0353 4600 wudfsvc - ok
20:44:32.0404 4600 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:44:32.0434 4600 XAudio - ok
20:44:32.0466 4600 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
20:44:32.0504 4600 XAudioService - ok
20:44:32.0563 4600 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
20:44:32.0649 4600 \Device\Harddisk0\DR0 - ok
20:44:32.0656 4600 Boot (0x1200) (b94ea66be3341ab972b23f806d7fde84) \Device\Harddisk0\DR0\Partition0
20:44:32.0657 4600 \Device\Harddisk0\DR0\Partition0 - ok
20:44:32.0662 4600 Boot (0x1200) (886e11a5289c7ee6a57fe88af9e22ac1) \Device\Harddisk0\DR0\Partition1
20:44:32.0665 4600 \Device\Harddisk0\DR0\Partition1 - ok
20:44:32.0667 4600 ============================================================
20:44:32.0667 4600 Scan finished
20:44:32.0667 4600 ============================================================
20:44:32.0688 4852 Detected object count: 5
20:44:32.0689 4852 Actual detected object count: 5
20:44:51.0531 4852 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:51.0531 4852 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:44:51.0532 4852 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:51.0532 4852 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:44:51.0538 4852 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:51.0538 4852 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:44:51.0544 4852 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:51.0544 4852 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:44:51.0545 4852 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
20:44:51.0545 4852 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:57.0715 3004 Deinitialize success


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-08 20:49:44
-----------------------------
20:49:44.374 OS Version: Windows 6.0.6002 Service Pack 2
20:49:44.374 Number of processors: 2 586 0x6B01
20:49:44.376 ComputerName: ARLEEN-PC UserName: mom
20:49:49.343 Initialize success
20:50:42.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
20:50:42.779 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 6
20:50:42.829 Disk 0 MBR read successfully
20:50:42.836 Disk 0 MBR scan
20:50:42.842 Disk 0 unknown MBR code
20:50:42.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296182 MB offset 63
20:50:42.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9060 MB offset 606582270
20:50:42.902 Disk 0 scanning sectors +625137345
20:50:42.991 Disk 0 scanning C:\Windows\system32\drivers
20:50:51.171 Service scanning
20:51:05.144 Modules scanning
20:51:13.257 Disk 0 trace - called modules:
20:51:13.294 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:51:13.299 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864472d8]
20:51:13.651 3 CLASSPNP.SYS[8a1a98b3] -> nt!IofCallDriver -> [0x852b4e00]
20:51:13.658 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\00000057[0x85337c90]
20:51:13.665 Scan finished successfully
20:51:30.973 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
20:51:30.998 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-08 20:49:44
-----------------------------
20:49:44.374 OS Version: Windows 6.0.6002 Service Pack 2
20:49:44.374 Number of processors: 2 586 0x6B01
20:49:44.376 ComputerName: ARLEEN-PC UserName: mom
20:49:49.343 Initialize success
20:50:42.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
20:50:42.779 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 6
20:50:42.829 Disk 0 MBR read successfully
20:50:42.836 Disk 0 MBR scan
20:50:42.842 Disk 0 unknown MBR code
20:50:42.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296182 MB offset 63
20:50:42.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9060 MB offset 606582270
20:50:42.902 Disk 0 scanning sectors +625137345
20:50:42.991 Disk 0 scanning C:\Windows\system32\drivers
20:50:51.171 Service scanning
20:51:05.144 Modules scanning
20:51:13.257 Disk 0 trace - called modules:
20:51:13.294 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:51:13.299 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864472d8]
20:51:13.651 3 CLASSPNP.SYS[8a1a98b3] -> nt!IofCallDriver -> [0x852b4e00]
20:51:13.658 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\00000057[0x85337c90]
20:51:13.665 Scan finished successfully
20:51:30.973 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
20:51:30.998 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"

ComboFix 12-07-08.01 - mom 07/08/2012 21:03:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1770 [GMT -6:00]
Running from: c:\users\mom\Desktop\Username123.exe.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mom\Documents\~WRL0001.tmp
c:\users\mom\Documents\~WRL0195.tmp
c:\users\mom\Documents\~WRL2334.tmp
c:\users\mom\Documents\~WRL2786.tmp
c:\users\mom\Documents\~WRL3233.tmp
c:\users\mom\Documents\~WRL4028.tmp
c:\windows\Downloaded Program Files\Temp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 03:12 . 2012-07-09 03:12 -------- d-----w- c:\users\Rich\AppData\Local\temp
2012-07-09 03:12 . 2012-07-09 03:12 -------- d-----w- c:\users\Margaret\AppData\Local\temp
2012-07-09 03:12 . 2012-07-09 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 20:31 . 2012-07-08 20:31 -------- d-----w- c:\program files\Common Files\Java
2012-07-08 19:56 . 2012-07-08 19:56 -------- d-----w- c:\program files\Oracle
2012-07-08 19:54 . 2012-05-05 01:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 19:12 . 2012-07-05 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-05 16:31 . 2012-07-05 16:31 -------- d-----w- c:\users\mom\AppData\Roaming\Malwarebytes
2012-07-05 16:30 . 2012-07-05 16:30 -------- d-----w- c:\programdata\Malwarebytes
2012-06-22 15:35 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 15:35 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 15:35 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 15:35 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 15:34 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 15:34 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 15:34 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 15:34 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 15:34 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 04:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 04:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-25 15:23 . 2012-05-25 15:23 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-05-05 01:29 . 2011-03-26 17:20 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-04 21:17 . 2012-03-31 13:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-04 21:17 . 2011-06-11 13:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Akamai NetSession Interface"="c:\users\mom\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OpwareSE4.exe" [2006-10-11 75304]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-14 520192]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 13797992]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files\quicktime\QTTask.exe" [2010-11-29 421888]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
.
c:\users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP SimpleSave Monitor.lnk - c:\users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [2011-9-29 477080]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1000M Smart Wizard.lnk - c:\program files\NETGEAR\WNA1000M\WNA1000M.exe [2011-2-22 2079200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10224428
*NewlyCreated* - ASWMBR
*Deregistered* - 10224428
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:17]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 02:27]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 02:27]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001Core.job
- c:\users\mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 11:48]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001UA.job
- c:\users\mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 11:48]
.
2012-07-06 c:\windows\Tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}.job
- c:\windows\system32\msfeedssync.exe [2012-06-14 03:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: wellsfargo.com\online
TCP: DhcpNameServer = 205.171.2.65 205.171.3.65
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-08 21:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-08 21:15:04
ComboFix-quarantined-files.txt 2012-07-09 03:15
.
Pre-Run: 160,397,287,424 bytes free
Post-Run: 160,338,395,136 bytes free
.
- - End Of File - - A72FA7A741E24190C2C270B68659B177


Thanks for helping!!!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
09-Jul-2012, 02:32 PM #6
Thanks

Just a few more tools, and then we'll start to dig out any remains etc

Download RogueKiller to your desktop
  1. Quit all running programs
  2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  3. Wait until the Pre-scan has finished.
  4. Click on Scan
  5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
  6. Click on Report and copy/paste the contents here.

-----------

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

    Code:
    netsvcs
    activex
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %windir%\Installer\*.*
    %windir%\system32\tasks\*.*
    %systemroot%\Fonts\*.exe
    %systemroot%\*. /mp /s
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    regedit.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
09-Jul-2012, 02:48 PM #7
Just seen that the site for the OTL is currently down for today, so you may be able to run that tomorrow

Just letting you know in case you wonder why you can't get the program
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
09-Jul-2012, 10:49 PM #8
RKreport
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files...3-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: mom [Admin rights]
Mode: Scan -- Date: 07/09/2012 19:33:22

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] StartHelper.exe -- C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 5 ¤¤¤
[SUSP PATH] HP SimpleSave Monitor.lnk @mom : C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[64] : NtCreateKey @ 0x8220E140 -> HOOKED (Unknown @ 0x87E9B55C)
SSDT[67] : NtCreateMutant @ 0x8223F812 -> HOOKED (Unknown @ 0x87E9B26C)
SSDT[72] : NtCreateProcess @ 0x822B0DAB -> HOOKED (Unknown @ 0x87EDD7B4)
SSDT[73] : NtCreateProcessEx @ 0x822B0DF6 -> HOOKED (Unknown @ 0x87E9B6AC)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x821DF35A -> HOOKED (Unknown @ 0x87DA0F9C)
SSDT[78] : NtCreateThread @ 0x822B0BE0 -> HOOKED (Unknown @ 0x87E9B314)
SSDT[123] : NtDeleteKey @ 0x821D1727 -> HOOKED (Unknown @ 0x87E9B4EC)
SSDT[126] : NtDeleteValueKey @ 0x821CCCC8 -> HOOKED (Unknown @ 0x87E9B444)
SSDT[129] : NtDuplicateObject @ 0x82217551 -> HOOKED (Unknown @ 0x87DA0F64)
SSDT[165] : NtLoadDriver @ 0x8218ADEE -> HOOKED (Unknown @ 0x87E9B2A4)
SSDT[194] : NtOpenProcess @ 0x8223FFAE -> HOOKED (Unknown @ 0x87E9B63C)
SSDT[197] : NtOpenSection @ 0x8223066D -> HOOKED (Unknown @ 0x87E9B40C)
SSDT[201] : NtOpenThread @ 0x8223B4FF -> HOOKED (Unknown @ 0x87E9B604)
SSDT[267] : NtRenameKey @ 0x822736AC -> HOOKED (Unknown @ 0x87E9B4B4)
SSDT[280] : NtRestoreKey @ 0x82271DB2 -> HOOKED (Unknown @ 0x87E9B47C)
SSDT[317] : NtSetSystemInformation @ 0x82205EEB -> HOOKED (Unknown @ 0x87DA0FD4)
SSDT[324] : NtSetValueKey @ 0x821FD3C2 -> HOOKED (Unknown @ 0x87E9B524)
SSDT[334] : NtTerminateProcess @ 0x82210143 -> HOOKED (Unknown @ 0x87E9B5CC)
SSDT[335] : NtTerminateThread @ 0x8223B534 -> HOOKED (Unknown @ 0x87E9B594)
SSDT[358] : NtWriteVirtualMemory @ 0x8222C92D -> HOOKED (Unknown @ 0x87E9B3D4)
SSDT[382] : NtCreateThreadEx @ 0x8223AFE9 -> HOOKED (Unknown @ 0x87E9B2DC)
SSDT[383] : NtCreateUserProcess @ 0x821E8C11 -> HOOKED (Unknown @ 0x87E9B674)
S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x84BB1F5C)
S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0xAFE2E0B4)

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00AAJS-65RYA SCSI Disk Device +++++
--- User ---
[MBR] 43b9e8a8a7ad49ba0c2bf8a6de75ab27
[BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296182 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606582270 | Size: 9060 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
09-Jul-2012, 10:50 PM #9
OTL
OTL logfile created on: 7/9/2012 7:45:22 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\mom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.86% Memory free
6.07 Gb Paging File | 4.85 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.24 Gb Total Space | 147.89 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.85 Gb Free Space | 9.59% Space Free | Partition Type: NTFS

Computer Name: ARLEEN-PC | User Name: mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/09 19:41:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mom\Desktop\OTL.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/27 07:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
PRC - [2012/01/28 11:38:36 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
PRC - [2012/01/28 11:38:36 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
PRC - [2011/02/22 09:34:42 | 002,079,200 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
PRC - [2010/12/14 08:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
PRC - [2010/11/16 22:18:22 | 000,174,560 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 05:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/01/14 02:25:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OpWareSE4.exe
PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2005/09/09 01:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/28 11:38:36 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
MOD - [2012/01/28 11:38:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
MOD - [2011/02/22 13:02:14 | 000,294,912 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WConn.dll
MOD - [2011/02/22 09:34:42 | 002,079,200 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
MOD - [2011/01/25 15:21:10 | 000,413,696 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WlanDll.dll
MOD - [2011/01/07 13:20:06 | 000,315,392 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\XParser.dll
MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007/01/14 02:25:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV - [2012/05/04 15:17:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/16 22:18:22 | 000,174,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe -- (WlanWpsSvc)
SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mom\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/05/25 09:23:17 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/01/28 11:38:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/01/28 11:38:42 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
DRV - [2012/01/28 11:38:42 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2012/01/28 11:38:42 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/01/28 11:38:42 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/01/28 11:38:42 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
DRV - [2011/01/31 16:03:44 | 000,700,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WNA1000M.sys -- (RTL8192cu)
DRV - [2009/10/30 18:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/09/27 16:55:26 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/26 10:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
DRV - [2007/01/04 20:28:02 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007/01/04 20:28:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2006/11/02 01:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{5E28D0DD-6B3D-4816-B2FC-98815AC37972}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVD US7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes,DefaultScope = {5E28D0DD-6B3D-4816-B2FC-98815AC37972}
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{3AE48F1A-60FB-41D7-9E55-4671E4F3B744}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{3F87AC14-2F2C-49F8-84FB-76EBCE505014}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{5E28D0DD-6B3D-4816-B2FC-98815AC37972}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVD US7
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mom\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mom\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/28 07:38:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/28 07:38:20 | 000,000,000 | ---D | M]

[2011/11/14 10:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/14 10:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/04 20:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/24 09:03:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/01 07:27:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2009/12/23 19:50:21 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleN aClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.d ll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPri nter.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: IE Tab = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\
CHR - Extension: Gmail = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/08 21:12:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001..\Run: [Akamai NetSession Interface] C:\Users\mom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..Trusted Domains: wellsfargo.com ([online] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.2.65 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142D7A48-6039-47FA-9220-F882F10A089E}: DhcpNameServer = 205.171.2.65 205.171.3.65
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{391675B9-B6C1-4B72-8A03-4A2D686CC3B1}: DhcpNameServer = 192.168.1.1 0.0.0.0 0.0.0.0
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/29 20:49:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{62952299-B15D-4091-8EAC-B1357F841D22} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

MsConfig - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/09 19:41:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\mom\Desktop\OTL.exe
[2012/07/09 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\mom\Desktop\RK_Quarantine
[2012/07/09 19:27:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/09 09:07:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/08 21:15:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/08 20:59:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/08 20:59:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/08 20:59:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/08 20:59:30 | 000,000,000 | ---D | C] -- C:\Username123.exe
[2012/07/08 20:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/08 20:58:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/08 20:52:54 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\mom\Desktop\Username123.exe.exe
[2012/07/08 20:48:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mom\Desktop\aswMBR.exe
[2012/07/08 20:40:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/08 20:39:11 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mom\Desktop\tdsskiller.exe
[2012/07/08 14:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/07/08 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/05 13:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/05 10:31:05 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Malwarebytes
[2012/07/05 10:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/09 19:55:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001UA.job
[2012/07/09 19:41:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mom\Desktop\OTL.exe
[2012/07/09 19:30:07 | 001,558,016 | ---- | M] () -- C:\Users\mom\Desktop\RogueKiller.exe
[2012/07/09 19:30:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/09 19:17:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/09 18:57:03 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 18:57:03 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/09 17:09:37 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/09 16:57:42 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001Core.job
[2012/07/09 16:57:23 | 000,064,097 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/07/09 16:57:23 | 000,064,097 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/07/09 16:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/09 09:13:22 | 000,615,676 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/09 09:13:22 | 000,107,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/08 21:12:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/08 20:53:24 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\mom\Desktop\Username123.exe.exe
[2012/07/08 20:51:30 | 000,000,512 | ---- | M] () -- C:\Users\mom\Desktop\MBR.dat
[2012/07/08 20:49:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mom\Desktop\aswMBR.exe
[2012/07/08 20:41:02 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/08 20:39:20 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mom\Desktop\tdsskiller.exe
[2012/07/07 17:02:49 | 301,736,925 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/06 10:39:00 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}.job
[2012/07/05 10:25:02 | 000,881,475 | ---- | M] () -- C:\Users\mom\Desktop\SecurityCheck.exe
[2012/07/03 21:21:17 | 000,008,192 | ---- | M] () -- C:\Users\mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/01 16:59:09 | 000,002,037 | ---- | M] () -- C:\Users\mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/29 10:35:18 | 000,029,378 | ---- | M] () -- C:\Users\mom\Documents\cc_20120629_103509.reg
[2012/06/28 20:04:37 | 000,000,680 | ---- | M] () -- C:\Users\mom\AppData\Local\d3d9caps.dat
[2012/06/20 09:40:05 | 000,526,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 15:44:58 | 000,000,869 | ---- | M] () -- C:\Users\mom\Desktop\ONLY IN CASE OF EMERGENCY.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/09 19:30:08 | 001,558,016 | ---- | C] () -- C:\Users\mom\Desktop\RogueKiller.exe
[2012/07/08 20:59:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/08 20:59:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/08 20:59:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/08 20:59:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/08 20:59:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/08 20:51:30 | 000,000,512 | ---- | C] () -- C:\Users\mom\Desktop\MBR.dat
[2012/07/08 20:41:02 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/08 20:41:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/05 10:25:09 | 000,881,475 | ---- | C] () -- C:\Users\mom\Desktop\SecurityCheck.exe
[2012/06/29 12:06:54 | 301,736,925 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/29 10:35:14 | 000,029,378 | ---- | C] () -- C:\Users\mom\Documents\cc_20120629_103509.reg
[2012/06/28 20:04:37 | 000,000,680 | ---- | C] () -- C:\Users\mom\AppData\Local\d3d9caps.dat
[2012/06/13 15:44:58 | 000,000,869 | ---- | C] () -- C:\Users\mom\Desktop\ONLY IN CASE OF EMERGENCY.lnk
[2012/01/28 11:48:41 | 000,000,056 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
[2011/10/24 12:43:45 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2011/05/18 15:34:44 | 000,001,940 | ---- | C] () -- C:\Users\mom\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/05/07 09:46:55 | 000,064,097 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/05/07 09:46:55 | 000,064,097 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/12/09 17:51:35 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/08/20 13:29:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/02/05 17:25:10 | 000,015,001 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/12/26 11:28:49 | 000,008,192 | ---- | C] () -- C:\Users\mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/02/26 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Audacity
[2008/01/04 22:00:06 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Canon
[2009/12/23 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\E-centives
[2008/09/03 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Leadertech
[2011/09/29 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\muvee Technologies
[2012/02/02 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\NewSoft
[2011/05/11 22:31:29 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Nolo
[2008/03/05 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Opera
[2011/03/26 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\pdf995
[2007/12/26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\ScanSoft
[2011/11/14 10:38:51 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Snapfish
[2012/05/05 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\TaxCut
[2012/05/25 09:34:06 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\TrueCrypt
[2008/02/08 13:22:38 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\WinBatch
[2012/07/08 23:09:09 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/06 10:39:00 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/07/08 21:15:13 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010/05/21 21:24:45 | 000,000,000 | ---D | M] -- C:\Boot
[2012/07/09 09:07:17 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2006/11/02 07:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009/10/20 05:19:42 | 000,000,000 | ---D | M] -- C:\hp
[2007/12/21 23:15:16 | 000,000,000 | R--D | M] -- C:\MSOCache
[2008/09/03 09:04:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012/07/08 13:56:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/05 13:12:50 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012/07/08 21:15:10 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010/02/04 21:43:20 | 000,000,000 | ---D | M] -- C:\QT$INST$.TMP
[2008/10/20 19:02:36 | 000,000,000 | ---D | M] -- C:\swsetup
[2012/07/09 19:49:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/07/09 19:27:59 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2012/03/25 14:45:16 | 000,000,000 | ---D | M] -- C:\temp
[2012/07/08 21:15:13 | 000,000,000 | ---D | M] -- C:\Username123.exe
[2008/01/01 12:45:28 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/09 09:07:22 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %windir%\Installer\*.* >
[2009/01/05 15:52:42 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\101f22b4.msi
[2009/01/05 15:55:03 | 002,335,744 | ---- | M] () -- C:\Windows\Installer\101f22b8.msi
[2009/01/05 15:56:16 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\101f22bc.msi
[2009/01/05 15:56:44 | 000,060,928 | ---- | M] () -- C:\Windows\Installer\101f22c0.msi
[2009/01/05 15:57:22 | 000,052,736 | ---- | M] () -- C:\Windows\Installer\101f22c4.msi
[2009/01/05 15:57:37 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\101f22c8.msi
[2008/12/22 15:53:06 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\10814410.msp
[2008/12/22 15:52:50 | 000,103,424 | R--- | M] () -- C:\Windows\Installer\10814420.msp
[2008/12/22 15:51:26 | 000,248,832 | R--- | M] () -- C:\Windows\Installer\10814462.msp
[2008/12/22 15:52:03 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\10814527.msp
[2008/12/22 15:50:34 | 005,406,720 | R--- | M] () -- C:\Windows\Installer\1081466a.msp
[2011/09/07 07:18:30 | 001,356,800 | ---- | M] () -- C:\Windows\Installer\10a137.msi
[2011/08/18 17:21:10 | 000,019,968 | ---- | M] () -- C:\Windows\Installer\10f05c.msi
[2012/01/15 21:56:52 | 002,189,312 | ---- | M] () -- C:\Windows\Installer\1197122.msi
[2012/02/03 15:13:48 | 004,988,928 | R--- | M] () -- C:\Windows\Installer\11e36b7f.msp
[2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\11e36b87.msp
[2012/03/05 19:49:29 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\11e36b92.msp
[2010/02/04 00:59:48 | 005,031,936 | R--- | M] () -- C:\Windows\Installer\12951cf.msp
[2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\12951e1.msp
[2010/02/04 17:24:30 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\1295205.msp
[2011/04/13 10:37:02 | 019,201,024 | R--- | M] () -- C:\Windows\Installer\12cb04.msp
[2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\12cb15.msp
[2011/03/25 08:03:44 | 005,079,552 | R--- | M] () -- C:\Windows\Installer\12cb2f.msp
[2011/06/28 07:59:53 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\12cb3a.msp
[2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\12cb4b.msp
[2011/04/29 11:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\12cb6f.msp
[2008/11/20 14:48:44 | 005,097,472 | R--- | M] () -- C:\Windows\Installer\135d10.msp
[2008/06/05 12:56:36 | 005,111,808 | R--- | M] () -- C:\Windows\Installer\13908638.msp
[2010/05/07 09:44:13 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\14649e41.msi
[2007/08/29 20:26:20 | 000,314,880 | ---- | M] () -- C:\Windows\Installer\15277.msi
[2009/11/22 13:04:14 | 000,323,072 | ---- | M] () -- C:\Windows\Installer\16dd7fa.msi
[2007/10/14 22:43:14 | 229,852,160 | R--- | M] () -- C:\Windows\Installer\1710bafe.msp
[2007/10/14 22:43:32 | 021,981,184 | R--- | M] () -- C:\Windows\Installer\1710bb27.msp
[2007/10/14 22:43:46 | 005,749,760 | R--- | M] () -- C:\Windows\Installer\1710bb66.msp
[2007/10/14 22:43:38 | 012,743,168 | R--- | M] () -- C:\Windows\Installer\1710bb78.msp
[2007/10/14 22:46:48 | 000,324,608 | R--- | M] () -- C:\Windows\Installer\1710bb85.msp
[2007/10/14 22:44:28 | 000,324,608 | R--- | M] () -- C:\Windows\Installer\1710bb8c.msp
[2012/01/22 08:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1944bec.msp
[2011/11/01 11:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\1944bfd.msp
[2012/03/23 12:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\1944c21.msp
[2012/03/26 22:28:54 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\1944c47.msp
[2007/12/06 21:24:04 | 000,431,104 | ---- | M] () -- C:\Windows\Installer\1acc57e.msi
[2009/07/22 16:11:06 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\1b2f0a1.msi
[2010/03/30 20:11:37 | 023,597,056 | R--- | M] () -- C:\Windows\Installer\1b86aa.msp
[2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\1dda19.msp
[2011/07/27 06:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\1dda46.msp
[2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\1dda58.msp
[2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\1dda76.msp
[2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\1dda87.msp
[2011/08/24 05:37:22 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\1ddaad.msp
[2011/09/06 20:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\1ddabf.msp
[2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\1ddae3.msp
[2011/04/28 09:54:26 | 002,720,768 | R--- | M] () -- C:\Windows\Installer\1e54a6c.msp
[2011/04/06 20:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\1e54a82.msp
[2011/05/18 21:55:38 | 019,624,448 | R--- | M] () -- C:\Windows\Installer\1e54a98.msp
[2011/07/27 06:42:04 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\1e54aab.msp
[2009/01/07 20:25:16 | 005,046,784 | R--- | M] () -- C:\Windows\Installer\20872db.msp
[2009/08/18 11:50:38 | 012,022,272 | R--- | M] () -- C:\Windows\Installer\2155614.msp
[2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\2155626.msp
[2009/09/17 13:03:58 | 004,873,216 | R--- | M] () -- C:\Windows\Installer\215564b.msp
[2009/09/18 08:30:44 | 005,016,576 | R--- | M] () -- C:\Windows\Installer\215565e.msp
[2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\2155670.msp
[2009/08/05 06:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\2155696.msp
[2008/08/18 11:37:12 | 003,561,984 | R--- | M] () -- C:\Windows\Installer\2170443.msp
[2008/05/20 23:45:28 | 005,246,976 | R--- | M] () -- C:\Windows\Installer\2170459.msp
[2008/08/11 10:49:32 | 022,457,344 | R--- | M] () -- C:\Windows\Installer\217046b.msp
[2008/08/11 10:51:14 | 015,916,544 | R--- | M] () -- C:\Windows\Installer\217048f.msp
[2008/08/20 13:37:52 | 005,107,712 | R--- | M] () -- C:\Windows\Installer\21704b5.msp
[2007/12/21 23:16:07 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\219c4.msi
[2007/12/21 23:16:48 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\219ca.msi
[2007/12/21 23:16:55 | 001,713,152 | ---- | M] () -- C:\Windows\Installer\219d0.msi
[2007/12/21 23:17:01 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\219d6.msi
[2007/12/21 23:17:06 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\219dc.msi
[2007/12/21 23:17:13 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\219e2.msi
[2007/12/21 23:17:18 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\219ea.msi
[2007/12/21 23:17:25 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\219f1.msi
[2007/12/21 23:17:29 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\219f7.msi
[2007/12/21 23:17:34 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\219fd.msi
[2007/12/21 23:19:19 | 009,613,312 | ---- | M] () -- C:\Windows\Installer\21a17.msi
[2007/12/21 23:20:24 | 001,046,016 | ---- | M] () -- C:\Windows\Installer\21a1e.msi
[2007/03/21 08:46:30 | 008,198,656 | R--- | M] () -- C:\Windows\Installer\21a2f.msp
[2007/03/21 08:46:30 | 002,047,488 | R--- | M] () -- C:\Windows\Installer\21a41.msp
[2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\226101d.msp
[2010/11/18 19:05:05 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\2261026.msp
[2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\2261042.msp
[2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\2261043.msp
[2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\2261056.msp
[2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\226107a.msp
[2010/11/18 19:07:55 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\2261095.msp
[2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\22610a7.msp
[2010/09/23 21:02:28 | 000,798,208 | R--- | M] () -- C:\Windows\Installer\22610c1.msp
[2010/11/10 14:12:50 | 001,797,632 | ---- | M] () -- C:\Windows\Installer\232a91.msi
[2011/04/28 04:42:32 | 004,990,976 | R--- | M] () -- C:\Windows\Installer\233bca.msp
[2011/04/29 11:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\233bdc.msp
[2011/04/22 18:41:34 | 011,507,712 | R--- | M] () -- C:\Windows\Installer\233c08.msp
[2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\249fffc.msp
[2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\24a0020.msp
[2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\24a0044.msp
[2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\24a0068.msp
[2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\24a008c.msp
[2010/10/21 18:12:42 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\24a00b2.msp
[2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\24a00c4.msp
[2012/07/08 14:31:32 | 000,176,128 | ---- | M] () -- C:\Windows\Installer\26a153.msi
[2010/01/12 20:30:26 | 003,188,224 | ---- | M] () -- C:\Windows\Installer\26a3cd0.msi
[2010/01/12 20:34:03 | 013,247,488 | R--- | M] () -- C:\Windows\Installer\26a4288.msp
[2008/02/25 19:37:52 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\26ce20e.msi
[2008/02/25 19:37:59 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\26ce214.msi
[2008/02/25 19:38:25 | 002,022,912 | ---- | M] () -- C:\Windows\Installer\26ce21e.msi
[2008/02/25 19:39:09 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\26ce238.msi
[2008/02/25 19:41:58 | 012,836,352 | ---- | M] () -- C:\Windows\Installer\26ce245.msi
[2009/09/23 20:33:48 | 000,049,664 | ---- | M] () -- C:\Windows\Installer\27024ef.msi
[2009/09/23 20:33:50 | 015,709,696 | R--- | M] () -- C:\Windows\Installer\27024f6.msp
[2009/05/09 22:12:55 | 001,549,312 | ---- | M] () -- C:\Windows\Installer\279f30d.msi
[2012/01/28 11:47:43 | 001,313,280 | ---- | M] () -- C:\Windows\Installer\28329.msi
[2011/03/24 18:59:04 | 016,826,368 | R--- | M] () -- C:\Windows\Installer\28912cd.msp
[2010/01/24 22:44:37 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\2a08c4c.msp
[2009/12/03 14:15:12 | 005,004,288 | R--- | M] () -- C:\Windows\Installer\2a08c5f.msp
[2010/03/11 22:59:18 | 005,031,424 | R--- | M] () -- C:\Windows\Installer\2c3f3b1.msp
[2010/02/21 00:02:24 | 004,195,840 | R--- | M] () -- C:\Windows\Installer\2c3f3c5.msp
[2010/02/21 00:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\2c3f3dd.msp
[2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\2c3f3ef.msp
[2010/01/28 22:41:08 | 018,015,232 | R--- | M] () -- C:\Windows\Installer\2f6b4d2.msp
[2010/04/09 14:21:24 | 005,025,792 | R--- | M] () -- C:\Windows\Installer\302a7.msp
[2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\302b9.msp
[2010/01/14 21:26:08 | 005,027,840 | R--- | M] () -- C:\Windows\Installer\30bcd4f.msp
[2008/02/07 21:57:13 | 003,881,984 | R--- | M] () -- C:\Windows\Installer\32294f9.msp
[2012/07/08 20:41:24 | 002,295,808 | ---- | M] () -- C:\Windows\Installer\3253c1.msi
[2012/04/04 05:17:36 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\3253c2.msp
[2009/03/19 20:35:24 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\34b69.msp
[2009/03/19 20:35:07 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\34b70.msp
[2009/03/24 16:22:49 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\34b78.msp
[2009/03/19 20:33:58 | 000,428,544 | R--- | M] () -- C:\Windows\Installer\34be2.msp
[2009/03/19 20:32:40 | 000,170,496 | R--- | M] () -- C:\Windows\Installer\34bf8.msp
[2009/03/24 16:20:26 | 002,630,656 | R--- | M] () -- C:\Windows\Installer\34c6e.msp
[2009/10/20 20:42:51 | 000,027,648 | ---- | M] () -- C:\Windows\Installer\357fd87.msi
[2009/10/20 20:43:08 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\357fd8d.msi
[2012/07/08 13:53:27 | 000,863,744 | ---- | M] () -- C:\Windows\Installer\3a314.msi
[2012/07/08 13:56:31 | 000,457,216 | ---- | M] () -- C:\Windows\Installer\3a318.msi
[2008/05/21 00:30:40 | 014,308,864 | R--- | M] () -- C:\Windows\Installer\3f31edc.msp
[2012/03/24 12:31:07 | 015,585,792 | R--- | M] () -- C:\Windows\Installer\4254b1.msp
[2008/10/10 06:48:06 | 009,688,064 | R--- | M] () -- C:\Windows\Installer\42bd7.msp
[2008/11/13 22:40:50 | 000,432,640 | ---- | M] () -- C:\Windows\Installer\42bdf.msi
[2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\Windows\Installer\42bf0.msp
[2008/10/10 06:39:06 | 001,926,144 | R--- | M] () -- C:\Windows\Installer\42c0a.msp
[2008/10/20 10:19:14 | 005,100,032 | R--- | M] () -- C:\Windows\Installer\42c1e.msp
[2008/10/10 06:52:50 | 005,195,264 | R--- | M] () -- C:\Windows\Installer\42c27.msp
[2007/07/21 12:26:34 | 007,574,016 | R--- | M] () -- C:\Windows\Installer\46334bd.msp
[2007/03/27 15:14:06 | 005,566,464 | R--- | M] () -- C:\Windows\Installer\46334e2.msp
[2007/04/21 19:16:22 | 012,490,752 | R--- | M] () -- C:\Windows\Installer\4633506.msp
[2008/10/10 06:39:56 | 018,344,960 | R--- | M] () -- C:\Windows\Installer\46cec.msp
[2008/10/10 06:31:34 | 018,447,872 | R--- | M] () -- C:\Windows\Installer\46cf5.msp
[2008/10/10 06:45:48 | 012,962,816 | R--- | M] () -- C:\Windows\Installer\46cfe.msp
[2008/10/10 06:51:38 | 014,699,520 | R--- | M] () -- C:\Windows\Installer\46d07.msp
[2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\480ba41.msp
[2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\480ba65.msp
[2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\480ba89.msp
[2011/11/01 13:34:58 | 004,225,536 | R--- | M] () -- C:\Windows\Installer\480bab4.msp
[2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\480bac6.msp
[2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\480baea.msp
[2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\480bb10.msp
[2008/02/25 14:08:26 | 005,050,368 | R--- | M] () -- C:\Windows\Installer\4890f.msp
[2008/01/28 17:10:56 | 014,201,344 | R--- | M] () -- C:\Windows\Installer\48933.msp
[2008/01/28 17:09:56 | 011,896,320 | R--- | M] () -- C:\Windows\Installer\48946.msp
[2008/02/25 14:07:18 | 011,772,416 | R--- | M] () -- C:\Windows\Installer\4896a.msp
[2011/01/14 09:58:05 | 003,056,128 | ---- | M] () -- C:\Windows\Installer\49de61.msi
[2011/01/14 10:00:09 | 008,009,728 | R--- | M] () -- C:\Windows\Installer\49e276.msp
[2009/07/27 03:32:20 | 005,028,352 | R--- | M] () -- C:\Windows\Installer\4bd0de6.msp
[2009/05/26 17:54:44 | 004,192,768 | R--- | M] () -- C:\Windows\Installer\4bd0dff.msp
[2012/03/25 09:25:34 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\4bec937.msi
[2008/10/10 06:30:10 | 019,258,880 | R--- | M] () -- C:\Windows\Installer\4c6de.msp
[2011/06/21 11:01:14 | 004,991,488 | R--- | M] () -- C:\Windows\Installer\4d5d11.msp
[2011/03/26 10:32:55 | 000,811,520 | ---- | M] () -- C:\Windows\Installer\4dc5a9.msi
[2011/03/26 10:33:11 | 001,984,000 | ---- | M] () -- C:\Windows\Installer\4dc5dc.msi
[2011/03/26 10:35:35 | 003,085,312 | ---- | M] () -- C:\Windows\Installer\4dc61d.msi
[2011/03/26 10:39:32 | 009,472,000 | ---- | M] () -- C:\Windows\Installer\4dcd80.msi
[2011/03/26 10:43:25 | 005,448,704 | ---- | M] () -- C:\Windows\Installer\4dd0b5.msi
[2008/07/16 18:01:04 | 005,110,272 | R--- | M] () -- C:\Windows\Installer\4e1e8.msp
[2008/04/11 17:48:24 | 006,774,272 | R--- | M] () -- C:\Windows\Installer\4e1fc.msp
[2008/07/03 10:37:46 | 011,759,104 | R--- | M] () -- C:\Windows\Installer\4e220.msp
[2008/07/03 10:36:32 | 011,937,792 | R--- | M] () -- C:\Windows\Installer\4e244.msp
[2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\4f5000a.msp
[2010/04/24 16:07:04 | 010,118,144 | R--- | M] () -- C:\Windows\Installer\4f5002f.msp
[2010/05/18 22:35:24 | 005,023,744 | R--- | M] () -- C:\Windows\Installer\4f50055.msp
[2010/04/24 16:05:14 | 004,199,424 | R--- | M] () -- C:\Windows\Installer\4f50069.msp
[2010/07/11 11:03:38 | 001,160,192 | ---- | M] () -- C:\Windows\Installer\4f50070.msi
[2011/12/08 19:24:04 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\53edea.msp
[2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\53edf2.msp
[2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\Windows\Installer\53edf9.msp
[2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\54ebbeb.msp
[2010/11/20 23:35:20 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\54ebc11.msp
[2010/12/29 12:27:10 | 020,304,384 | R--- | M] () -- C:\Windows\Installer\54ebc1d.msp
[2010/10/21 18:10:00 | 003,995,136 | R--- | M] () -- C:\Windows\Installer\54ebc34.msp
[2011/11/21 22:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\5694a51.msp
[2012/01/14 10:29:09 | 007,880,704 | R--- | M] () -- C:\Windows\Installer\571e145.msp
[2012/01/05 11:49:17 | 003,246,080 | ---- | M] () -- C:\Windows\Installer\57997db.msi
[2009/02/06 22:31:16 | 005,047,808 | R--- | M] () -- C:\Windows\Installer\59b0627.msp
[2009/04/24 11:29:02 | 009,013,760 | R--- | M] () -- C:\Windows\Installer\5a3b76c.msp
[2009/04/14 03:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\5a3b786.msp
[2009/06/13 10:14:21 | 000,648,192 | ---- | M] () -- C:\Windows\Installer\5a3b78d.msi
[2008/12/13 08:58:22 | 000,754,688 | R--- | M] () -- C:\Windows\Installer\5a3b798.msp
[2009/04/14 02:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\5a3b7a0.msp
[2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\5a3b7b2.msp
[2009/05/07 08:17:54 | 005,026,816 | R--- | M] () -- C:\Windows\Installer\5a3b7d8.msp
[2009/04/04 09:14:58 | 001,094,656 | R--- | M] () -- C:\Windows\Installer\5a3b7e4.msp
[2009/04/04 10:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\5a3b7e5.msp
[2009/04/04 16:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\5a3b804.msp
[2009/04/04 16:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\5a3b98a.msp
[2009/04/04 16:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\5a3ba55.msp
[2009/04/04 16:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\5a3ba5f.msp
[2009/04/04 16:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\5a3ba67.msp
[2009/04/14 03:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\5a3ba70.msp
[2009/04/24 11:28:00 | 004,450,816 | R--- | M] () -- C:\Windows\Installer\5a3ba84.msp
[2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\5a3baa7.msp
[2009/05/07 08:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\5a3bac0.msp
[2009/04/14 02:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\5a3bac9.msp
[2009/04/22 14:14:18 | 004,869,632 | R--- | M] () -- C:\Windows\Installer\5a3bade.msp
[2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\5a3baf1.msp
[2009/04/14 03:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\5a3bb0b.msp
[2009/05/04 06:47:22 | 009,124,864 | R--- | M] () -- C:\Windows\Installer\5a3bb1e.msp
[2009/04/14 03:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\5a3bb39.msp
[2009/05/04 06:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\5a3bb4c.msp
[2008/09/02 10:42:16 | 005,104,640 | R--- | M] () -- C:\Windows\Installer\5c7e2.msp
[2008/02/05 17:47:17 | 003,856,384 | ---- | M] () -- C:\Windows\Installer\5cb6e.msi
[2008/02/05 17:51:31 | 008,096,256 | R--- | M] () -- C:\Windows\Installer\5d02e.msp
[2008/02/05 17:53:13 | 006,508,544 | R--- | M] () -- C:\Windows\Installer\5d422.msp
[2008/02/05 17:54:30 | 002,228,736 | R--- | M] () -- C:\Windows\Installer\5d50e.msp
[2008/02/05 17:55:06 | 004,192,768 | R--- | M] () -- C:\Windows\Installer\5d6f4.msp
[2009/03/10 15:30:41 | 000,184,832 | R--- | M] () -- C:\Windows\Installer\5efa7b2.msp
[2009/03/13 19:17:36 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\5efa7b9.msp
[2009/03/13 19:17:15 | 000,078,848 | R--- | M] () -- C:\Windows\Installer\5efa7c5.msp
[2009/03/13 19:16:22 | 002,057,728 | R--- | M] () -- C:\Windows\Installer\5efa846.msp
[2009/03/13 19:14:58 | 000,858,112 | R--- | M] () -- C:\Windows\Installer\5efa978.msp
[2009/03/13 19:13:40 | 003,161,088 | R--- | M] () -- C:\Windows\Installer\5efaa18.msp
[2009/04/14 03:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\5f01dff.msp
[2009/04/14 03:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\5f01e06.msp
[2009/05/04 06:49:40 | 010,955,776 | R--- | M] () -- C:\Windows\Installer\5f01e3f.msp
[2008/12/30 21:36:13 | 000,140,288 | R--- | M] () -- C:\Windows\Installer\6007a47.msp
[2008/12/30 21:35:58 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\6007a4e.msp
[2008/12/30 21:35:42 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\6007a5a.msp
[2008/12/30 21:35:02 | 001,701,888 | R--- | M] () -- C:\Windows\Installer\6007acf.msp
[2008/12/30 21:34:27 | 000,146,432 | R--- | M] () -- C:\Windows\Installer\6007ae3.msp
[2008/12/30 21:33:37 | 002,681,856 | R--- | M] () -- C:\Windows\Installer\6007b71.msp
[2011/03/05 12:41:06 | 015,301,120 | R--- | M] () -- C:\Windows\Installer\62ca7c6.msp
[2008/07/29 22:18:28 | 011,933,184 | R--- | M] () -- C:\Windows\Installer\63fdd.msp
[2008/07/29 22:20:14 | 011,767,296 | R--- | M] () -- C:\Windows\Installer\64001.msp
[2012/02/08 12:36:07 | 011,318,272 | R--- | M] () -- C:\Windows\Installer\653c265.msp
[2012/02/08 12:37:23 | 001,477,632 | R--- | M] () -- C:\Windows\Installer\653c281.msp
[2009/02/12 16:51:18 | 000,060,928 | R--- | M] () -- C:\Windows\Installer\663005e.msp
[2009/02/12 21:09:42 | 000,075,776 | R--- | M] () -- C:\Windows\Installer\6630066.msp
[2009/02/19 20:34:09 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\663006d.msp
[2009/02/19 20:33:47 | 000,151,552 | R--- | M] () -- C:\Windows\Installer\6630079.msp
[2009/02/19 20:31:58 | 001,038,336 | R--- | M] () -- C:\Windows\Installer\6630157.msp
[2009/02/19 20:32:58 | 002,235,392 | R--- | M] () -- C:\Windows\Installer\66301e7.msp
[2009/02/19 20:30:50 | 003,181,056 | R--- | M] () -- C:\Windows\Installer\6630299.msp
[2010/01/15 14:52:46 | 014,853,632 | R--- | M] () -- C:\Windows\Installer\684f21b.msp
[2008/08/14 09:10:14 | 000,532,992 | ---- | M] () -- C:\Windows\Installer\68f204.msi
[2010/01/15 15:09:31 | 002,111,488 | ---- | M] () -- C:\Windows\Installer\693934e.msi
[2009/01/29 20:24:09 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\695661.msp
[2009/01/29 20:23:50 | 000,143,360 | R--- | M] () -- C:\Windows\Installer\69566c.msp
[2009/01/29 20:23:12 | 003,186,688 | R--- | M] () -- C:\Windows\Installer\695701.msp
[2009/01/29 20:22:00 | 001,663,488 | R--- | M] () -- C:\Windows\Installer\695845.msp
[2009/01/29 20:20:50 | 003,939,840 | R--- | M] () -- C:\Windows\Installer\695945.msp
[2008/10/20 19:04:20 | 000,481,280 | ---- | M] () -- C:\Windows\Installer\6edd348.msi
[2010/02/27 17:58:20 | 021,258,752 | R--- | M] () -- C:\Windows\Installer\705aca6.msp
[2007/11/28 22:22:27 | 000,431,104 | ---- | M] () -- C:\Windows\Installer\70e769.msi
[2007/12/26 12:22:43 | 007,569,920 | ---- | M] () -- C:\Windows\Installer\7246f.msi
[2009/05/26 19:31:41 | 000,820,224 | R--- | M] () -- C:\Windows\Installer\738783e.msp
[2009/05/26 19:32:44 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\7387846.msp
[2009/05/26 19:33:03 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\738784d.msp
[2009/07/09 15:25:31 | 000,432,128 | R--- | M] () -- C:\Windows\Installer\73878b7.msp
[2009/05/26 19:30:08 | 001,134,592 | R--- | M] () -- C:\Windows\Installer\738790b.msp
[2009/01/13 19:53:07 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\73eb5d3.msp
[2009/01/13 19:53:10 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\73eb5db.msp
[2009/01/13 19:53:18 | 001,633,792 | R--- | M] () -- C:\Windows\Installer\73eb640.msp
[2009/01/13 19:53:25 | 001,986,048 | R--- | M] () -- C:\Windows\Installer\73eb7b6.msp
[2009/01/13 19:53:36 | 003,263,488 | R--- | M] () -- C:\Windows\Installer\73eb880.msp
[2009/01/13 19:55:56 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\73eb886.msi
[2011/01/31 21:08:30 | 010,939,392 | R--- | M] () -- C:\Windows\Installer\74d6213.msp
[2011/04/02 18:13:31 | 000,953,344 | ---- | M] () -- C:\Windows\Installer\780f7a5.msi
[2009/11/26 07:03:56 | 000,429,568 | ---- | M] () -- C:\Windows\Installer\79e47.msi
[2009/08/18 12:57:54 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\79e58.msp
[2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\79e7c.msp
[2009/08/18 13:19:26 | 010,098,688 | R--- | M] () -- C:\Windows\Installer\79ea1.msp
[2009/10/16 07:03:20 | 005,003,776 | R--- | M] () -- C:\Windows\Installer\79ec7.msp
[2008/02/26 20:34:50 | 013,569,024 | ---- | M] () -- C:\Windows\Installer\7c358f5.msi
[2008/02/26 20:35:38 | 000,618,496 | ---- | M] () -- C:\Windows\Installer\7c358fb.msi
[2008/02/26 20:36:12 | 004,669,952 | ---- | M] () -- C:\Windows\Installer\7c35902.msi
[2008/02/26 20:46:09 | 010,113,024 | ---- | M] () -- C:\Windows\Installer\7c3591e.msi
[2008/02/26 20:46:10 | 000,106,496 | ---- | M] () -- C:\Windows\Installer\7c35920.msi
[2008/02/26 20:46:46 | 013,121,024 | ---- | M] () -- C:\Windows\Installer\7c35922.msi
[2011/07/11 16:19:28 | 010,619,904 | R--- | M] () -- C:\Windows\Installer\7f440bc.msp
[2011/09/21 15:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\7f440ce.msp
[2011/10/17 23:17:27 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\7f440da.msp
[2008/04/18 13:56:18 | 006,215,680 | R--- | M] () -- C:\Windows\Installer\8e2dbae.msp
[2008/04/25 19:14:40 | 005,052,928 | R--- | M] () -- C:\Windows\Installer\8e2dbd4.msp
[2008/04/11 17:08:12 | 006,302,720 | R--- | M] () -- C:\Windows\Installer\8e2dbec.msp
[2008/04/11 17:07:02 | 013,257,728 | R--- | M] () -- C:\Windows\Installer\8e2dc00.msp
[2008/03/17 16:55:22 | 005,049,344 | R--- | M] () -- C:\Windows\Installer\90fc5a1.msp
[2008/01/28 17:07:20 | 019,034,624 | R--- | M] () -- C:\Windows\Installer\90fc5b3.msp
[2008/02/15 07:54:20 | 009,736,192 | R--- | M] () -- C:\Windows\Installer\90fc5d6.msp
[2009/11/17 18:29:46 | 004,870,656 | R--- | M] () -- C:\Windows\Installer\9128361.msp
[2009/10/16 07:09:28 | 002,518,016 | R--- | M] () -- C:\Windows\Installer\9128372.msp
[2009/11/20 23:36:14 | 005,002,752 | R--- | M] () -- C:\Windows\Installer\9128398.msp
[2008/01/28 18:09:04 | 005,055,488 | R--- | M] () -- C:\Windows\Installer\92b0291.msp
[2009/08/18 11:56:58 | 005,020,672 | R--- | M] () -- C:\Windows\Installer\95c83.msp
[2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\95c8e.msp
[2007/08/29 20:39:53 | 001,022,464 | ---- | M] () -- C:\Windows\Installer\aa67.msi
[2007/08/29 20:39:56 | 000,647,168 | ---- | M] () -- C:\Windows\Installer\aa6e.msi
[2007/08/29 20:39:58 | 001,063,424 | ---- | M] () -- C:\Windows\Installer\aa75.msi
[2007/08/29 20:40:09 | 001,309,184 | ---- | M] () -- C:\Windows\Installer\aa8c.msi
[2007/08/29 20:40:13 | 001,062,912 | ---- | M] () -- C:\Windows\Installer\aa93.msi
[2007/08/29 20:40:18 | 001,271,296 | ---- | M] () -- C:\Windows\Installer\aa9a.msi
[2007/08/29 20:40:22 | 001,934,336 | ---- | M] () -- C:\Windows\Installer\aaa2.msi
[2012/04/01 11:36:13 | 000,188,416 | ---- | M] () -- C:\Windows\Installer\ab5ec9.msi
[2007/08/29 20:47:24 | 029,127,168 | ---- | M] () -- C:\Windows\Installer\ab60.msi
[2007/08/29 20:47:34 | 000,668,672 | ---- | M] () -- C:\Windows\Installer\abfd.msi
[2007/08/29 20:47:56 | 001,788,416 | ---- | M] () -- C:\Windows\Installer\ac04.msi
[2007/08/29 20:52:10 | 004,537,344 | ---- | M] () -- C:\Windows\Installer\ac33.msi
[2007/08/29 20:52:37 | 000,314,880 | ---- | M] () -- C:\Windows\Installer\ac39.msi
[2011/10/28 14:34:19 | 004,714,496 | ---- | M] () -- C:\Windows\Installer\aef62.msi
[2011/01/14 11:53:08 | 002,012,672 | ---- | M] () -- C:\Windows\Installer\b10a11.msi
[2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\b1198.msp
[2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\b119f.msp
[2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\Windows\Installer\b11b2.msp
[2008/11/13 02:55:32 | 001,306,624 | R--- | M] () -- C:\Windows\Installer\bae01.msp
[2008/10/20 10:18:14 | 006,474,240 | R--- | M] () -- C:\Windows\Installer\bae13.msp
[2008/11/26 11:01:50 | 003,667,456 | R--- | M] () -- C:\Windows\Installer\bae37.msp
[2008/11/13 02:57:00 | 005,099,520 | R--- | M] () -- C:\Windows\Installer\bae4a.msp
[2008/10/20 10:16:58 | 013,211,648 | R--- | M] () -- C:\Windows\Installer\bae5d.msp
[2008/10/20 10:21:40 | 011,937,280 | R--- | M] () -- C:\Windows\Installer\bae81.msp
[2008/10/20 10:22:54 | 011,758,592 | R--- | M] () -- C:\Windows\Installer\baea5.msp
[2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\bb80d6.msp
[2011/01/11 16:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\bb80fa.msp
[2010/12/21 12:06:38 | 011,570,688 | R--- | M] () -- C:\Windows\Installer\bb812c.msp
[2011/03/17 19:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\bb813e.msp
[2011/02/11 07:43:44 | 010,951,168 | R--- | M] () -- C:\Windows\Installer\bb815e.msp
[2010/11/20 22:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\bb8170.msp
[2011/03/17 19:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\bb818a.msp
[2011/04/27 15:44:50 | 020,314,624 | R--- | M] () -- C:\Windows\Installer\bb819d.msp
[2011/01/11 16:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\bb81ae.msp
[2011/03/17 19:05:24 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\bb81d4.msp
[2012/05/17 21:38:30 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\c4510bc.msp
[2012/02/17 06:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\c4510cc.msp
[2012/04/28 19:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\c4510f0.msp
[2012/03/15 00:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\c451114.msp
[2011/12/15 11:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\c45113b.msp
[2012/04/04 20:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\c45114c.msp
[2012/04/30 12:38:28 | 005,011,456 | R--- | M] () -- C:\Windows\Installer\c451172.msp
[2012/04/28 19:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\c451185.msp
[2012/01/19 11:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\c4511a2.msp
[2011/12/22 14:50:54 | 000,256,000 | R--- | M] () -- C:\Windows\Installer\c4511a9.msp
[2012/04/28 19:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\c4511bb.msp
[2012/04/04 20:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\c4511df.msp
[2012/02/25 13:29:59 | 013,556,736 | R--- | M] () -- C:\Windows\Installer\c50601.msp
[2012/02/25 13:31:28 | 003,023,872 | R--- | M] () -- C:\Windows\Installer\c50618.msp
[2012/02/29 22:45:14 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\c60b5b.msp
[2011/09/15 17:35:54 | 001,411,072 | R--- | M] () -- C:\Windows\Installer\c60b67.msp
[2011/09/15 17:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\c60b68.msp
[2011/09/15 17:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\c60b85.msp
[2011/09/15 17:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\c60cd5.msp
[2011/09/15 17:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\c60e45.msp
[2011/09/15 17:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\c60e51.msp
[2011/09/15 17:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\c60e5b.msp
[2009/02/25 18:07:14 | 011,646,464 | R--- | M] () -- C:\Windows\Installer\c85de30.msp
[2009/02/25 18:05:14 | 011,840,000 | R--- | M] () -- C:\Windows\Installer\c85de54.msp
[2011/01/02 08:05:40 | 025,114,624 | R--- | M] () -- C:\Windows\Installer\e3ebc.msp
[2009/03/19 15:15:00 | 000,035,328 | R--- | M] () -- C:\Windows\Installer\ec8073b.msp
[2009/10/20 05:18:45 | 005,035,008 | ---- | M] () -- C:\Windows\Installer\ec85b.msi
[2012/06/20 08:26:26 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
[2009/05/09 22:12:30 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AFA20D47-69C3-4030-8DF8-D37466E70F13}.SchedServiceConfig.rmi
[2011/03/26 10:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CACAEB5F-174D-4C7C-AC56-A33289A807CA}.SchedServiceConfig.rmi
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %windir%\system32\tasks\*.* >
[2012/05/04 15:17:23 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
[2007/11/27 12:05:24 | 000,003,638 | ---- | M] () -- C:\Windows\system32\tasks\ExtendedServicePlan
[2012/03/25 09:25:32 | 000,003,624 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
[2012/03/25 09:25:32 | 000,003,876 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
[2012/03/23 12:50:50 | 000,003,384 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001Core
[2012/03/23 12:50:50 | 000,003,780 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001UA
[2012/07/09 09:10:43 | 000,003,558 | ---- | M] () -- C:\Windows\system32\tasks\HP Health Check
[2007/12/06 14:02:17 | 000,003,830 | ---- | M] () -- C:\Windows\system32\tasks\IntenetServiceOffers
[2007/08/29 21:13:21 | 000,003,334 | ---- | M] () -- C:\Windows\system32\tasks\JavaUpdateAdministrator
[2007/11/27 12:06:02 | 000,003,294 | ---- | M] () -- C:\Windows\system32\tasks\JavaUpdateArleen
[2007/11/27 12:05:23 | 000,003,920 | ---- | M] () -- C:\Windows\system32\tasks\RecoveryCD
[2007/12/06 14:32:16 | 000,003,820 | ---- | M] () -- C:\Windows\system32\tasks\Registration
[2007/11/27 12:05:25 | 000,003,628 | ---- | M] () -- C:\Windows\system32\tasks\ServicePlan
[2012/07/05 09:56:29 | 000,003,932 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}
[2008/01/04 19:46:19 | 000,003,034 | ---- | M] () -- C:\Windows\system32\tasks\{0326A55F-17C4-44D1-85D9-435762DD4A46}
[2011/03/10 18:57:00 | 000,003,162 | ---- | M] () -- C:\Windows\system32\tasks\{7D66E6A8-4F63-45E1-B820-252F58648268}
[2011/11/14 10:41:57 | 000,003,074 | ---- | M] () -- C:\Windows\system32\tasks\{96BED63D-088E-4387-BF20-85678F524E71}

< %systemroot%\Fonts\*.exe >

< %systemroot%\*. /mp /s >

< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/28 22:31:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/28 22:31:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008/01/19 01:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\erdnt\cache\regedit.exe
[2008/01/19 01:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008/01/19 01:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006/11/02 03:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.0.6002
Copyright (C) 1999-2007 Microsoft Corporation.
On computer: ARLEEN-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 C HP NTFS Partition 289 GB Healthy System
Volume 2 D FACTORY_IMA NTFS Partition 9 GB Healthy
Volume 3 G Removable 0 B No Media
Volume 4 H Removable 0 B No Media
Volume 5 I Removable 0 B No Media
Volume 6 J Removable 0 B No Media

< End of report >
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
09-Jul-2012, 10:54 PM #10
OTL Extras
OTL Extras logfile created on: 7/9/2012 7:45:22 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\mom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19272)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.86% Memory free
6.07 Gb Paging File | 4.85 Gb Available in Paging File | 79.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 289.24 Gb Total Space | 147.89 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
Drive D: | 8.85 Gb Total Space | 0.85 Gb Free Space | 9.59% Space Free | Partition Type: NTFS

Computer Name: ARLEEN-PC | User Name: mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfil e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProf ile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{06EC42B2-3A4F-444B-A864-A096BA3B778A}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{08EFB6D0-F6F3-47AB-B7B8-B2226D8E2EFE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{12EEF55A-DDB6-4680-9129-92823C357EAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{13B3D591-6A2C-4ECF-8290-713D82A1CD34}" = lport=139 | protocol=6 | dir=in | app=system |
"{1BDD5F6A-6FEE-443D-91C6-A2FB330BE3A2}" = lport=138 | protocol=17 | dir=in | app=system |
"{23EEE64B-C282-4B34-957F-40C3DBA090F8}" = rport=137 | protocol=17 | dir=out | app=system |
"{24F2DE2E-355E-400D-8C07-E47625C1806E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36775E67-6859-453A-804A-7D0C1F8B2917}" = lport=137 | protocol=17 | dir=in | app=system |
"{4998C9D1-05BD-4B5F-8294-B2360980418C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4A2F3AC4-5B20-4685-8C0D-A7CF9AA4E50C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{54AA7D89-ABDA-40AE-9126-19E841E342C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66F0C303-EFDF-4268-911E-803589BD4701}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74E1784F-BB65-46D6-9981-34B7EEB39729}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7BBD7C2F-A0B4-4A93-867F-F4AAD1CC2FD5}" = lport=445 | protocol=6 | dir=in | app=system |
"{7E9C8C94-7235-4543-89FC-CBD81C6437C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{8DB9211D-3A96-41AD-BAB5-CB46D4763544}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E19A119-5C17-4715-91DA-9EB9C514D5AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA4F2410-44DE-43C1-9779-6C91B1574827}" = rport=139 | protocol=6 | dir=out | app=system |
"{AE65968D-5657-47B5-BE2F-9A29A79E70C1}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{C91F883D-4AD0-4955-BA12-1A1AFD7BB62E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F7C39ADA-4886-4842-9289-547DC11B53CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9E47E1B-7DAE-486F-A69F-5C442FFFA982}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0A5FCF87-6C31-4DDC-BEA3-0E066C83A94E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0BF38885-0ED6-4E0F-B5C9-0E29F949A696}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{13BCDB60-25FB-4AF1-A7AB-1A6792D85C83}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E734FBD-4F11-4D92-8F2F-66A50D330AD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A4F9518-FC6E-4ED0-BDE3-E1E774C1BA9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BA09E3C-DAA2-4F3C-A36B-A139E49F44A3}" = protocol=6 | dir=out | app=system |
"{2DBED044-B711-46FC-8FA6-2DA68999202E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3131E907-5980-4275-B3DF-086378FEEFF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40393739-4BF6-4825-9F00-8D5A95783114}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{47284CE8-C133-4251-B0EE-D71023A038CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{47F898A0-80F9-4E45-A50A-603A1CE00FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4B7D9A13-9414-4894-938E-ADA09AF04E70}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4DDEC94A-E397-467E-8D66-C08C05627E68}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4DFD4DC3-C091-4AE2-BCC1-CDDB44E220BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5A7547B8-CEE7-41FB-ABE3-89766965B068}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5EDA5B7C-B0E8-479A-BA9A-FBA8100552F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{79293B4A-5268-4B7F-9B2A-D3BC65638BB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8552C9C7-850C-40AC-9B33-FD7783515BD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{890A443B-F0EE-41A8-82D1-701F9F56A485}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{924CED4F-1D1E-4A3F-A7BF-F31123A020A6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{952F8DBB-0F71-43CE-B87C-409CBCFD5615}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9C206F8A-AFBA-4B35-A0E9-85A5F22408D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A215A372-FDFC-413D-9224-0E6B89B1B9ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE45025B-964F-41CD-96F3-663043A10C2E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C230BF63-848D-493C-9979-2DF6F095CDC8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C8FC352E-67C6-4723-B3AA-5EB6D4DFB592}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{D7E8EA3B-575B-4436-9F0B-473B7D61F5B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E527E310-1871-47B5-AC43-DC24871C7B25}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{E97F4C7E-75FE-4B50-BFEC-DD406E55DF1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC181848-DC40-4692-ACC5-6EB4C018C4DB}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{FC77F0A2-9B4A-4DCF-AF1E-4F80D0297ACA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{FF6346E9-4C4C-4538-A136-A3975C2CBA5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{8851FD0F-BF8B-4EE4-A9A1-A1E21ECE64A4}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |
"TCP Query User{986C53C5-C316-42A6-8A42-DABD877282B8}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |
"UDP Query User{7946C210-C2E8-4877-8CF7-075C13E7BD4C}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |
"UDP Query User{C42B832B-AF18-4AE6-943E-5FF12BE02C2D}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr. Printer
"{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804" = CanoScan 8600F
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.7
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E06692C-9835-4A72-B157-3084A2EEF158}" = H&R Block Alabama 2009
"{3E913965-40E7-4801-8C53-82A61E1533E7}" = Shipping Assistant 3.7
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}" = NETGEAR WNA1000M Wireless USB 2.0 Adapter
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
"{99963897-49E1-4DD2-885E-B2EAF4D4D58E}" = H&R Block Alabama 2010
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
"{C1D866C2-AFD7-460E-AF57-BE85F37A7304}" = H&R Block Alabama 2011
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C5EF7396-54AB-4D78-B83D-B211D977BB74}" = TurboTax 2008 waliper
"{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Canon CanoScan 8600F User Registration" = Canon CanoScan 8600F User Registration
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Hamachi" = Hamachi 1.0.3.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}" = NETGEAR WNA1000M Wireless USB 2.0 Adapter
"JumpStart Typing" = JumpStart Typing
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PremElem20" = Adobe Premiere Elements 2.0
"PROR" = Microsoft Office Professional 2007
"Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
"Rhapsody" = Rhapsody
"Samsung ML-2510 Series" = Samsung ML-2510 Series
"sp35183" = sp35183
"TaxCut Premium 2006" = TaxCut Premium 2006
"TrueCrypt" = TrueCrypt
"TurboTax 2008" = TurboTax 2008
"Yahoo! Search Defender" = Yahoo! Search Protection

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2012 1:27:22 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/9/2012 1:27:22 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1076

Error - 7/9/2012 1:27:22 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1076

Error - 7/9/2012 1:27:23 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/9/2012 1:27:23 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2262

Error - 7/9/2012 1:27:23 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2262

Error - 7/9/2012 1:27:24 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/9/2012 1:27:24 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3323

Error - 7/9/2012 1:27:24 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3323

Error - 7/9/2012 7:10:13 PM | Computer Name = Arleen-PC | Source = Application Error | ID = 1000
Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
exception code 0xe0434f4d, fault offset 0x0003fc56, process id 0x1228, application
start time 0x01cd5e27a0469c50.

[ Media Center Events ]
Error - 5/26/2008 9:53:28 AM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/28/2008 1:52:39 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 10:40:04 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/30/2008 11:15:53 AM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/3/2008 1:23:43 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 1/27/2009 2:35:37 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 1:18:58 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 5:03:54 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/7/2009 6:45:17 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/15/2010 11:37:21 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/13/2008 5:54:16 AM | Computer Name = Arleen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8423
seconds with 8220 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/8/2012 10:40:30 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/8/2012 11:01:25 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/8/2012 11:02:17 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 7/8/2012 11:02:24 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/8/2012 11:07:55 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/8/2012 11:12:53 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 7/9/2012 11:08:59 AM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/9/2012 9:31:09 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/9/2012 9:31:39 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 7/9/2012 9:31:44 PM | Computer Name = Arleen-PC | Source = volsnap | ID = 393232
Description = The shadow copies of volume D: were aborted because volume D:, which
contains shadow copy storage for this shadow copy, was force dismounted.


< End of report >
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
11-Jul-2012, 03:25 PM #11
Thanks

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mom\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]
    [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
    :Files
    c:\users\mom\Documents\*.tmp
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


-------------------

Then, can you do the following:

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:
    :file
    C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
    C:\Windows\System32\drivers\tmeevw.sys
    C:\Windows\System32\drivers\WNA1000M.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found at on your Desktop entitled SystemLook.txt


eddie
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
11-Jul-2012, 04:52 PM #12
more scans
Here's the OTL "run Fix"


All processes killed
========== OTL ==========
Error: Unable to stop service Amsp!
Unable to delete service\driver key Amsp.
File C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe not found.
Service SymIMMP stopped successfully!
Service SymIMMP deleted successfully!
File system32\DRIVERS\SymIM.sys not found.
Service PcdrNdisuio stopped successfully!
Service PcdrNdisuio deleted successfully!
File system32\DRIVERS\pcdrndisuio.sys not found.
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\mom\AppData\Local\Temp\catchme.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Windows\msdownld.tmp\AS2D8362.tmp folder deleted successfully.
C:\Windows\msdownld.tmp\AS2D8297.tmp folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\QT$INST$.TMP\QTINSTAL.HLP deleted successfully.
C:\QT$INST$.TMP folder deleted successfully.
C:\Windows\Installer\MSIB67.tmp deleted successfully.
========== FILES ==========
File\Folder c:\users\mom\Documents\*.tmp not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mom\Desktop\cmd.bat deleted successfully.
C:\Users\mom\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Margaret
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: mom
->Temp folder emptied: 2196093 bytes
->Temporary Internet Files folder emptied: 9479379 bytes
->Java cache emptied: 389 bytes
->Google Chrome cache emptied: 163360851 bytes
->Flash cache emptied: 41550 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rich
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 29696 bytes

Total Files Cleaned = 167.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Margaret

User: mom
->Java cache emptied: 0 bytes

User: Public

User: Rich

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Margaret

User: mom
->Flash cache emptied: 0 bytes

User: Public

User: Rich

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07112012_144051

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
11-Jul-2012, 04:54 PM #13
System Look scan
SystemLook 30.07.11 by jpshortstuff
Log created at 14:53 on 11/07/2012 by mom
Administrator - Elevation successful

========== file ==========

C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe - File found and opened.
MD5: B7FB48205F2E7FC9810B001CC0B46B55
Created at 15:34 on 22/02/2011
Modified at 15:34 on 22/02/2011
Size: 2079200 bytes
Attributes: --a----
FileDescription: NetgearCUv3 MFC Application
FileVersion: 4, 20, 132, 0
ProductVersion: 4, 20, 132, 0
OriginalFilename: NetgearCUv3.exe
InternalName: NETGEAR Smart Configuration
ProductName: NetgearCUv3 Application
LegalCopyright: Copyright (C) 2007

C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe - File found and opened.
MD5: EAF90575D9914C8104214E19F1D396B0
Created at 04:18 on 17/11/2010
Modified at 04:18 on 17/11/2010
Size: 174560 bytes
Attributes: --a----
FileDescription: WlanSvc Application
FileVersion: 1, 0, 0, 4
ProductVersion: 1, 0, 0, 4
OriginalFilename: WlanSvc.exe
InternalName: WlanSvc
ProductName: WlanSvc Application
LegalCopyright: Copyright (C) 2008

C:\Windows\System32\drivers\tmeevw.sys - File found and opened.
MD5: F49CA5C26378F4D5603F2A2FC86E09A1
Created at 18:09 on 28/01/2012
Modified at 17:38 on 28/01/2012
Size: 55056 bytes
Attributes: --a----
FileDescription: Trend Micro EagleEye Driver (VW) (i386-fre)
FileVersion: 1.0.0.1190
ProductVersion: 1.0
OriginalFilename: tmeevw.sys
InternalName: tmeevw
ProductName: Trend Micro EagleEye
CompanyName: Trend Micro Inc.
LegalCopyright: Copyright (C) 2010 - 2011 Trend Micro Incorporated. All rights reserved.
Comments:

C:\Windows\System32\drivers\WNA1000M.sys - File found and opened.
MD5: 1E4D2FD94E4F69431F376814B9B2BBD6
Created at 22:03 on 31/01/2011
Modified at 22:03 on 31/01/2011
Size: 700520 bytes
Attributes: --a----
FileDescription: Realtek RTL8192C USB NDIS Driver
FileVersion: 1012.1.0131.2011 built by: WinDDK
ProductVersion: 1012.1.0131.2011
OriginalFilename: Rtl8192cu.sys
InternalName: Rtl8192cu.sys
ProductName: Realtek RTL8192C Wireless USB 2.0 Adapter
CompanyName: Realtek Semiconductor Corporation
LegalCopyright: Copyright (C) 2008 Realtek Semiconductor Corporation

-= EOF =-
rarodrig's Avatar
rarodrig rarodrig is offline
Member with 307 posts.
THREAD STARTER
 
Join Date: Aug 2002
Location: Colorado
Experience: Intermediate
12-Jul-2012, 01:04 PM #14
Crashing
At startup this morning, PC crashed twice.

Error Event log:
DCOM error 1084 attempted to start service Wsearch with arguments "" in order to run server: 1BE1F766-5536-11D1-00C04FB926AF

DCOM error 1084 starting service ShellHWDetection with arguments "" to run ...

COM+ Event System bad return code Hresult was 8007043c from line 45 ....

Is this this malware related or do I have a h/w issue as well?

Should I back up files from this PC or will the ext HDD get infected? Also, I had shared a couple of MS Office files from this PC to my laptop.... Should I be concerned about Malware on the laptop?

Last edited by rarodrig; 12-Jul-2012 at 02:52 PM.. Reason: added question
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,353 posts.
 
Join Date: Mar 2001
Location: Bradford, England
15-Jul-2012, 12:20 PM #15
Are these were blue screens that you're getting, or are they just messages popping up?

Wsearch is actually related to malware.

---

If its just messages, can you do this for me:

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.
  • Please download the Event Viewer Tool by Vino Rosso:

    http://images.malwareremoval.com/vino/VEW.exe

    and save it to your Desktop.
  • Right-click VEW.exe and Run AS Administrator
  • Under Select log to query, select:

    System

  • Under Select type to list, select:

    * Error
    * Warning



    Then use the Number of events as follows:

  • Click the radio button for Number of events
  • Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.


-----------

Then, can you re-run SystemLook, but with the following code and post the log it produces:

Code:
:folderfind
*ask.com
*conduit
*DeskAdTop
:filefind
*ask.com
*conduit
*DeskAdTop
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑