1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Malware "TROJ_GEN.FC5CBD" or H/W error

Discussion in 'Virus & Other Malware Removal' started by rarodrig, Jul 1, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    TrendMicro Titanium identified and removed a "TROJ_GEN.FC5CBD" . I've had Titanium on this PC for months.

    The Problem is that the PC continues locking up and or crashing (blue screen). When it crashes I get an "Address" type error.

    QUESTION: Do I still have Malware or do I have a unrelated hardware problem.

    Here is the Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:02:08 PM, on 6/29/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19272)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ScanSoft\OpWareSE4.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\hp\kbd\kbd.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {37153479-1976-43c3-a1ee-557513977b64} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mom\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.mortensenmathdirect.com/catalog.htm"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: HP SimpleSave Monitor.lnk = mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: NETGEAR WNA1000M Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11213 bytes
    Here is the ARK file:
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-29 15:31:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000057 WDC_WD32 rev.12.0
    Running: e7ru8l7c.exe; Driver: C:\Users\mom\AppData\Local\Temp\ugdiqpow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 87F84314 ZwCreateKey
    SSDT 8801BF14 ZwCreateMutant
    SSDT 8802B2BC ZwCreateProcess
    SSDT 87FB74BC ZwCreateProcessEx
    SSDT 8801BEA4 ZwCreateSymbolicLinkObject
    SSDT 8800B35C ZwCreateThread
    SSDT 8800B834 ZwDeleteKey
    SSDT 8800B78C ZwDeleteValueKey
    SSDT 8801BE6C ZwDuplicateObject
    SSDT 8801BF4C ZwLoadDriver
    SSDT 87FB546C ZwOpenProcess
    SSDT 8800B3CC ZwOpenSection
    SSDT 8801A00C ZwOpenThread
    SSDT 8800B7FC ZwRenameKey
    SSDT 8800B7C4 ZwRestoreKey
    SSDT 8801BEDC ZwSetSystemInformation
    SSDT 87F842DC ZwSetValueKey
    SSDT 8801A044 ZwTerminateProcess
    SSDT 87F8434C ZwTerminateThread
    SSDT 8800B394 ZwWriteVirtualMemory
    SSDT 8800B324 ZwCreateThreadEx
    SSDT 87FB54A4 ZwCreateUserProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 1E9 820BB8AC 4 Bytes [14, 43, F8, 87]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 820BB8B8 4 Bytes [14, BF, 01, 88]
    .text ntkrnlpa.exe!KeSetEvent + 209 820BB8CC 8 Bytes [BC, B2, 02, 88, BC, 74, FB, ...]
    .text ntkrnlpa.exe!KeSetEvent + 21D 820BB8E0 8 Bytes [A4, BE, 01, 88, 5C, B3, 00, ...]
    .text ntkrnlpa.exe!KeSetEvent + 2D5 820BB998 4 Bytes [34, B8, 00, 88]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 09, 00] {SUB [EAX], AL; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 09, 00] {SUB [EBX], AL; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 09, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 09, 00] {TEST AL, 0x1; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B153C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 09, 00] {TEST AL, 0x2; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 09, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 09, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B15441 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 09, 00] {TEST AL, 0x0; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B1557F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 09, 00] {SUB [ECX], AL; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 09, 00] {SUB [EDX], AL; OR [EAX], EAX}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 09, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1308] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B18AC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B18B41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B18C7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 40, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[1560] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B187C0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B18841 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B1897F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 3D, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[2984] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 6 77B1424A 4 Bytes [28, 00, 22, 00] {SUB [EAX], AL; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + B 77B1424F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 77B1499A 1 Byte [28]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 77B1499A 4 Bytes [28, 03, 22, 00] {SUB [EBX], AL; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + B 77B1499F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 6 77B14A2A 4 Bytes [68, 00, 22, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + B 77B14A2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 6 77B14AAA 4 Bytes [A8, 01, 22, 00] {TEST AL, 0x1; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + B 77B14AAF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + 6 77B14ABA 4 Bytes CALL 76B16CC0 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + B 77B14ABF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 6 77B14ACA 4 Bytes [A8, 02, 22, 00] {TEST AL, 0x2; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + B 77B14ACF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 6 77B14B1A 4 Bytes [68, 01, 22, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + B 77B14B1F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 6 77B14B2A 4 Bytes [68, 02, 22, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + B 77B14B2F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + 6 77B14B3A 4 Bytes CALL 76B16D41 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + B 77B14B3F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 6 77B14BCA 4 Bytes [A8, 00, 22, 00] {TEST AL, 0x0; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + B 77B14BCF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + 6 77B14C7A 4 Bytes CALL 76B16E7F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + B 77B14C7F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 6 77B1515A 4 Bytes [28, 01, 22, 00] {SUB [ECX], AL; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + B 77B1515F 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 6 77B151AA 4 Bytes [28, 02, 22, 00] {SUB [EDX], AL; AND AL, [EAX]}
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + B 77B151AF 1 Byte [E2]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 1 Byte [68]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 77B1544A 4 Bytes [68, 03, 22, 00]
    .text C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + B 77B1544F 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- EOF - GMER 1.0.15 ----
    __________________
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,777
    Hiya

    Download Security Check from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    -----------------

    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.






    Download and scan with SUPERAntiSpyware Free Edition for Home Users
    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Scan for tracking cookies.
      • Terminate memory threats before quarantining.
    • Click the "Home" button to leave the control center screen.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click Scan your computer.
    • On the left, select all fixed drives.
    • Click "Start Complete Scan" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "Continue".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "Remove Threats" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click View Scan Logs.
        [*]Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
        [*]If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
        [*]Please copy and paste the Scan Log results in your next reply.
      [*]Click Close to exit the program.


    Please include the MBAM log and, SUPERAntiSpyware Scan Log, checkup.txt and a fresh HijackThis log in your next reply

    eddie
     
  3. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    *******Checkup Scan:

    Results of screen317's Security Check version 0.99.42
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Trend Micro Titanium Internet Security 2012
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    CCleaner
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 18.0.1025.152
    Google Chrome 19.0.1084.56
    Google Chrome 20.0.1132.47
    Google Chrome plugins...
    ````````Process Check: objlist.exe by Laurent````````
    Trend Micro AMSP coreServiceShell.exe
    Trend Micro UniClient UiFrmWrk uiWatchDog.exe
    Trend Micro AMSP coreFrameworkHost.exe
    Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
    ````````````````````End of Log``````````````````````

    ********MBAM LOG:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.07.05.06

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 8.0.6001.19272
    mom :: ARLEEN-PC [administrator]

    7/5/2012 10:32:46 AM
    mbam-log-2012-07-05 (10-32-46).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 459381
    Time elapsed: 2 hour(s), 36 minute(s), 21 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    ******The SuperAntiSpyware identified 3 AdAware cookies as a threat and deleted them.

    *******Hijackthis log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:44:05 PM, on 7/5/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19272)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\mobsync.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ScanSoft\OpWareSE4.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
    C:\hp\kbd\kbd.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mom\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\sdclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OpwareSE4.exe"
    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\quicktime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\mom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\mom\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -"http://www.mortensenmathdirect.com/catalog.htm"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: HP SimpleSave Monitor.lnk = mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: NETGEAR WNA1000M Smart Wizard.lnk = C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 11852 bytes
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,777
    Your Java is out of date, so lets do that first:

    Upgrade Java : (32 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Accept License Agreement.[/b]".
    • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")
    • Don't install any of the toolbars that are offered.


    After doing the above, for the remains of the Java, can you do this:

    Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

    Make sure both of these options are checked:

    • Applications and Applets
    • Trace and Log Files
    OK out of all the screens. :)

    ---------------------------
    Now, your Adobe Reader is out of date, so get the latest one from here and then uninstall Adobe Reader 9:

    http://get.adobe.com/uk/reader/

    Don't install any of the toolbars that are offered, and untick Free! McAfee Security Scan Plus.

    ====================

    Can you run the following tools, and copy/paste the logs that they produce here. If its over a few posts, that's fine :)


    Download the latest version of TDSSKiller from here and save it to your Desktop.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      [​IMG]
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

      [​IMG]
    • Click the Start Scan button.

      [​IMG]
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      [​IMG]
    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

      [​IMG]
    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply


    --------------------------

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan
    [​IMG]

    On completion of the scan click save log, save it to your desktop and post in your next reply
    [​IMG]

    -------------------------

    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  5. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    20:43:10.0717 3448 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
    20:43:12.0524 3448 ============================================================
    20:43:12.0524 3448 Current date / time: 2012/07/08 20:43:12.0524
    20:43:12.0524 3448 SystemInfo:
    20:43:12.0524 3448
    20:43:12.0524 3448 OS Version: 6.0.6002 ServicePack: 2.0
    20:43:12.0524 3448 Product type: Workstation
    20:43:12.0524 3448 ComputerName: ARLEEN-PC
    20:43:12.0524 3448 UserName: mom
    20:43:12.0524 3448 Windows directory: C:\Windows
    20:43:12.0524 3448 System windows directory: C:\Windows
    20:43:12.0524 3448 Processor architecture: Intel x86
    20:43:12.0525 3448 Number of processors: 2
    20:43:12.0525 3448 Page size: 0x1000
    20:43:12.0525 3448 Boot type: Normal boot
    20:43:12.0525 3448 ============================================================
    20:43:13.0493 3448 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    20:43:13.0561 3448 ============================================================
    20:43:13.0561 3448 \Device\Harddisk0\DR0:
    20:43:13.0561 3448 MBR partitions:
    20:43:13.0561 3448 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2427B5BF
    20:43:13.0561 3448 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2427B5FE, BlocksNum 0x11B20C3
    20:43:13.0561 3448 ============================================================
    20:43:13.0593 3448 C: <-> \Device\Harddisk0\DR0\Partition0
    20:43:13.0691 3448 D: <-> \Device\Harddisk0\DR0\Partition1
    20:43:13.0691 3448 ============================================================
    20:43:13.0691 3448 Initialize success
    20:43:13.0691 3448 ============================================================
    20:43:39.0821 4600 ============================================================
    20:43:39.0821 4600 Scan started
    20:43:39.0821 4600 Mode: Manual; SigCheck; TDLFS;
    20:43:39.0821 4600 ============================================================
    20:43:40.0558 4600 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    20:43:40.0705 4600 ACPI - ok
    20:43:40.0821 4600 AdobeActiveFileMonitor4.0 (2486c8e3f14496341e90cf2ab8bc82ed) C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    20:43:40.0846 4600 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - warning
    20:43:40.0846 4600 AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic (1)
    20:43:40.0908 4600 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:43:40.0954 4600 AdobeARMservice - ok
    20:43:41.0058 4600 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    20:43:41.0104 4600 AdobeFlashPlayerUpdateSvc - ok
    20:43:41.0170 4600 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    20:43:41.0279 4600 adp94xx - ok
    20:43:41.0350 4600 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    20:43:41.0463 4600 adpahci - ok
    20:43:41.0567 4600 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    20:43:41.0646 4600 adpu160m - ok
    20:43:41.0670 4600 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    20:43:41.0726 4600 adpu320 - ok
    20:43:41.0788 4600 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    20:43:41.0876 4600 AeLookupSvc - ok
    20:43:41.0920 4600 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    20:43:42.0029 4600 AFD - ok
    20:43:42.0070 4600 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    20:43:42.0112 4600 agp440 - ok
    20:43:42.0124 4600 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    20:43:42.0169 4600 aic78xx - ok
    20:43:42.0200 4600 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    20:43:42.0288 4600 ALG - ok
    20:43:42.0304 4600 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    20:43:42.0342 4600 aliide - ok
    20:43:42.0357 4600 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    20:43:42.0399 4600 amdagp - ok
    20:43:42.0449 4600 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    20:43:42.0482 4600 amdide - ok
    20:43:42.0501 4600 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    20:43:42.0570 4600 AmdK7 - ok
    20:43:42.0612 4600 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
    20:43:42.0646 4600 AmdK8 - ok
    20:43:42.0753 4600 Amsp (feb0b5022c012a4a68dabcb711faff03) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    20:43:42.0780 4600 Amsp - ok
    20:43:42.0822 4600 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    20:43:42.0867 4600 Appinfo - ok
    20:43:42.0929 4600 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:43:42.0948 4600 Apple Mobile Device - ok
    20:43:42.0968 4600 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    20:43:43.0004 4600 arc - ok
    20:43:43.0037 4600 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    20:43:43.0075 4600 arcsas - ok
    20:43:43.0121 4600 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:43:43.0172 4600 AsyncMac - ok
    20:43:43.0207 4600 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    20:43:43.0244 4600 atapi - ok
    20:43:43.0315 4600 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    20:43:43.0380 4600 AudioEndpointBuilder - ok
    20:43:43.0395 4600 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    20:43:43.0437 4600 Audiosrv - ok
    20:43:43.0496 4600 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    20:43:43.0553 4600 Beep - ok
    20:43:43.0624 4600 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    20:43:43.0735 4600 BFE - ok
    20:43:43.0894 4600 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    20:43:43.0966 4600 BITS - ok
    20:43:43.0971 4600 blbdrive - ok
    20:43:44.0273 4600 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
    20:43:44.0298 4600 Bonjour Service - ok
    20:43:44.0446 4600 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    20:43:44.0500 4600 bowser - ok
    20:43:44.0539 4600 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    20:43:44.0581 4600 BrFiltLo - ok
    20:43:44.0589 4600 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    20:43:44.0644 4600 BrFiltUp - ok
    20:43:44.0775 4600 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    20:43:44.0834 4600 Browser - ok
    20:43:44.0879 4600 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    20:43:44.0974 4600 Brserid - ok
    20:43:45.0050 4600 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    20:43:45.0137 4600 BrSerWdm - ok
    20:43:45.0167 4600 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    20:43:45.0233 4600 BrUsbMdm - ok
    20:43:45.0294 4600 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    20:43:45.0356 4600 BrUsbSer - ok
    20:43:45.0378 4600 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    20:43:45.0446 4600 BTHMODEM - ok
    20:43:45.0492 4600 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    20:43:45.0553 4600 cdfs - ok
    20:43:45.0600 4600 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    20:43:45.0647 4600 cdrom - ok
    20:43:45.0691 4600 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    20:43:45.0740 4600 CertPropSvc - ok
    20:43:45.0751 4600 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    20:43:45.0821 4600 circlass - ok
    20:43:45.0859 4600 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    20:43:45.0903 4600 CLFS - ok
    20:43:45.0977 4600 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:43:46.0009 4600 clr_optimization_v2.0.50727_32 - ok
    20:43:46.0091 4600 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:43:46.0137 4600 clr_optimization_v4.0.30319_32 - ok
    20:43:46.0152 4600 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    20:43:46.0188 4600 cmdide - ok
    20:43:46.0223 4600 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
    20:43:46.0257 4600 Compbatt - ok
    20:43:46.0263 4600 COMSysApp - ok
    20:43:46.0278 4600 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    20:43:46.0311 4600 crcdisk - ok
    20:43:46.0393 4600 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    20:43:46.0459 4600 Crusoe - ok
    20:43:46.0507 4600 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
    20:43:46.0546 4600 CryptSvc - ok
    20:43:46.0621 4600 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    20:43:46.0671 4600 DcomLaunch - ok
    20:43:46.0693 4600 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    20:43:46.0743 4600 DfsC - ok
    20:43:46.0872 4600 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    20:43:47.0026 4600 DFSR - ok
    20:43:47.0142 4600 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\Windows\system32\Drivers\DgiVecp.sys
    20:43:47.0170 4600 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
    20:43:47.0170 4600 DgiVecp - detected UnsignedFile.Multi.Generic (1)
    20:43:47.0402 4600 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    20:43:47.0447 4600 Dhcp - ok
    20:43:47.0529 4600 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    20:43:47.0572 4600 disk - ok
    20:43:47.0620 4600 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    20:43:47.0725 4600 Dnscache - ok
    20:43:47.0766 4600 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    20:43:47.0828 4600 dot3svc - ok
    20:43:47.0864 4600 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    20:43:47.0927 4600 DPS - ok
    20:43:47.0964 4600 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    20:43:48.0014 4600 drmkaud - ok
    20:43:48.0078 4600 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    20:43:48.0122 4600 DXGKrnl - ok
    20:43:48.0155 4600 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    20:43:48.0258 4600 E1G60 - ok
    20:43:48.0389 4600 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    20:43:48.0439 4600 EapHost - ok
    20:43:48.0623 4600 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    20:43:48.0668 4600 Ecache - ok
    20:43:48.0766 4600 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    20:43:48.0831 4600 ehRecvr - ok
    20:43:48.0860 4600 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    20:43:48.0934 4600 ehSched - ok
    20:43:48.0945 4600 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    20:43:48.0980 4600 ehstart - ok
    20:43:49.0020 4600 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    20:43:49.0105 4600 elxstor - ok
    20:43:49.0165 4600 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    20:43:49.0281 4600 EMDMgmt - ok
    20:43:49.0363 4600 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    20:43:49.0401 4600 EventSystem - ok
    20:43:49.0441 4600 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    20:43:49.0597 4600 exfat - ok
    20:43:49.0652 4600 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    20:43:49.0717 4600 fastfat - ok
    20:43:49.0777 4600 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    20:43:49.0823 4600 fdc - ok
    20:43:49.0857 4600 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    20:43:49.0906 4600 fdPHost - ok
    20:43:49.0926 4600 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    20:43:50.0002 4600 FDResPub - ok
    20:43:50.0045 4600 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    20:43:50.0082 4600 FileInfo - ok
    20:43:50.0124 4600 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    20:43:50.0211 4600 Filetrace - ok
    20:43:50.0251 4600 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:43:50.0322 4600 flpydisk - ok
    20:43:50.0374 4600 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    20:43:50.0426 4600 FltMgr - ok
    20:43:50.0533 4600 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    20:43:50.0736 4600 FontCache - ok
    20:43:50.0840 4600 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    20:43:50.0871 4600 FontCache3.0.0.0 - ok
    20:43:50.0950 4600 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
    20:43:51.0039 4600 Fs_Rec - ok
    20:43:51.0093 4600 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    20:43:51.0126 4600 gagp30kx - ok
    20:43:51.0264 4600 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:43:51.0291 4600 GEARAspiWDM - ok
    20:43:51.0484 4600 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    20:43:51.0543 4600 gpsvc - ok
    20:43:51.0630 4600 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:43:51.0660 4600 gupdate - ok
    20:43:51.0674 4600 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
    20:43:51.0693 4600 gupdatem - ok
    20:43:51.0736 4600 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    20:43:51.0789 4600 gusvc - ok
    20:43:51.0833 4600 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
    20:43:51.0865 4600 hamachi - ok
    20:43:51.0899 4600 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    20:43:52.0001 4600 HdAudAddService - ok
    20:43:52.0063 4600 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    20:43:52.0128 4600 HDAudBus - ok
    20:43:52.0189 4600 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    20:43:52.0264 4600 HidBth - ok
    20:43:52.0308 4600 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    20:43:52.0380 4600 HidIr - ok
    20:43:52.0477 4600 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
    20:43:52.0510 4600 hidserv - ok
    20:43:52.0556 4600 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    20:43:52.0618 4600 HidUsb - ok
    20:43:52.0657 4600 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    20:43:52.0712 4600 hkmsvc - ok
    20:43:52.0792 4600 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    20:43:52.0811 4600 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
    20:43:52.0811 4600 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
    20:43:52.0845 4600 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    20:43:52.0877 4600 HpCISSs - ok
    20:43:52.0980 4600 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
    20:43:53.0109 4600 HSF_DP - ok
    20:43:53.0155 4600 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
    20:43:53.0244 4600 HSXHWBS2 - ok
    20:43:53.0295 4600 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    20:43:53.0408 4600 HTTP - ok
    20:43:53.0434 4600 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    20:43:53.0472 4600 i2omp - ok
    20:43:53.0604 4600 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    20:43:53.0664 4600 i8042prt - ok
    20:43:53.0688 4600 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    20:43:53.0763 4600 iaStorV - ok
    20:43:53.0832 4600 IDriverT (6f95324909b502e2651442c1548ab12f) c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    20:43:53.0901 4600 IDriverT ( UnsignedFile.Multi.Generic ) - warning
    20:43:53.0901 4600 IDriverT - detected UnsignedFile.Multi.Generic (1)
    20:43:54.0020 4600 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:43:54.0106 4600 idsvc - ok
    20:43:54.0141 4600 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    20:43:54.0175 4600 iirsp - ok
    20:43:54.0231 4600 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    20:43:54.0312 4600 IKEEXT - ok
    20:43:54.0584 4600 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
    20:43:54.0798 4600 IntcAzAudAddService - ok
    20:43:54.0897 4600 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
    20:43:54.0933 4600 intelide - ok
    20:43:55.0041 4600 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
    20:43:55.0180 4600 intelppm - ok
    20:43:55.0289 4600 IntuitUpdateService (1a263bd87c082fa7ab38093014c8fc79) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    20:43:55.0314 4600 IntuitUpdateService - ok
    20:43:55.0378 4600 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    20:43:55.0522 4600 IPBusEnum - ok
    20:43:55.0566 4600 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:43:55.0632 4600 IpFilterDriver - ok
    20:43:55.0694 4600 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    20:43:55.0766 4600 iphlpsvc - ok
    20:43:55.0771 4600 IpInIp - ok
    20:43:55.0798 4600 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    20:43:55.0887 4600 IPMIDRV - ok
    20:43:55.0934 4600 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    20:43:56.0062 4600 IPNAT - ok
    20:43:56.0161 4600 iPod Service (9033d67b7112d23eded6789bacded128) C:\Program Files\iPod\bin\iPodService.exe
    20:43:56.0252 4600 iPod Service - ok
    20:43:56.0291 4600 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    20:43:56.0389 4600 IRENUM - ok
    20:43:56.0423 4600 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    20:43:56.0491 4600 isapnp - ok
    20:43:56.0582 4600 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    20:43:56.0626 4600 iScsiPrt - ok
    20:43:56.0651 4600 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    20:43:56.0721 4600 iteatapi - ok
    20:43:56.0737 4600 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    20:43:56.0774 4600 iteraid - ok
    20:43:56.0810 4600 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    20:43:56.0846 4600 kbdclass - ok
    20:43:56.0876 4600 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
    20:43:56.0942 4600 kbdhid - ok
    20:43:56.0973 4600 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:43:57.0024 4600 KeyIso - ok
    20:43:57.0061 4600 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    20:43:57.0114 4600 KSecDD - ok
    20:43:57.0173 4600 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    20:43:57.0252 4600 KtmRm - ok
    20:43:57.0534 4600 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
    20:43:57.0604 4600 LanmanServer - ok
    20:43:57.0746 4600 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    20:43:57.0818 4600 LanmanWorkstation - ok
    20:43:58.0194 4600 LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    20:43:58.0216 4600 LightScribeService - ok
    20:43:58.0272 4600 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    20:43:58.0335 4600 lltdio - ok
    20:43:58.0383 4600 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    20:43:58.0489 4600 lltdsvc - ok
    20:43:58.0604 4600 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    20:43:58.0674 4600 lmhosts - ok
    20:43:58.0818 4600 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    20:43:58.0854 4600 LSI_FC - ok
    20:43:58.0923 4600 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    20:43:58.0958 4600 LSI_SAS - ok
    20:43:58.0976 4600 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    20:43:59.0011 4600 LSI_SCSI - ok
    20:43:59.0057 4600 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    20:43:59.0091 4600 luafv - ok
    20:43:59.0124 4600 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    20:43:59.0180 4600 Mcx2Svc - ok
    20:43:59.0217 4600 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    20:43:59.0259 4600 mdmxsdk - ok
    20:43:59.0283 4600 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    20:43:59.0314 4600 megasas - ok
    20:43:59.0354 4600 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    20:43:59.0403 4600 MMCSS - ok
    20:43:59.0425 4600 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    20:43:59.0461 4600 Modem - ok
    20:43:59.0500 4600 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    20:43:59.0536 4600 monitor - ok
    20:43:59.0567 4600 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    20:43:59.0600 4600 mouclass - ok
    20:43:59.0613 4600 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
    20:43:59.0678 4600 mouhid - ok
    20:43:59.0806 4600 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    20:43:59.0840 4600 MountMgr - ok
    20:43:59.0859 4600 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    20:43:59.0941 4600 mpio - ok
    20:43:59.0985 4600 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    20:44:00.0032 4600 mpsdrv - ok
    20:44:00.0088 4600 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    20:44:00.0157 4600 MpsSvc - ok
    20:44:00.0208 4600 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    20:44:00.0239 4600 Mraid35x - ok
    20:44:00.0582 4600 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    20:44:00.0624 4600 MRxDAV - ok
    20:44:00.0655 4600 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:44:00.0708 4600 mrxsmb - ok
    20:44:00.0746 4600 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:44:00.0795 4600 mrxsmb10 - ok
    20:44:00.0812 4600 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:44:00.0859 4600 mrxsmb20 - ok
    20:44:00.0937 4600 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    20:44:00.0971 4600 msahci - ok
    20:44:01.0005 4600 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    20:44:01.0046 4600 msdsm - ok
    20:44:01.0083 4600 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    20:44:01.0164 4600 MSDTC - ok
    20:44:01.0207 4600 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    20:44:01.0257 4600 Msfs - ok
    20:44:01.0303 4600 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    20:44:01.0332 4600 msisadrv - ok
    20:44:01.0409 4600 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    20:44:01.0500 4600 MSiSCSI - ok
    20:44:01.0505 4600 msiserver - ok
    20:44:01.0566 4600 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    20:44:01.0636 4600 MSKSSRV - ok
    20:44:01.0679 4600 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:44:01.0752 4600 MSPCLOCK - ok
    20:44:01.0897 4600 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    20:44:01.0946 4600 MSPQM - ok
    20:44:02.0200 4600 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    20:44:02.0262 4600 MsRPC - ok
    20:44:02.0276 4600 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    20:44:02.0296 4600 mssmbios - ok
    20:44:02.0358 4600 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    20:44:02.0423 4600 MSTEE - ok
    20:44:02.0547 4600 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    20:44:02.0595 4600 Mup - ok
    20:44:03.0049 4600 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    20:44:03.0128 4600 napagent - ok
    20:44:03.0177 4600 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    20:44:03.0226 4600 NativeWifiP - ok
    20:44:03.0317 4600 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    20:44:03.0348 4600 NDIS - ok
    20:44:03.0395 4600 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:44:03.0437 4600 NdisTapi - ok
    20:44:03.0474 4600 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:44:03.0520 4600 Ndisuio - ok
    20:44:03.0539 4600 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:44:03.0630 4600 NdisWan - ok
    20:44:03.0759 4600 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    20:44:03.0805 4600 NDProxy - ok
    20:44:03.0835 4600 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    20:44:03.0890 4600 NetBIOS - ok
    20:44:03.0936 4600 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    20:44:04.0005 4600 netbt - ok
    20:44:04.0023 4600 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:44:04.0050 4600 Netlogon - ok
    20:44:04.0092 4600 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    20:44:04.0166 4600 Netman - ok
    20:44:04.0209 4600 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    20:44:04.0289 4600 netprofm - ok
    20:44:04.0354 4600 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:44:04.0403 4600 NetTcpPortSharing - ok
    20:44:04.0427 4600 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    20:44:04.0468 4600 nfrd960 - ok
    20:44:04.0496 4600 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    20:44:04.0549 4600 NlaSvc - ok
    20:44:04.0573 4600 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    20:44:04.0617 4600 Npfs - ok
    20:44:04.0723 4600 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    20:44:04.0793 4600 nsi - ok
    20:44:04.0865 4600 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    20:44:04.0910 4600 nsiproxy - ok
    20:44:05.0003 4600 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    20:44:05.0145 4600 Ntfs - ok
    20:44:05.0160 4600 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    20:44:05.0234 4600 ntrigdigi - ok
    20:44:05.0263 4600 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    20:44:05.0320 4600 Null - ok
    20:44:05.0409 4600 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    20:44:05.0517 4600 NVENETFD - ok
    20:44:06.0265 4600 nvlddmkm (e0434dccf91a47d9d8a785af83865d7d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:44:06.0928 4600 nvlddmkm - ok
    20:44:07.0051 4600 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    20:44:07.0107 4600 nvraid - ok
    20:44:07.0121 4600 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    20:44:07.0162 4600 nvstor - ok
    20:44:07.0199 4600 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\drivers\nvstor32.sys
    20:44:07.0221 4600 nvstor32 - ok
    20:44:07.0278 4600 nvsvc (2fe4fe6b316836afe396851eff6dea6b) C:\Windows\system32\nvvsvc.exe
    20:44:07.0308 4600 nvsvc - ok
    20:44:07.0332 4600 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    20:44:07.0389 4600 nv_agp - ok
    20:44:07.0395 4600 NwlnkFlt - ok
    20:44:07.0404 4600 NwlnkFwd - ok
    20:44:07.0490 4600 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:44:07.0571 4600 odserv - ok
    20:44:07.0632 4600 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    20:44:07.0663 4600 ohci1394 - ok
    20:44:07.0721 4600 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:44:07.0769 4600 ose - ok
    20:44:07.0842 4600 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:44:07.0969 4600 p2pimsvc - ok
    20:44:07.0980 4600 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:44:08.0015 4600 p2psvc - ok
    20:44:08.0080 4600 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    20:44:08.0165 4600 Parport - ok
    20:44:08.0205 4600 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
    20:44:08.0237 4600 partmgr - ok
    20:44:08.0267 4600 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    20:44:08.0330 4600 Parvdm - ok
    20:44:08.0383 4600 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    20:44:08.0420 4600 PcaSvc - ok
    20:44:08.0437 4600 PcdrNdisuio - ok
    20:44:08.0475 4600 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    20:44:08.0527 4600 pci - ok
    20:44:08.0554 4600 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
    20:44:08.0584 4600 pciide - ok
    20:44:08.0604 4600 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    20:44:08.0649 4600 pcmcia - ok
    20:44:08.0721 4600 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    20:44:08.0859 4600 PEAUTH - ok
    20:44:09.0001 4600 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    20:44:09.0156 4600 pla - ok
    20:44:09.0433 4600 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    20:44:09.0515 4600 PlugPlay - ok
    20:44:09.0593 4600 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:44:09.0655 4600 PNRPAutoReg - ok
    20:44:09.0669 4600 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    20:44:09.0733 4600 PNRPsvc - ok
    20:44:09.0799 4600 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    20:44:09.0923 4600 PolicyAgent - ok
    20:44:09.0983 4600 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    20:44:10.0048 4600 PptpMiniport - ok
    20:44:10.0113 4600 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    20:44:10.0198 4600 Processor - ok
    20:44:10.0325 4600 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    20:44:10.0421 4600 ProfSvc - ok
    20:44:10.0463 4600 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:44:10.0485 4600 ProtectedStorage - ok
    20:44:10.0526 4600 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
    20:44:10.0567 4600 Ps2 - ok
    20:44:10.0618 4600 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    20:44:10.0668 4600 PSched - ok
    20:44:10.0815 4600 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    20:44:10.0849 4600 PxHelp20 - ok
    20:44:10.0941 4600 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    20:44:11.0066 4600 ql2300 - ok
    20:44:11.0088 4600 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    20:44:11.0145 4600 ql40xx - ok
    20:44:11.0193 4600 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    20:44:11.0259 4600 QWAVE - ok
    20:44:11.0300 4600 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    20:44:11.0338 4600 QWAVEdrv - ok
    20:44:11.0386 4600 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    20:44:11.0438 4600 RasAcd - ok
    20:44:11.0478 4600 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    20:44:11.0539 4600 RasAuto - ok
    20:44:11.0618 4600 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:44:11.0683 4600 Rasl2tp - ok
    20:44:11.0759 4600 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    20:44:11.0909 4600 RasMan - ok
    20:44:11.0979 4600 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:44:12.0021 4600 RasPppoe - ok
    20:44:12.0063 4600 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    20:44:12.0100 4600 RasSstp - ok
    20:44:12.0153 4600 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    20:44:12.0204 4600 rdbss - ok
    20:44:12.0248 4600 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:44:12.0308 4600 RDPCDD - ok
    20:44:12.0508 4600 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    20:44:12.0607 4600 rdpdr - ok
    20:44:12.0659 4600 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    20:44:12.0712 4600 RDPENCDD - ok
    20:44:12.0956 4600 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
    20:44:13.0061 4600 RDPWD - ok
    20:44:13.0106 4600 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    20:44:13.0170 4600 RemoteAccess - ok
    20:44:13.0201 4600 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    20:44:13.0282 4600 RemoteRegistry - ok
    20:44:13.0777 4600 RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    20:44:13.0868 4600 RoxMediaDB9 - ok
    20:44:13.0889 4600 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    20:44:13.0949 4600 RpcLocator - ok
    20:44:13.0997 4600 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    20:44:14.0033 4600 RpcSs - ok
    20:44:14.0087 4600 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    20:44:14.0136 4600 rspndr - ok
    20:44:14.0175 4600 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    20:44:14.0243 4600 RTL8023xp - ok
    20:44:14.0320 4600 RTL8192cu (1e4d2fd94e4f69431f376814b9b2bbd6) C:\Windows\system32\DRIVERS\WNA1000M.sys
    20:44:14.0403 4600 RTL8192cu - ok
    20:44:14.0446 4600 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
    20:44:14.0476 4600 RtlProt - ok
    20:44:14.0490 4600 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    20:44:14.0512 4600 SamSs - ok
    20:44:14.0544 4600 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    20:44:14.0578 4600 sbp2port - ok
    20:44:14.0627 4600 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    20:44:14.0679 4600 SCardSvr - ok
    20:44:14.0834 4600 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    20:44:14.0881 4600 Schedule - ok
    20:44:14.0909 4600 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    20:44:14.0940 4600 SCPolicySvc - ok
    20:44:14.0982 4600 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    20:44:15.0014 4600 SDRSVC - ok
    20:44:15.0031 4600 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    20:44:15.0100 4600 secdrv - ok
    20:44:15.0135 4600 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    20:44:15.0187 4600 seclogon - ok
    20:44:15.0196 4600 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    20:44:15.0258 4600 SENS - ok
    20:44:15.0275 4600 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    20:44:15.0338 4600 Serenum - ok
    20:44:15.0356 4600 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    20:44:15.0431 4600 Serial - ok
    20:44:15.0468 4600 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    20:44:15.0516 4600 sermouse - ok
    20:44:15.0559 4600 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    20:44:15.0617 4600 SessionEnv - ok
    20:44:15.0630 4600 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
    20:44:15.0685 4600 sffdisk - ok
    20:44:15.0720 4600 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
    20:44:15.0772 4600 sffp_mmc - ok
    20:44:15.0801 4600 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
    20:44:15.0837 4600 sffp_sd - ok
    20:44:15.0878 4600 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    20:44:15.0989 4600 sfloppy - ok
    20:44:16.0037 4600 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    20:44:16.0100 4600 SharedAccess - ok
    20:44:16.0142 4600 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    20:44:16.0224 4600 ShellHWDetection - ok
    20:44:16.0241 4600 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    20:44:16.0272 4600 sisagp - ok
    20:44:16.0283 4600 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    20:44:16.0316 4600 SiSRaid2 - ok
    20:44:16.0336 4600 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    20:44:16.0371 4600 SiSRaid4 - ok
    20:44:16.0571 4600 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    20:44:16.0689 4600 slsvc - ok
    20:44:16.0999 4600 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    20:44:17.0054 4600 SLUINotify - ok
    20:44:17.0104 4600 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    20:44:17.0150 4600 Smb - ok
    20:44:17.0179 4600 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    20:44:17.0220 4600 SNMPTRAP - ok
    20:44:17.0257 4600 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    20:44:17.0292 4600 spldr - ok
    20:44:17.0331 4600 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    20:44:17.0380 4600 Spooler - ok
    20:44:17.0426 4600 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    20:44:17.0482 4600 srv - ok
    20:44:17.0512 4600 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    20:44:17.0579 4600 srv2 - ok
    20:44:17.0602 4600 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    20:44:17.0674 4600 srvnet - ok
    20:44:17.0692 4600 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    20:44:17.0752 4600 SSDPSRV - ok
    20:44:17.0821 4600 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
    20:44:17.0845 4600 SSPORT ( UnsignedFile.Multi.Generic ) - warning
    20:44:17.0845 4600 SSPORT - detected UnsignedFile.Multi.Generic (1)
    20:44:17.0961 4600 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    20:44:18.0055 4600 SstpSvc - ok
    20:44:18.0499 4600 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    20:44:18.0838 4600 stisvc - ok
    20:44:19.0006 4600 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    20:44:19.0057 4600 stllssvr - ok
    20:44:19.0124 4600 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    20:44:19.0164 4600 swenum - ok
    20:44:19.0272 4600 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    20:44:19.0343 4600 swprv - ok
    20:44:19.0393 4600 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    20:44:19.0429 4600 Symc8xx - ok
    20:44:19.0435 4600 SymIMMP - ok
    20:44:19.0506 4600 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    20:44:19.0537 4600 Sym_hi - ok
    20:44:19.0598 4600 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    20:44:19.0630 4600 Sym_u3 - ok
    20:44:19.0735 4600 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    20:44:19.0797 4600 SysMain - ok
    20:44:19.0827 4600 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    20:44:19.0921 4600 TabletInputService - ok
    20:44:20.0148 4600 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    20:44:20.0242 4600 TapiSrv - ok
    20:44:20.0337 4600 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    20:44:20.0377 4600 TBS - ok
    20:44:20.0775 4600 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
    20:44:20.0915 4600 Tcpip - ok
    20:44:20.0931 4600 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
    20:44:21.0042 4600 Tcpip6 - ok
    20:44:21.0090 4600 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    20:44:21.0169 4600 tcpipreg - ok
    20:44:21.0214 4600 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    20:44:21.0289 4600 TDPIPE - ok
    20:44:21.0326 4600 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    20:44:21.0420 4600 TDTCP - ok
    20:44:21.0548 4600 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    20:44:21.0608 4600 tdx - ok
    20:44:21.0710 4600 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    20:44:21.0754 4600 TermDD - ok
    20:44:22.0154 4600 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    20:44:22.0355 4600 TermService - ok
    20:44:22.0418 4600 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    20:44:22.0453 4600 Themes - ok
    20:44:22.0512 4600 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    20:44:22.0550 4600 THREADORDER - ok
    20:44:22.0585 4600 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\Windows\system32\DRIVERS\tmactmon.sys
    20:44:22.0619 4600 tmactmon - ok
    20:44:22.0642 4600 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\Windows\system32\DRIVERS\tmcomm.sys
    20:44:22.0693 4600 tmcomm - ok
    20:44:22.0744 4600 tmeevw (f49ca5c26378f4d5603f2a2fc86e09a1) C:\Windows\system32\DRIVERS\tmeevw.sys
    20:44:22.0798 4600 tmeevw - ok
    20:44:22.0827 4600 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\Windows\system32\DRIVERS\tmevtmgr.sys
    20:44:22.0861 4600 tmevtmgr - ok
    20:44:23.0156 4600 tmnciesc (2e078184034a179c47787f87f238d5ba) C:\Windows\system32\DRIVERS\tmnciesc.sys
    20:44:23.0206 4600 tmnciesc - ok
    20:44:23.0420 4600 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\Windows\system32\DRIVERS\tmtdi.sys
    20:44:23.0470 4600 tmtdi - ok
    20:44:23.0548 4600 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    20:44:23.0612 4600 TrkWks - ok
    20:44:23.0843 4600 truecrypt (ed5e4ce36c54f55e7698642e94d32ec7) C:\Windows\system32\drivers\truecrypt.sys
    20:44:23.0906 4600 truecrypt - ok
    20:44:23.0977 4600 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    20:44:24.0051 4600 TrustedInstaller - ok
    20:44:24.0107 4600 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:44:24.0157 4600 tssecsrv - ok
    20:44:24.0187 4600 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    20:44:24.0228 4600 tunmp - ok
    20:44:24.0263 4600 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    20:44:24.0306 4600 tunnel - ok
    20:44:24.0362 4600 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    20:44:24.0397 4600 uagp35 - ok
    20:44:24.0437 4600 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    20:44:24.0511 4600 udfs - ok
    20:44:24.0562 4600 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    20:44:24.0620 4600 UI0Detect - ok
    20:44:24.0644 4600 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    20:44:24.0677 4600 uliagpkx - ok
    20:44:24.0914 4600 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    20:44:24.0992 4600 uliahci - ok
    20:44:25.0208 4600 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    20:44:25.0277 4600 UlSata - ok
    20:44:25.0480 4600 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    20:44:25.0545 4600 ulsata2 - ok
    20:44:25.0618 4600 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    20:44:25.0681 4600 umbus - ok
    20:44:25.0752 4600 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    20:44:25.0825 4600 upnphost - ok
    20:44:25.0891 4600 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
    20:44:25.0939 4600 usbaudio - ok
    20:44:26.0006 4600 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:44:26.0057 4600 usbccgp - ok
    20:44:26.0085 4600 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    20:44:26.0160 4600 usbcir - ok
    20:44:26.0203 4600 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    20:44:26.0254 4600 usbehci - ok
    20:44:26.0299 4600 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    20:44:26.0350 4600 usbhub - ok
    20:44:26.0360 4600 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
    20:44:26.0400 4600 usbohci - ok
    20:44:26.0420 4600 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    20:44:26.0467 4600 usbprint - ok
    20:44:26.0484 4600 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    20:44:26.0527 4600 usbscan - ok
    20:44:26.0566 4600 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:44:26.0619 4600 USBSTOR - ok
    20:44:26.0637 4600 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:44:26.0703 4600 usbuhci - ok
    20:44:26.0734 4600 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    20:44:26.0777 4600 UxSms - ok
    20:44:26.0829 4600 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    20:44:26.0916 4600 vds - ok
    20:44:27.0019 4600 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:44:27.0093 4600 vga - ok
    20:44:27.0128 4600 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    20:44:27.0175 4600 VgaSave - ok
    20:44:27.0202 4600 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    20:44:27.0233 4600 viaagp - ok
    20:44:27.0248 4600 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    20:44:27.0316 4600 ViaC7 - ok
    20:44:27.0330 4600 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    20:44:27.0360 4600 viaide - ok
    20:44:27.0401 4600 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    20:44:27.0432 4600 volmgr - ok
    20:44:27.0482 4600 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    20:44:27.0527 4600 volmgrx - ok
    20:44:27.0572 4600 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    20:44:27.0616 4600 volsnap - ok
    20:44:27.0650 4600 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    20:44:27.0694 4600 vsmraid - ok
    20:44:27.0794 4600 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    20:44:28.0014 4600 VSS - ok
    20:44:28.0054 4600 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    20:44:28.0126 4600 W32Time - ok
    20:44:28.0198 4600 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    20:44:28.0268 4600 WacomPen - ok
    20:44:28.0312 4600 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    20:44:28.0367 4600 Wanarp - ok
    20:44:28.0371 4600 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    20:44:28.0404 4600 Wanarpv6 - ok
    20:44:28.0455 4600 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    20:44:28.0542 4600 wcncsvc - ok
    20:44:28.0600 4600 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    20:44:28.0664 4600 WcsPlugInService - ok
    20:44:28.0683 4600 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    20:44:28.0714 4600 Wd - ok
    20:44:28.0772 4600 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    20:44:28.0869 4600 Wdf01000 - ok
    20:44:28.0911 4600 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    20:44:28.0962 4600 WdiServiceHost - ok
    20:44:28.0967 4600 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    20:44:29.0008 4600 WdiSystemHost - ok
    20:44:29.0073 4600 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    20:44:29.0169 4600 WebClient - ok
    20:44:29.0200 4600 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    20:44:29.0253 4600 Wecsvc - ok
    20:44:29.0289 4600 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    20:44:29.0339 4600 wercplsupport - ok
    20:44:29.0377 4600 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    20:44:29.0430 4600 WerSvc - ok
    20:44:29.0496 4600 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    20:44:29.0652 4600 winachsf - ok
    20:44:29.0731 4600 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    20:44:29.0823 4600 WinDefend - ok
    20:44:29.0832 4600 WinHttpAutoProxySvc - ok
    20:44:29.0889 4600 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    20:44:29.0946 4600 Winmgmt - ok
    20:44:30.0033 4600 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    20:44:30.0262 4600 WinRM - ok
    20:44:30.0371 4600 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    20:44:30.0510 4600 Wlansvc - ok
    20:44:30.0606 4600 WlanWpsSvc (eaf90575d9914c8104214e19f1d396b0) C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
    20:44:30.0636 4600 WlanWpsSvc - ok
    20:44:30.0683 4600 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    20:44:30.0799 4600 WmiAcpi - ok
    20:44:30.0871 4600 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    20:44:30.0957 4600 wmiApSrv - ok
    20:44:31.0063 4600 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    20:44:31.0234 4600 WMPNetworkSvc - ok
    20:44:31.0288 4600 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    20:44:31.0335 4600 WPCSvc - ok
    20:44:31.0370 4600 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    20:44:31.0420 4600 WPDBusEnum - ok
    20:44:31.0463 4600 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    20:44:31.0500 4600 WpdUsb - ok
    20:44:31.0637 4600 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    20:44:31.0700 4600 WPFFontCache_v0400 - ok
    20:44:31.0736 4600 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    20:44:31.0783 4600 ws2ifsl - ok
    20:44:31.0817 4600 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
    20:44:31.0852 4600 wscsvc - ok
    20:44:31.0857 4600 WSearch - ok
    20:44:31.0992 4600 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    20:44:32.0080 4600 wuauserv - ok
    20:44:32.0195 4600 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:44:32.0263 4600 WUDFRd - ok
    20:44:32.0298 4600 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    20:44:32.0353 4600 wudfsvc - ok
    20:44:32.0404 4600 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    20:44:32.0434 4600 XAudio - ok
    20:44:32.0466 4600 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
    20:44:32.0504 4600 XAudioService - ok
    20:44:32.0563 4600 MBR (0x1B8) (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0
    20:44:32.0649 4600 \Device\Harddisk0\DR0 - ok
    20:44:32.0656 4600 Boot (0x1200) (b94ea66be3341ab972b23f806d7fde84) \Device\Harddisk0\DR0\Partition0
    20:44:32.0657 4600 \Device\Harddisk0\DR0\Partition0 - ok
    20:44:32.0662 4600 Boot (0x1200) (886e11a5289c7ee6a57fe88af9e22ac1) \Device\Harddisk0\DR0\Partition1
    20:44:32.0665 4600 \Device\Harddisk0\DR0\Partition1 - ok
    20:44:32.0667 4600 ============================================================
    20:44:32.0667 4600 Scan finished
    20:44:32.0667 4600 ============================================================
    20:44:32.0688 4852 Detected object count: 5
    20:44:32.0689 4852 Actual detected object count: 5
    20:44:51.0531 4852 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - skipped by user
    20:44:51.0531 4852 AdobeActiveFileMonitor4.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:44:51.0532 4852 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
    20:44:51.0532 4852 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:44:51.0538 4852 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
    20:44:51.0538 4852 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:44:51.0544 4852 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
    20:44:51.0544 4852 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:44:51.0545 4852 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
    20:44:51.0545 4852 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
    20:47:57.0715 3004 Deinitialize success


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-08 20:49:44
    -----------------------------
    20:49:44.374 OS Version: Windows 6.0.6002 Service Pack 2
    20:49:44.374 Number of processors: 2 586 0x6B01
    20:49:44.376 ComputerName: ARLEEN-PC UserName: mom
    20:49:49.343 Initialize success
    20:50:42.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
    20:50:42.779 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 6
    20:50:42.829 Disk 0 MBR read successfully
    20:50:42.836 Disk 0 MBR scan
    20:50:42.842 Disk 0 unknown MBR code
    20:50:42.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296182 MB offset 63
    20:50:42.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9060 MB offset 606582270
    20:50:42.902 Disk 0 scanning sectors +625137345
    20:50:42.991 Disk 0 scanning C:\Windows\system32\drivers
    20:50:51.171 Service scanning
    20:51:05.144 Modules scanning
    20:51:13.257 Disk 0 trace - called modules:
    20:51:13.294 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    20:51:13.299 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864472d8]
    20:51:13.651 3 CLASSPNP.SYS[8a1a98b3] -> nt!IofCallDriver -> [0x852b4e00]
    20:51:13.658 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\00000057[0x85337c90]
    20:51:13.665 Scan finished successfully
    20:51:30.973 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
    20:51:30.998 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-08 20:49:44
    -----------------------------
    20:49:44.374 OS Version: Windows 6.0.6002 Service Pack 2
    20:49:44.374 Number of processors: 2 586 0x6B01
    20:49:44.376 ComputerName: ARLEEN-PC UserName: mom
    20:49:49.343 Initialize success
    20:50:42.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
    20:50:42.779 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 6
    20:50:42.829 Disk 0 MBR read successfully
    20:50:42.836 Disk 0 MBR scan
    20:50:42.842 Disk 0 unknown MBR code
    20:50:42.851 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296182 MB offset 63
    20:50:42.887 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9060 MB offset 606582270
    20:50:42.902 Disk 0 scanning sectors +625137345
    20:50:42.991 Disk 0 scanning C:\Windows\system32\drivers
    20:50:51.171 Service scanning
    20:51:05.144 Modules scanning
    20:51:13.257 Disk 0 trace - called modules:
    20:51:13.294 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    20:51:13.299 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x864472d8]
    20:51:13.651 3 CLASSPNP.SYS[8a1a98b3] -> nt!IofCallDriver -> [0x852b4e00]
    20:51:13.658 5 acpi.sys[806086bc] -> nt!IofCallDriver -> \Device\00000057[0x85337c90]
    20:51:13.665 Scan finished successfully
    20:51:30.973 Disk 0 MBR has been saved successfully to "C:\Users\mom\Desktop\MBR.dat"
    20:51:30.998 The log file has been saved successfully to "C:\Users\mom\Desktop\aswMBR.txt"

    ComboFix 12-07-08.01 - mom 07/08/2012 21:03:28.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1770 [GMT -6:00]
    Running from: c:\users\mom\Desktop\Username123.exe.exe
    AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\mom\Documents\~WRL0001.tmp
    c:\users\mom\Documents\~WRL0195.tmp
    c:\users\mom\Documents\~WRL2334.tmp
    c:\users\mom\Documents\~WRL2786.tmp
    c:\users\mom\Documents\~WRL3233.tmp
    c:\users\mom\Documents\~WRL4028.tmp
    c:\windows\Downloaded Program Files\Temp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-09 03:12 . 2012-07-09 03:12 -------- d-----w- c:\users\Rich\AppData\Local\temp
    2012-07-09 03:12 . 2012-07-09 03:12 -------- d-----w- c:\users\Margaret\AppData\Local\temp
    2012-07-09 03:12 . 2012-07-09 03:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-08 20:31 . 2012-07-08 20:31 -------- d-----w- c:\program files\Common Files\Java
    2012-07-08 19:56 . 2012-07-08 19:56 -------- d-----w- c:\program files\Oracle
    2012-07-08 19:54 . 2012-05-05 01:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-07-05 19:12 . 2012-07-05 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-05 16:31 . 2012-07-05 16:31 -------- d-----w- c:\users\mom\AppData\Roaming\Malwarebytes
    2012-07-05 16:30 . 2012-07-05 16:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-22 15:35 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-22 15:35 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-22 15:35 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-22 15:35 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-22 15:34 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-22 15:34 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-22 15:34 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-22 15:34 . 2012-06-02 21:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-22 15:34 . 2012-06-02 21:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 04:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-14 04:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-25 15:23 . 2012-05-25 15:23 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
    2012-05-05 01:29 . 2011-03-26 17:20 687504 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-04 21:17 . 2012-03-31 13:00 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-04 21:17 . 2011-06-11 13:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Akamai NetSession Interface"="c:\users\mom\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
    "OpwareSE4"="c:\program files\ScanSoft\OpwareSE4.exe" [2006-10-11 75304]
    "WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
    "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-14 520192]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-30 13797992]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
    "QuickTime Task"="c:\program files\quicktime\QTTask.exe" [2010-11-29 421888]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
    .
    c:\users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    HP SimpleSave Monitor.lnk - c:\users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [2011-9-29 477080]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    NETGEAR WNA1000M Smart Wizard.lnk - c:\program files\NETGEAR\WNA1000M\WNA1000M.exe [2011-2-22 2079200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
    2009-08-05 16:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 10224428
    *NewlyCreated* - ASWMBR
    *Deregistered* - 10224428
    *Deregistered* - aswMBR
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 21:17]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 02:27]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-05 02:27]
    .
    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001Core.job
    - c:\users\mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 11:48]
    .
    2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001UA.job
    - c:\users\mom\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-23 11:48]
    .
    2012-07-06 c:\windows\Tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}.job
    - c:\windows\system32\msfeedssync.exe [2012-06-14 03:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: wellsfargo.com\online
    TCP: DhcpNameServer = 205.171.2.65 205.171.3.65
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
    Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-08 21:12
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-07-08 21:15:04
    ComboFix-quarantined-files.txt 2012-07-09 03:15
    .
    Pre-Run: 160,397,287,424 bytes free
    Post-Run: 160,338,395,136 bytes free
    .
    - - End Of File - - A72FA7A741E24190C2C270B68659B177


    Thanks for helping!!!
     
  6. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,777
    Thanks :)

    Just a few more tools, and then we'll start to dig out any remains etc ;)

    Download RogueKiller to your desktop

    1. Quit all running programs
    2. For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
    3. Wait until the Pre-scan has finished.
    4. Click on Scan
    5. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
    6. Click on Report and copy/paste the contents here.

    -----------

    Download OTL to your Desktop

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Select All Users
    • Please copy the text in the code box below and paste it in the Custom Scans/Fixes box in OTL:

      Code:
      netsvcs
      activex
      msconfig
      %SYSTEMDRIVE%\*.
      %PROGRAMFILES%\*.exe
      %LOCALAPPDATA%\*.exe
      %windir%\Installer\*.*
      %windir%\system32\tasks\*.*
      %systemroot%\Fonts\*.exe
      %systemroot%\*. /mp /s
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      regedit.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,777
    Just seen that the site for the OTL is currently down for today, so you may be able to run that tomorrow ;)

    Just letting you know in case you wonder why you can't get the program :)
     
  8. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    RogueKiller V7.6.3 [07/08/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User: mom [Admin rights]
    Mode: Scan -- Date: 07/09/2012 19:33:22

    ¤¤¤ Bad processes: 1 ¤¤¤
    [SUSP PATH] StartHelper.exe -- C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries: 5 ¤¤¤
    [SUSP PATH] HP SimpleSave Monitor.lnk @mom : C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver: [LOADED] ¤¤¤
    SSDT[64] : NtCreateKey @ 0x8220E140 -> HOOKED (Unknown @ 0x87E9B55C)
    SSDT[67] : NtCreateMutant @ 0x8223F812 -> HOOKED (Unknown @ 0x87E9B26C)
    SSDT[72] : NtCreateProcess @ 0x822B0DAB -> HOOKED (Unknown @ 0x87EDD7B4)
    SSDT[73] : NtCreateProcessEx @ 0x822B0DF6 -> HOOKED (Unknown @ 0x87E9B6AC)
    SSDT[77] : NtCreateSymbolicLinkObject @ 0x821DF35A -> HOOKED (Unknown @ 0x87DA0F9C)
    SSDT[78] : NtCreateThread @ 0x822B0BE0 -> HOOKED (Unknown @ 0x87E9B314)
    SSDT[123] : NtDeleteKey @ 0x821D1727 -> HOOKED (Unknown @ 0x87E9B4EC)
    SSDT[126] : NtDeleteValueKey @ 0x821CCCC8 -> HOOKED (Unknown @ 0x87E9B444)
    SSDT[129] : NtDuplicateObject @ 0x82217551 -> HOOKED (Unknown @ 0x87DA0F64)
    SSDT[165] : NtLoadDriver @ 0x8218ADEE -> HOOKED (Unknown @ 0x87E9B2A4)
    SSDT[194] : NtOpenProcess @ 0x8223FFAE -> HOOKED (Unknown @ 0x87E9B63C)
    SSDT[197] : NtOpenSection @ 0x8223066D -> HOOKED (Unknown @ 0x87E9B40C)
    SSDT[201] : NtOpenThread @ 0x8223B4FF -> HOOKED (Unknown @ 0x87E9B604)
    SSDT[267] : NtRenameKey @ 0x822736AC -> HOOKED (Unknown @ 0x87E9B4B4)
    SSDT[280] : NtRestoreKey @ 0x82271DB2 -> HOOKED (Unknown @ 0x87E9B47C)
    SSDT[317] : NtSetSystemInformation @ 0x82205EEB -> HOOKED (Unknown @ 0x87DA0FD4)
    SSDT[324] : NtSetValueKey @ 0x821FD3C2 -> HOOKED (Unknown @ 0x87E9B524)
    SSDT[334] : NtTerminateProcess @ 0x82210143 -> HOOKED (Unknown @ 0x87E9B5CC)
    SSDT[335] : NtTerminateThread @ 0x8223B534 -> HOOKED (Unknown @ 0x87E9B594)
    SSDT[358] : NtWriteVirtualMemory @ 0x8222C92D -> HOOKED (Unknown @ 0x87E9B3D4)
    SSDT[382] : NtCreateThreadEx @ 0x8223AFE9 -> HOOKED (Unknown @ 0x87E9B2DC)
    SSDT[383] : NtCreateUserProcess @ 0x821E8C11 -> HOOKED (Unknown @ 0x87E9B674)
    S_SSDT[572] : Unknown -> HOOKED (Unknown @ 0x84BB1F5C)
    S_SSDT[573] : Unknown -> HOOKED (Unknown @ 0xAFE2E0B4)

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD32 00AAJS-65RYA SCSI Disk Device +++++
    --- User ---
    [MBR] 43b9e8a8a7ad49ba0c2bf8a6de75ab27
    [BSP] 2552b2d2227b2ea2b3c92a526a1a6f5d : HP tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 296182 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 606582270 | Size: 9060 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  9. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    OTL logfile created on: 7/9/2012 7:45:22 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\mom\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.86% Memory free
    6.07 Gb Paging File | 4.85 Gb Available in Paging File | 79.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.24 Gb Total Space | 147.89 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
    Drive D: | 8.85 Gb Total Space | 0.85 Gb Free Space | 9.59% Space Free | Partition Type: NTFS

    Computer Name: ARLEEN-PC | User Name: mom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/09 19:41:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mom\Desktop\OTL.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\mom\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/04/03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/02/27 07:44:06 | 001,006,864 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
    PRC - [2012/02/27 07:44:06 | 000,133,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
    PRC - [2012/01/28 11:38:36 | 000,200,632 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    PRC - [2012/01/28 11:38:36 | 000,142,952 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    PRC - [2011/02/22 09:34:42 | 002,079,200 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    PRC - [2010/12/14 08:49:23 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
    PRC - [2010/11/16 22:18:22 | 000,174,560 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
    PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2008/01/15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/04/18 09:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
    PRC - [2007/02/15 05:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    PRC - [2007/01/14 02:25:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OpWareSE4.exe
    PRC - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    PRC - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    PRC - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    PRC - [2005/09/09 01:18:10 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/28 11:38:36 | 000,057,344 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_36.dll
    MOD - [2012/01/28 11:38:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_36.dll
    MOD - [2011/02/22 13:02:14 | 000,294,912 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WConn.dll
    MOD - [2011/02/22 09:34:42 | 002,079,200 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
    MOD - [2011/01/25 15:21:10 | 000,413,696 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\WlanDll.dll
    MOD - [2011/01/07 13:20:06 | 000,315,392 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1000M\XParser.dll
    MOD - [2009/11/03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2007/01/14 02:25:16 | 000,520,192 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    MOD - [2006/09/20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    MOD - [2006/09/19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
    SRV - [2012/05/04 15:17:22 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/03 23:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/11/16 22:18:22 | 000,174,560 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe -- (WlanWpsSvc)
    SRV - [2008/10/10 05:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2005/09/09 03:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mom\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/05/25 09:23:17 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
    DRV - [2012/01/28 11:38:42 | 000,205,072 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
    DRV - [2012/01/28 11:38:42 | 000,171,280 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmnciesc.sys -- (tmnciesc)
    DRV - [2012/01/28 11:38:42 | 000,092,432 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
    DRV - [2012/01/28 11:38:42 | 000,081,168 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmactmon.sys -- (tmactmon)
    DRV - [2012/01/28 11:38:42 | 000,068,368 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmevtmgr.sys -- (tmevtmgr)
    DRV - [2012/01/28 11:38:42 | 000,055,056 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tmeevw.sys -- (tmeevw)
    DRV - [2011/01/31 16:03:44 | 000,700,520 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WNA1000M.sys -- (RTL8192cu)
    DRV - [2009/10/30 18:01:10 | 009,803,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/09/27 16:55:26 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/05/08 12:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2008/05/08 12:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
    DRV - [2007/10/26 10:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/18 14:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/23 09:50:50 | 000,025,896 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\RtlProt.sys -- (RtlProt)
    DRV - [2007/01/04 20:28:02 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
    DRV - [2007/01/04 20:28:00 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DgiVecp.sys -- (DgiVecp)
    DRV - [2006/11/02 01:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{5E28D0DD-6B3D-4816-B2FC-98815AC37972}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes,DefaultScope = {5E28D0DD-6B3D-4816-B2FC-98815AC37972}
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{3AE48F1A-60FB-41D7-9E55-4671E4F3B744}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{3F87AC14-2F2C-49F8-84FB-76EBCE505014}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADFA_en
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{5E28D0DD-6B3D-4816-B2FC-98815AC37972}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&amp;entrypoint={referrer:source?}&amp;FORM=HVDUS7
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mom\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mom\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/03/28 07:38:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/03/28 07:38:20 | 000,000,000 | ---D | M]

    [2011/11/14 10:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/14 10:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/04/04 20:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/24 09:03:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/11/01 07:27:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2009/12/23 19:50:21 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Users\mom\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\program files\quicktime\plugins\npqtplugin7.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: YouTube = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: AdBlock = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
    CHR - Extension: IE Tab = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\3.6.30.1_0\
    CHR - Extension: Gmail = C:\Users\mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/08 21:12:48 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
    O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
    O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OpwareSE4.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
    O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
    O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
    O4 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001..\Run: [Akamai NetSession Interface] C:\Users\mom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O4 - Startup: C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Users\mom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\mom\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..Trusted Domains: wellsfargo.com ([online] https in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.2.65 205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{142D7A48-6039-47FA-9220-F882F10A089E}: DhcpNameServer = 205.171.2.65 205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{391675B9-B6C1-4B72-8A03-4A2D686CC3B1}: DhcpNameServer = 192.168.1.1 0.0.0.0 0.0.0.0
    O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
    O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/08/29 20:49:30 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
    ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
    ActiveX: >{62952299-B15D-4091-8EAC-B1357F841D22} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    MsConfig - StartUpReg: HPADVISOR - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/09 19:41:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\mom\Desktop\OTL.exe
    [2012/07/09 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\mom\Desktop\RK_Quarantine
    [2012/07/09 19:27:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/09 09:07:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/08 21:15:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/08 20:59:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/08 20:59:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/08 20:59:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/08 20:59:30 | 000,000,000 | ---D | C] -- C:\Username123.exe
    [2012/07/08 20:59:23 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/08 20:58:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/08 20:52:54 | 004,573,972 | R--- | C] (Swearware) -- C:\Users\mom\Desktop\Username123.exe.exe
    [2012/07/08 20:48:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\mom\Desktop\aswMBR.exe
    [2012/07/08 20:40:27 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/07/08 20:39:11 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mom\Desktop\tdsskiller.exe
    [2012/07/08 14:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/07/08 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
    [2012/07/05 13:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2012/07/05 10:31:05 | 000,000,000 | ---D | C] -- C:\Users\mom\AppData\Roaming\Malwarebytes
    [2012/07/05 10:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/09 19:55:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001UA.job
    [2012/07/09 19:41:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mom\Desktop\OTL.exe
    [2012/07/09 19:30:07 | 001,558,016 | ---- | M] () -- C:\Users\mom\Desktop\RogueKiller.exe
    [2012/07/09 19:30:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/09 19:17:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/09 18:57:03 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 18:57:03 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/09 17:09:37 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/09 16:57:42 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001Core.job
    [2012/07/09 16:57:23 | 000,064,097 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/07/09 16:57:23 | 000,064,097 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/07/09 16:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/09 09:13:22 | 000,615,676 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/09 09:13:22 | 000,107,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/08 21:12:48 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/08 20:53:24 | 004,573,972 | R--- | M] (Swearware) -- C:\Users\mom\Desktop\Username123.exe.exe
    [2012/07/08 20:51:30 | 000,000,512 | ---- | M] () -- C:\Users\mom\Desktop\MBR.dat
    [2012/07/08 20:49:01 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\mom\Desktop\aswMBR.exe
    [2012/07/08 20:41:02 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/07/08 20:39:20 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mom\Desktop\tdsskiller.exe
    [2012/07/07 17:02:49 | 301,736,925 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/06 10:39:00 | 000,000,388 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}.job
    [2012/07/05 10:25:02 | 000,881,475 | ---- | M] () -- C:\Users\mom\Desktop\SecurityCheck.exe
    [2012/07/03 21:21:17 | 000,008,192 | ---- | M] () -- C:\Users\mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/07/01 16:59:09 | 000,002,037 | ---- | M] () -- C:\Users\mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/06/29 10:35:18 | 000,029,378 | ---- | M] () -- C:\Users\mom\Documents\cc_20120629_103509.reg
    [2012/06/28 20:04:37 | 000,000,680 | ---- | M] () -- C:\Users\mom\AppData\Local\d3d9caps.dat
    [2012/06/20 09:40:05 | 000,526,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/06/13 15:44:58 | 000,000,869 | ---- | M] () -- C:\Users\mom\Desktop\ONLY IN CASE OF EMERGENCY.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [1 C:\*.tmp files -> C:\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/09 19:30:08 | 001,558,016 | ---- | C] () -- C:\Users\mom\Desktop\RogueKiller.exe
    [2012/07/08 20:59:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/08 20:59:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/08 20:59:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/08 20:59:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/08 20:59:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/08 20:51:30 | 000,000,512 | ---- | C] () -- C:\Users\mom\Desktop\MBR.dat
    [2012/07/08 20:41:02 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
    [2012/07/08 20:41:01 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/07/05 10:25:09 | 000,881,475 | ---- | C] () -- C:\Users\mom\Desktop\SecurityCheck.exe
    [2012/06/29 12:06:54 | 301,736,925 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/29 10:35:14 | 000,029,378 | ---- | C] () -- C:\Users\mom\Documents\cc_20120629_103509.reg
    [2012/06/28 20:04:37 | 000,000,680 | ---- | C] () -- C:\Users\mom\AppData\Local\d3d9caps.dat
    [2012/06/13 15:44:58 | 000,000,869 | ---- | C] () -- C:\Users\mom\Desktop\ONLY IN CASE OF EMERGENCY.lnk
    [2012/01/28 11:48:41 | 000,000,056 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat
    [2011/10/24 12:43:45 | 000,000,173 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
    [2011/05/18 15:34:44 | 000,001,940 | ---- | C] () -- C:\Users\mom\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/05/07 09:46:55 | 000,064,097 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/05/07 09:46:55 | 000,064,097 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2009/12/09 17:51:35 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2008/08/20 13:29:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/02/05 17:25:10 | 000,015,001 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2007/12/26 11:28:49 | 000,008,192 | ---- | C] () -- C:\Users\mom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2012/02/26 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Audacity
    [2008/01/04 22:00:06 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Canon
    [2009/12/23 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\E-centives
    [2008/09/03 07:44:08 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Leadertech
    [2011/09/29 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\muvee Technologies
    [2012/02/02 15:03:27 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\NewSoft
    [2011/05/11 22:31:29 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Nolo
    [2008/03/05 21:06:37 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Opera
    [2011/03/26 11:27:06 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\pdf995
    [2007/12/26 12:22:51 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\ScanSoft
    [2011/11/14 10:38:51 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\Snapfish
    [2012/05/05 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\TaxCut
    [2012/05/25 09:34:06 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\TrueCrypt
    [2008/02/08 13:22:38 | 000,000,000 | ---D | M] -- C:\Users\mom\AppData\Roaming\WinBatch
    [2012/07/08 23:09:09 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/07/06 10:39:00 | 000,000,388 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*. >
    [2012/07/08 21:15:13 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
    [2010/05/21 21:24:45 | 000,000,000 | ---D | M] -- C:\Boot
    [2012/07/09 09:07:17 | 000,000,000 | ---D | M] -- C:\Config.Msi
    [2006/11/02 07:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
    [2009/10/20 05:19:42 | 000,000,000 | ---D | M] -- C:\hp
    [2007/12/21 23:15:16 | 000,000,000 | R--D | M] -- C:\MSOCache
    [2008/09/03 09:04:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
    [2012/07/08 13:56:27 | 000,000,000 | R--D | M] -- C:\Program Files
    [2012/07/05 13:12:50 | 000,000,000 | ---D | M] -- C:\ProgramData
    [2012/07/08 21:15:10 | 000,000,000 | ---D | M] -- C:\Qoobox
    [2010/02/04 21:43:20 | 000,000,000 | ---D | M] -- C:\QT$INST$.TMP
    [2008/10/20 19:02:36 | 000,000,000 | ---D | M] -- C:\swsetup
    [2012/07/09 19:49:50 | 000,000,000 | -HSD | M] -- C:\System Volume Information
    [2012/07/09 19:27:59 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
    [2012/03/25 14:45:16 | 000,000,000 | ---D | M] -- C:\temp
    [2012/07/08 21:15:13 | 000,000,000 | ---D | M] -- C:\Username123.exe
    [2008/01/01 12:45:28 | 000,000,000 | R--D | M] -- C:\Users
    [2012/07/09 09:07:22 | 000,000,000 | ---D | M] -- C:\Windows

    < %PROGRAMFILES%\*.exe >

    < %LOCALAPPDATA%\*.exe >

    < %windir%\Installer\*.* >
    [2009/01/05 15:52:42 | 000,022,528 | ---- | M] () -- C:\Windows\Installer\101f22b4.msi
    [2009/01/05 15:55:03 | 002,335,744 | ---- | M] () -- C:\Windows\Installer\101f22b8.msi
    [2009/01/05 15:56:16 | 000,032,256 | ---- | M] () -- C:\Windows\Installer\101f22bc.msi
    [2009/01/05 15:56:44 | 000,060,928 | ---- | M] () -- C:\Windows\Installer\101f22c0.msi
    [2009/01/05 15:57:22 | 000,052,736 | ---- | M] () -- C:\Windows\Installer\101f22c4.msi
    [2009/01/05 15:57:37 | 000,020,992 | ---- | M] () -- C:\Windows\Installer\101f22c8.msi
    [2008/12/22 15:53:06 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\10814410.msp
    [2008/12/22 15:52:50 | 000,103,424 | R--- | M] () -- C:\Windows\Installer\10814420.msp
    [2008/12/22 15:51:26 | 000,248,832 | R--- | M] () -- C:\Windows\Installer\10814462.msp
    [2008/12/22 15:52:03 | 003,734,016 | R--- | M] () -- C:\Windows\Installer\10814527.msp
    [2008/12/22 15:50:34 | 005,406,720 | R--- | M] () -- C:\Windows\Installer\1081466a.msp
    [2011/09/07 07:18:30 | 001,356,800 | ---- | M] () -- C:\Windows\Installer\10a137.msi
    [2011/08/18 17:21:10 | 000,019,968 | ---- | M] () -- C:\Windows\Installer\10f05c.msi
    [2012/01/15 21:56:52 | 002,189,312 | ---- | M] () -- C:\Windows\Installer\1197122.msi
    [2012/02/03 15:13:48 | 004,988,928 | R--- | M] () -- C:\Windows\Installer\11e36b7f.msp
    [2011/10/26 15:38:54 | 002,830,848 | R--- | M] () -- C:\Windows\Installer\11e36b87.msp
    [2012/03/05 19:49:29 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\11e36b92.msp
    [2010/02/04 00:59:48 | 005,031,936 | R--- | M] () -- C:\Windows\Installer\12951cf.msp
    [2010/02/21 01:00:02 | 008,480,768 | R--- | M] () -- C:\Windows\Installer\12951e1.msp
    [2010/02/04 17:24:30 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\1295205.msp
    [2011/04/13 10:37:02 | 019,201,024 | R--- | M] () -- C:\Windows\Installer\12cb04.msp
    [2011/04/29 11:33:30 | 008,173,568 | R--- | M] () -- C:\Windows\Installer\12cb15.msp
    [2011/03/25 08:03:44 | 005,079,552 | R--- | M] () -- C:\Windows\Installer\12cb2f.msp
    [2011/06/28 07:59:53 | 020,333,056 | R--- | M] () -- C:\Windows\Installer\12cb3a.msp
    [2011/04/29 11:28:40 | 001,995,264 | R--- | M] () -- C:\Windows\Installer\12cb4b.msp
    [2011/04/29 11:31:46 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\12cb6f.msp
    [2008/11/20 14:48:44 | 005,097,472 | R--- | M] () -- C:\Windows\Installer\135d10.msp
    [2008/06/05 12:56:36 | 005,111,808 | R--- | M] () -- C:\Windows\Installer\13908638.msp
    [2010/05/07 09:44:13 | 000,119,296 | ---- | M] () -- C:\Windows\Installer\14649e41.msi
    [2007/08/29 20:26:20 | 000,314,880 | ---- | M] () -- C:\Windows\Installer\15277.msi
    [2009/11/22 13:04:14 | 000,323,072 | ---- | M] () -- C:\Windows\Installer\16dd7fa.msi
    [2007/10/14 22:43:14 | 229,852,160 | R--- | M] () -- C:\Windows\Installer\1710bafe.msp
    [2007/10/14 22:43:32 | 021,981,184 | R--- | M] () -- C:\Windows\Installer\1710bb27.msp
    [2007/10/14 22:43:46 | 005,749,760 | R--- | M] () -- C:\Windows\Installer\1710bb66.msp
    [2007/10/14 22:43:38 | 012,743,168 | R--- | M] () -- C:\Windows\Installer\1710bb78.msp
    [2007/10/14 22:46:48 | 000,324,608 | R--- | M] () -- C:\Windows\Installer\1710bb85.msp
    [2007/10/14 22:44:28 | 000,324,608 | R--- | M] () -- C:\Windows\Installer\1710bb8c.msp
    [2012/01/22 08:09:26 | 001,700,352 | R--- | M] () -- C:\Windows\Installer\1944bec.msp
    [2011/11/01 11:34:26 | 001,169,920 | R--- | M] () -- C:\Windows\Installer\1944bfd.msp
    [2012/03/23 12:59:02 | 007,899,648 | R--- | M] () -- C:\Windows\Installer\1944c21.msp
    [2012/03/26 22:28:54 | 005,009,920 | R--- | M] () -- C:\Windows\Installer\1944c47.msp
    [2007/12/06 21:24:04 | 000,431,104 | ---- | M] () -- C:\Windows\Installer\1acc57e.msi
    [2009/07/22 16:11:06 | 000,024,064 | ---- | M] () -- C:\Windows\Installer\1b2f0a1.msi
    [2010/03/30 20:11:37 | 023,597,056 | R--- | M] () -- C:\Windows\Installer\1b86aa.msp
    [2011/07/27 06:39:50 | 009,892,352 | R--- | M] () -- C:\Windows\Installer\1dda19.msp
    [2011/07/27 06:37:28 | 011,592,192 | R--- | M] () -- C:\Windows\Installer\1dda46.msp
    [2011/09/06 20:48:02 | 008,181,248 | R--- | M] () -- C:\Windows\Installer\1dda58.msp
    [2011/07/21 11:34:34 | 003,456,000 | R--- | M] () -- C:\Windows\Installer\1dda76.msp
    [2011/08/10 16:42:04 | 007,070,208 | R--- | M] () -- C:\Windows\Installer\1dda87.msp
    [2011/08/24 05:37:22 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\1ddaad.msp
    [2011/09/06 20:46:22 | 009,006,080 | R--- | M] () -- C:\Windows\Installer\1ddabf.msp
    [2011/08/10 16:43:30 | 003,795,968 | R--- | M] () -- C:\Windows\Installer\1ddae3.msp
    [2011/04/28 09:54:26 | 002,720,768 | R--- | M] () -- C:\Windows\Installer\1e54a6c.msp
    [2011/04/06 20:43:30 | 123,313,664 | R--- | M] () -- C:\Windows\Installer\1e54a82.msp
    [2011/05/18 21:55:38 | 019,624,448 | R--- | M] () -- C:\Windows\Installer\1e54a98.msp
    [2011/07/27 06:42:04 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\1e54aab.msp
    [2009/01/07 20:25:16 | 005,046,784 | R--- | M] () -- C:\Windows\Installer\20872db.msp
    [2009/08/18 11:50:38 | 012,022,272 | R--- | M] () -- C:\Windows\Installer\2155614.msp
    [2009/08/18 12:08:34 | 001,373,696 | R--- | M] () -- C:\Windows\Installer\2155626.msp
    [2009/09/17 13:03:58 | 004,873,216 | R--- | M] () -- C:\Windows\Installer\215564b.msp
    [2009/09/18 08:30:44 | 005,016,576 | R--- | M] () -- C:\Windows\Installer\215565e.msp
    [2009/07/27 03:31:24 | 003,738,624 | R--- | M] () -- C:\Windows\Installer\2155670.msp
    [2009/08/05 06:49:32 | 003,457,024 | R--- | M] () -- C:\Windows\Installer\2155696.msp
    [2008/08/18 11:37:12 | 003,561,984 | R--- | M] () -- C:\Windows\Installer\2170443.msp
    [2008/05/20 23:45:28 | 005,246,976 | R--- | M] () -- C:\Windows\Installer\2170459.msp
    [2008/08/11 10:49:32 | 022,457,344 | R--- | M] () -- C:\Windows\Installer\217046b.msp
    [2008/08/11 10:51:14 | 015,916,544 | R--- | M] () -- C:\Windows\Installer\217048f.msp
    [2008/08/20 13:37:52 | 005,107,712 | R--- | M] () -- C:\Windows\Installer\21704b5.msp
    [2007/12/21 23:16:07 | 002,397,184 | ---- | M] () -- C:\Windows\Installer\219c4.msi
    [2007/12/21 23:16:48 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\219ca.msi
    [2007/12/21 23:16:55 | 001,713,152 | ---- | M] () -- C:\Windows\Installer\219d0.msi
    [2007/12/21 23:17:01 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\219d6.msi
    [2007/12/21 23:17:06 | 001,640,960 | ---- | M] () -- C:\Windows\Installer\219dc.msi
    [2007/12/21 23:17:13 | 000,513,024 | ---- | M] () -- C:\Windows\Installer\219e2.msi
    [2007/12/21 23:17:18 | 000,516,608 | ---- | M] () -- C:\Windows\Installer\219ea.msi
    [2007/12/21 23:17:25 | 000,506,880 | ---- | M] () -- C:\Windows\Installer\219f1.msi
    [2007/12/21 23:17:29 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\219f7.msi
    [2007/12/21 23:17:34 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\219fd.msi
    [2007/12/21 23:19:19 | 009,613,312 | ---- | M] () -- C:\Windows\Installer\21a17.msi
    [2007/12/21 23:20:24 | 001,046,016 | ---- | M] () -- C:\Windows\Installer\21a1e.msi
    [2007/03/21 08:46:30 | 008,198,656 | R--- | M] () -- C:\Windows\Installer\21a2f.msp
    [2007/03/21 08:46:30 | 002,047,488 | R--- | M] () -- C:\Windows\Installer\21a41.msp
    [2010/07/23 01:04:08 | 011,395,072 | R--- | M] () -- C:\Windows\Installer\226101d.msp
    [2010/11/18 19:05:05 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\2261026.msp
    [2010/05/20 19:57:12 | 005,907,456 | R--- | M] () -- C:\Windows\Installer\2261042.msp
    [2010/05/20 19:57:18 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\2261043.msp
    [2010/04/24 17:07:58 | 004,667,392 | R--- | M] () -- C:\Windows\Installer\2261056.msp
    [2010/03/24 18:54:54 | 002,516,992 | R--- | M] () -- C:\Windows\Installer\226107a.msp
    [2010/11/18 19:07:55 | 020,303,872 | R--- | M] () -- C:\Windows\Installer\2261095.msp
    [2010/08/13 18:00:36 | 009,404,928 | R--- | M] () -- C:\Windows\Installer\22610a7.msp
    [2010/09/23 21:02:28 | 000,798,208 | R--- | M] () -- C:\Windows\Installer\22610c1.msp
    [2010/11/10 14:12:50 | 001,797,632 | ---- | M] () -- C:\Windows\Installer\232a91.msi
    [2011/04/28 04:42:32 | 004,990,976 | R--- | M] () -- C:\Windows\Installer\233bca.msp
    [2011/04/29 11:27:04 | 004,158,464 | R--- | M] () -- C:\Windows\Installer\233bdc.msp
    [2011/04/22 18:41:34 | 011,507,712 | R--- | M] () -- C:\Windows\Installer\233c08.msp
    [2010/10/07 18:43:04 | 001,980,416 | R--- | M] () -- C:\Windows\Installer\249fffc.msp
    [2010/08/04 15:13:04 | 000,686,080 | R--- | M] () -- C:\Windows\Installer\24a0020.msp
    [2010/08/13 18:02:20 | 002,545,664 | R--- | M] () -- C:\Windows\Installer\24a0044.msp
    [2010/08/13 17:59:46 | 008,182,272 | R--- | M] () -- C:\Windows\Installer\24a0068.msp
    [2010/08/13 18:01:28 | 008,993,280 | R--- | M] () -- C:\Windows\Installer\24a008c.msp
    [2010/10/21 18:12:42 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\24a00b2.msp
    [2010/09/17 06:04:16 | 009,401,856 | R--- | M] () -- C:\Windows\Installer\24a00c4.msp
    [2012/07/08 14:31:32 | 000,176,128 | ---- | M] () -- C:\Windows\Installer\26a153.msi
    [2010/01/12 20:30:26 | 003,188,224 | ---- | M] () -- C:\Windows\Installer\26a3cd0.msi
    [2010/01/12 20:34:03 | 013,247,488 | R--- | M] () -- C:\Windows\Installer\26a4288.msp
    [2008/02/25 19:37:52 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\26ce20e.msi
    [2008/02/25 19:37:59 | 000,501,248 | ---- | M] () -- C:\Windows\Installer\26ce214.msi
    [2008/02/25 19:38:25 | 002,022,912 | ---- | M] () -- C:\Windows\Installer\26ce21e.msi
    [2008/02/25 19:39:09 | 001,652,736 | ---- | M] () -- C:\Windows\Installer\26ce238.msi
    [2008/02/25 19:41:58 | 012,836,352 | ---- | M] () -- C:\Windows\Installer\26ce245.msi
    [2009/09/23 20:33:48 | 000,049,664 | ---- | M] () -- C:\Windows\Installer\27024ef.msi
    [2009/09/23 20:33:50 | 015,709,696 | R--- | M] () -- C:\Windows\Installer\27024f6.msp
    [2009/05/09 22:12:55 | 001,549,312 | ---- | M] () -- C:\Windows\Installer\279f30d.msi
    [2012/01/28 11:47:43 | 001,313,280 | ---- | M] () -- C:\Windows\Installer\28329.msi
    [2011/03/24 18:59:04 | 016,826,368 | R--- | M] () -- C:\Windows\Installer\28912cd.msp
    [2010/01/24 22:44:37 | 015,710,720 | R--- | M] () -- C:\Windows\Installer\2a08c4c.msp
    [2009/12/03 14:15:12 | 005,004,288 | R--- | M] () -- C:\Windows\Installer\2a08c5f.msp
    [2010/03/11 22:59:18 | 005,031,424 | R--- | M] () -- C:\Windows\Installer\2c3f3b1.msp
    [2010/02/21 00:02:24 | 004,195,840 | R--- | M] () -- C:\Windows\Installer\2c3f3c5.msp
    [2010/02/21 00:03:34 | 004,472,832 | R--- | M] () -- C:\Windows\Installer\2c3f3dd.msp
    [2010/03/22 15:03:14 | 011,732,992 | R--- | M] () -- C:\Windows\Installer\2c3f3ef.msp
    [2010/01/28 22:41:08 | 018,015,232 | R--- | M] () -- C:\Windows\Installer\2f6b4d2.msp
    [2010/04/09 14:21:24 | 005,025,792 | R--- | M] () -- C:\Windows\Installer\302a7.msp
    [2009/10/16 06:08:48 | 002,237,952 | R--- | M] () -- C:\Windows\Installer\302b9.msp
    [2010/01/14 21:26:08 | 005,027,840 | R--- | M] () -- C:\Windows\Installer\30bcd4f.msp
    [2008/02/07 21:57:13 | 003,881,984 | R--- | M] () -- C:\Windows\Installer\32294f9.msp
    [2012/07/08 20:41:24 | 002,295,808 | ---- | M] () -- C:\Windows\Installer\3253c1.msi
    [2012/04/04 05:17:36 | 016,613,376 | R--- | M] () -- C:\Windows\Installer\3253c2.msp
    [2009/03/19 20:35:24 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\34b69.msp
    [2009/03/19 20:35:07 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\34b70.msp
    [2009/03/24 16:22:49 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\34b78.msp
    [2009/03/19 20:33:58 | 000,428,544 | R--- | M] () -- C:\Windows\Installer\34be2.msp
    [2009/03/19 20:32:40 | 000,170,496 | R--- | M] () -- C:\Windows\Installer\34bf8.msp
    [2009/03/24 16:20:26 | 002,630,656 | R--- | M] () -- C:\Windows\Installer\34c6e.msp
    [2009/10/20 20:42:51 | 000,027,648 | ---- | M] () -- C:\Windows\Installer\357fd87.msi
    [2009/10/20 20:43:08 | 000,021,504 | ---- | M] () -- C:\Windows\Installer\357fd8d.msi
    [2012/07/08 13:53:27 | 000,863,744 | ---- | M] () -- C:\Windows\Installer\3a314.msi
    [2012/07/08 13:56:31 | 000,457,216 | ---- | M] () -- C:\Windows\Installer\3a318.msi
    [2008/05/21 00:30:40 | 014,308,864 | R--- | M] () -- C:\Windows\Installer\3f31edc.msp
    [2012/03/24 12:31:07 | 015,585,792 | R--- | M] () -- C:\Windows\Installer\4254b1.msp
    [2008/10/10 06:48:06 | 009,688,064 | R--- | M] () -- C:\Windows\Installer\42bd7.msp
    [2008/11/13 22:40:50 | 000,432,640 | ---- | M] () -- C:\Windows\Installer\42bdf.msi
    [2008/09/24 12:05:44 | 016,381,440 | R--- | M] () -- C:\Windows\Installer\42bf0.msp
    [2008/10/10 06:39:06 | 001,926,144 | R--- | M] () -- C:\Windows\Installer\42c0a.msp
    [2008/10/20 10:19:14 | 005,100,032 | R--- | M] () -- C:\Windows\Installer\42c1e.msp
    [2008/10/10 06:52:50 | 005,195,264 | R--- | M] () -- C:\Windows\Installer\42c27.msp
    [2007/07/21 12:26:34 | 007,574,016 | R--- | M] () -- C:\Windows\Installer\46334bd.msp
    [2007/03/27 15:14:06 | 005,566,464 | R--- | M] () -- C:\Windows\Installer\46334e2.msp
    [2007/04/21 19:16:22 | 012,490,752 | R--- | M] () -- C:\Windows\Installer\4633506.msp
    [2008/10/10 06:39:56 | 018,344,960 | R--- | M] () -- C:\Windows\Installer\46cec.msp
    [2008/10/10 06:31:34 | 018,447,872 | R--- | M] () -- C:\Windows\Installer\46cf5.msp
    [2008/10/10 06:45:48 | 012,962,816 | R--- | M] () -- C:\Windows\Installer\46cfe.msp
    [2008/10/10 06:51:38 | 014,699,520 | R--- | M] () -- C:\Windows\Installer\46d07.msp
    [2011/11/11 16:16:20 | 008,458,240 | R--- | M] () -- C:\Windows\Installer\480ba41.msp
    [2011/11/11 16:15:00 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\480ba65.msp
    [2011/11/01 13:34:30 | 002,531,840 | R--- | M] () -- C:\Windows\Installer\480ba89.msp
    [2011/11/01 13:34:58 | 004,225,536 | R--- | M] () -- C:\Windows\Installer\480bab4.msp
    [2011/11/11 16:14:40 | 009,096,192 | R--- | M] () -- C:\Windows\Installer\480bac6.msp
    [2011/11/01 13:34:28 | 002,247,168 | R--- | M] () -- C:\Windows\Installer\480baea.msp
    [2011/11/01 13:34:56 | 004,250,112 | R--- | M] () -- C:\Windows\Installer\480bb10.msp
    [2008/02/25 14:08:26 | 005,050,368 | R--- | M] () -- C:\Windows\Installer\4890f.msp
    [2008/01/28 17:10:56 | 014,201,344 | R--- | M] () -- C:\Windows\Installer\48933.msp
    [2008/01/28 17:09:56 | 011,896,320 | R--- | M] () -- C:\Windows\Installer\48946.msp
    [2008/02/25 14:07:18 | 011,772,416 | R--- | M] () -- C:\Windows\Installer\4896a.msp
    [2011/01/14 09:58:05 | 003,056,128 | ---- | M] () -- C:\Windows\Installer\49de61.msi
    [2011/01/14 10:00:09 | 008,009,728 | R--- | M] () -- C:\Windows\Installer\49e276.msp
    [2009/07/27 03:32:20 | 005,028,352 | R--- | M] () -- C:\Windows\Installer\4bd0de6.msp
    [2009/05/26 17:54:44 | 004,192,768 | R--- | M] () -- C:\Windows\Installer\4bd0dff.msp
    [2012/03/25 09:25:34 | 000,022,016 | ---- | M] () -- C:\Windows\Installer\4bec937.msi
    [2008/10/10 06:30:10 | 019,258,880 | R--- | M] () -- C:\Windows\Installer\4c6de.msp
    [2011/06/21 11:01:14 | 004,991,488 | R--- | M] () -- C:\Windows\Installer\4d5d11.msp
    [2011/03/26 10:32:55 | 000,811,520 | ---- | M] () -- C:\Windows\Installer\4dc5a9.msi
    [2011/03/26 10:33:11 | 001,984,000 | ---- | M] () -- C:\Windows\Installer\4dc5dc.msi
    [2011/03/26 10:35:35 | 003,085,312 | ---- | M] () -- C:\Windows\Installer\4dc61d.msi
    [2011/03/26 10:39:32 | 009,472,000 | ---- | M] () -- C:\Windows\Installer\4dcd80.msi
    [2011/03/26 10:43:25 | 005,448,704 | ---- | M] () -- C:\Windows\Installer\4dd0b5.msi
    [2008/07/16 18:01:04 | 005,110,272 | R--- | M] () -- C:\Windows\Installer\4e1e8.msp
    [2008/04/11 17:48:24 | 006,774,272 | R--- | M] () -- C:\Windows\Installer\4e1fc.msp
    [2008/07/03 10:37:46 | 011,759,104 | R--- | M] () -- C:\Windows\Installer\4e220.msp
    [2008/07/03 10:36:32 | 011,937,792 | R--- | M] () -- C:\Windows\Installer\4e244.msp
    [2010/04/24 16:10:46 | 008,486,400 | R--- | M] () -- C:\Windows\Installer\4f5000a.msp
    [2010/04/24 16:07:04 | 010,118,144 | R--- | M] () -- C:\Windows\Installer\4f5002f.msp
    [2010/05/18 22:35:24 | 005,023,744 | R--- | M] () -- C:\Windows\Installer\4f50055.msp
    [2010/04/24 16:05:14 | 004,199,424 | R--- | M] () -- C:\Windows\Installer\4f50069.msp
    [2010/07/11 11:03:38 | 001,160,192 | ---- | M] () -- C:\Windows\Installer\4f50070.msi
    [2011/12/08 19:24:04 | 004,989,952 | R--- | M] () -- C:\Windows\Installer\53edea.msp
    [2011/12/26 05:06:20 | 005,115,392 | R--- | M] () -- C:\Windows\Installer\53edf2.msp
    [2011/12/25 05:40:46 | 000,819,200 | R--- | M] () -- C:\Windows\Installer\53edf9.msp
    [2010/07/23 01:03:24 | 000,338,432 | R--- | M] () -- C:\Windows\Installer\54ebbeb.msp
    [2010/11/20 23:35:20 | 003,359,744 | R--- | M] () -- C:\Windows\Installer\54ebc11.msp
    [2010/12/29 12:27:10 | 020,304,384 | R--- | M] () -- C:\Windows\Installer\54ebc1d.msp
    [2010/10/21 18:10:00 | 003,995,136 | R--- | M] () -- C:\Windows\Installer\54ebc34.msp
    [2011/11/21 22:07:36 | 017,191,936 | R--- | M] () -- C:\Windows\Installer\5694a51.msp
    [2012/01/14 10:29:09 | 007,880,704 | R--- | M] () -- C:\Windows\Installer\571e145.msp
    [2012/01/05 11:49:17 | 003,246,080 | ---- | M] () -- C:\Windows\Installer\57997db.msi
    [2009/02/06 22:31:16 | 005,047,808 | R--- | M] () -- C:\Windows\Installer\59b0627.msp
    [2009/04/24 11:29:02 | 009,013,760 | R--- | M] () -- C:\Windows\Installer\5a3b76c.msp
    [2009/04/14 03:50:22 | 005,191,680 | R--- | M] () -- C:\Windows\Installer\5a3b786.msp
    [2009/06/13 10:14:21 | 000,648,192 | ---- | M] () -- C:\Windows\Installer\5a3b78d.msi
    [2008/12/13 08:58:22 | 000,754,688 | R--- | M] () -- C:\Windows\Installer\5a3b798.msp
    [2009/04/14 02:22:08 | 019,840,000 | R--- | M] () -- C:\Windows\Installer\5a3b7a0.msp
    [2009/05/26 17:53:56 | 000,579,072 | R--- | M] () -- C:\Windows\Installer\5a3b7b2.msp
    [2009/05/07 08:17:54 | 005,026,816 | R--- | M] () -- C:\Windows\Installer\5a3b7d8.msp
    [2009/04/04 09:14:58 | 001,094,656 | R--- | M] () -- C:\Windows\Installer\5a3b7e4.msp
    [2009/04/04 10:36:32 | 021,390,848 | R--- | M] () -- C:\Windows\Installer\5a3b7e5.msp
    [2009/04/04 16:09:34 | 015,190,016 | R--- | M] () -- C:\Windows\Installer\5a3b804.msp
    [2009/04/04 16:08:40 | 343,058,432 | R--- | M] () -- C:\Windows\Installer\5a3b98a.msp
    [2009/04/04 16:10:08 | 009,926,144 | R--- | M] () -- C:\Windows\Installer\5a3ba55.msp
    [2009/04/04 16:10:16 | 007,888,384 | R--- | M] () -- C:\Windows\Installer\5a3ba5f.msp
    [2009/04/04 16:10:24 | 001,282,560 | R--- | M] () -- C:\Windows\Installer\5a3ba67.msp
    [2009/04/14 03:56:18 | 020,498,944 | R--- | M] () -- C:\Windows\Installer\5a3ba70.msp
    [2009/04/24 11:28:00 | 004,450,816 | R--- | M] () -- C:\Windows\Installer\5a3ba84.msp
    [2009/02/25 18:08:18 | 008,311,808 | R--- | M] () -- C:\Windows\Installer\5a3baa7.msp
    [2009/05/07 08:04:06 | 018,341,376 | R--- | M] () -- C:\Windows\Installer\5a3bac0.msp
    [2009/04/14 02:46:12 | 015,438,848 | R--- | M] () -- C:\Windows\Installer\5a3bac9.msp
    [2009/04/22 14:14:18 | 004,869,632 | R--- | M] () -- C:\Windows\Installer\5a3bade.msp
    [2009/04/24 11:30:16 | 002,583,552 | R--- | M] () -- C:\Windows\Installer\5a3baf1.msp
    [2009/04/14 03:51:24 | 001,303,040 | R--- | M] () -- C:\Windows\Installer\5a3bb0b.msp
    [2009/05/04 06:47:22 | 009,124,864 | R--- | M] () -- C:\Windows\Installer\5a3bb1e.msp
    [2009/04/14 03:21:34 | 015,303,168 | R--- | M] () -- C:\Windows\Installer\5a3bb39.msp
    [2009/05/04 06:46:14 | 008,299,008 | R--- | M] () -- C:\Windows\Installer\5a3bb4c.msp
    [2008/09/02 10:42:16 | 005,104,640 | R--- | M] () -- C:\Windows\Installer\5c7e2.msp
    [2008/02/05 17:47:17 | 003,856,384 | ---- | M] () -- C:\Windows\Installer\5cb6e.msi
    [2008/02/05 17:51:31 | 008,096,256 | R--- | M] () -- C:\Windows\Installer\5d02e.msp
    [2008/02/05 17:53:13 | 006,508,544 | R--- | M] () -- C:\Windows\Installer\5d422.msp
    [2008/02/05 17:54:30 | 002,228,736 | R--- | M] () -- C:\Windows\Installer\5d50e.msp
    [2008/02/05 17:55:06 | 004,192,768 | R--- | M] () -- C:\Windows\Installer\5d6f4.msp
    [2009/03/10 15:30:41 | 000,184,832 | R--- | M] () -- C:\Windows\Installer\5efa7b2.msp
    [2009/03/13 19:17:36 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\5efa7b9.msp
    [2009/03/13 19:17:15 | 000,078,848 | R--- | M] () -- C:\Windows\Installer\5efa7c5.msp
    [2009/03/13 19:16:22 | 002,057,728 | R--- | M] () -- C:\Windows\Installer\5efa846.msp
    [2009/03/13 19:14:58 | 000,858,112 | R--- | M] () -- C:\Windows\Installer\5efa978.msp
    [2009/03/13 19:13:40 | 003,161,088 | R--- | M] () -- C:\Windows\Installer\5efaa18.msp
    [2009/04/14 03:18:14 | 009,684,480 | R--- | M] () -- C:\Windows\Installer\5f01dff.msp
    [2009/04/14 03:49:26 | 001,922,560 | R--- | M] () -- C:\Windows\Installer\5f01e06.msp
    [2009/05/04 06:49:40 | 010,955,776 | R--- | M] () -- C:\Windows\Installer\5f01e3f.msp
    [2008/12/30 21:36:13 | 000,140,288 | R--- | M] () -- C:\Windows\Installer\6007a47.msp
    [2008/12/30 21:35:58 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\6007a4e.msp
    [2008/12/30 21:35:42 | 000,039,936 | R--- | M] () -- C:\Windows\Installer\6007a5a.msp
    [2008/12/30 21:35:02 | 001,701,888 | R--- | M] () -- C:\Windows\Installer\6007acf.msp
    [2008/12/30 21:34:27 | 000,146,432 | R--- | M] () -- C:\Windows\Installer\6007ae3.msp
    [2008/12/30 21:33:37 | 002,681,856 | R--- | M] () -- C:\Windows\Installer\6007b71.msp
    [2011/03/05 12:41:06 | 015,301,120 | R--- | M] () -- C:\Windows\Installer\62ca7c6.msp
    [2008/07/29 22:18:28 | 011,933,184 | R--- | M] () -- C:\Windows\Installer\63fdd.msp
    [2008/07/29 22:20:14 | 011,767,296 | R--- | M] () -- C:\Windows\Installer\64001.msp
    [2012/02/08 12:36:07 | 011,318,272 | R--- | M] () -- C:\Windows\Installer\653c265.msp
    [2012/02/08 12:37:23 | 001,477,632 | R--- | M] () -- C:\Windows\Installer\653c281.msp
    [2009/02/12 16:51:18 | 000,060,928 | R--- | M] () -- C:\Windows\Installer\663005e.msp
    [2009/02/12 21:09:42 | 000,075,776 | R--- | M] () -- C:\Windows\Installer\6630066.msp
    [2009/02/19 20:34:09 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\663006d.msp
    [2009/02/19 20:33:47 | 000,151,552 | R--- | M] () -- C:\Windows\Installer\6630079.msp
    [2009/02/19 20:31:58 | 001,038,336 | R--- | M] () -- C:\Windows\Installer\6630157.msp
    [2009/02/19 20:32:58 | 002,235,392 | R--- | M] () -- C:\Windows\Installer\66301e7.msp
    [2009/02/19 20:30:50 | 003,181,056 | R--- | M] () -- C:\Windows\Installer\6630299.msp
    [2010/01/15 14:52:46 | 014,853,632 | R--- | M] () -- C:\Windows\Installer\684f21b.msp
    [2008/08/14 09:10:14 | 000,532,992 | ---- | M] () -- C:\Windows\Installer\68f204.msi
    [2010/01/15 15:09:31 | 002,111,488 | ---- | M] () -- C:\Windows\Installer\693934e.msi
    [2009/01/29 20:24:09 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\695661.msp
    [2009/01/29 20:23:50 | 000,143,360 | R--- | M] () -- C:\Windows\Installer\69566c.msp
    [2009/01/29 20:23:12 | 003,186,688 | R--- | M] () -- C:\Windows\Installer\695701.msp
    [2009/01/29 20:22:00 | 001,663,488 | R--- | M] () -- C:\Windows\Installer\695845.msp
    [2009/01/29 20:20:50 | 003,939,840 | R--- | M] () -- C:\Windows\Installer\695945.msp
    [2008/10/20 19:04:20 | 000,481,280 | ---- | M] () -- C:\Windows\Installer\6edd348.msi
    [2010/02/27 17:58:20 | 021,258,752 | R--- | M] () -- C:\Windows\Installer\705aca6.msp
    [2007/11/28 22:22:27 | 000,431,104 | ---- | M] () -- C:\Windows\Installer\70e769.msi
    [2007/12/26 12:22:43 | 007,569,920 | ---- | M] () -- C:\Windows\Installer\7246f.msi
    [2009/05/26 19:31:41 | 000,820,224 | R--- | M] () -- C:\Windows\Installer\738783e.msp
    [2009/05/26 19:32:44 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\7387846.msp
    [2009/05/26 19:33:03 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\738784d.msp
    [2009/07/09 15:25:31 | 000,432,128 | R--- | M] () -- C:\Windows\Installer\73878b7.msp
    [2009/05/26 19:30:08 | 001,134,592 | R--- | M] () -- C:\Windows\Installer\738790b.msp
    [2009/01/13 19:53:07 | 000,018,944 | R--- | M] () -- C:\Windows\Installer\73eb5d3.msp
    [2009/01/13 19:53:10 | 000,019,456 | R--- | M] () -- C:\Windows\Installer\73eb5db.msp
    [2009/01/13 19:53:18 | 001,633,792 | R--- | M] () -- C:\Windows\Installer\73eb640.msp
    [2009/01/13 19:53:25 | 001,986,048 | R--- | M] () -- C:\Windows\Installer\73eb7b6.msp
    [2009/01/13 19:53:36 | 003,263,488 | R--- | M] () -- C:\Windows\Installer\73eb880.msp
    [2009/01/13 19:55:56 | 000,025,088 | ---- | M] () -- C:\Windows\Installer\73eb886.msi
    [2011/01/31 21:08:30 | 010,939,392 | R--- | M] () -- C:\Windows\Installer\74d6213.msp
    [2011/04/02 18:13:31 | 000,953,344 | ---- | M] () -- C:\Windows\Installer\780f7a5.msi
    [2009/11/26 07:03:56 | 000,429,568 | ---- | M] () -- C:\Windows\Installer\79e47.msi
    [2009/08/18 12:57:54 | 009,122,304 | R--- | M] () -- C:\Windows\Installer\79e58.msp
    [2009/08/18 12:58:56 | 008,301,056 | R--- | M] () -- C:\Windows\Installer\79e7c.msp
    [2009/08/18 13:19:26 | 010,098,688 | R--- | M] () -- C:\Windows\Installer\79ea1.msp
    [2009/10/16 07:03:20 | 005,003,776 | R--- | M] () -- C:\Windows\Installer\79ec7.msp
    [2008/02/26 20:34:50 | 013,569,024 | ---- | M] () -- C:\Windows\Installer\7c358f5.msi
    [2008/02/26 20:35:38 | 000,618,496 | ---- | M] () -- C:\Windows\Installer\7c358fb.msi
    [2008/02/26 20:36:12 | 004,669,952 | ---- | M] () -- C:\Windows\Installer\7c35902.msi
    [2008/02/26 20:46:09 | 010,113,024 | ---- | M] () -- C:\Windows\Installer\7c3591e.msi
    [2008/02/26 20:46:10 | 000,106,496 | ---- | M] () -- C:\Windows\Installer\7c35920.msi
    [2008/02/26 20:46:46 | 013,121,024 | ---- | M] () -- C:\Windows\Installer\7c35922.msi
    [2011/07/11 16:19:28 | 010,619,904 | R--- | M] () -- C:\Windows\Installer\7f440bc.msp
    [2011/09/21 15:18:24 | 004,985,856 | R--- | M] () -- C:\Windows\Installer\7f440ce.msp
    [2011/10/17 23:17:27 | 020,333,568 | R--- | M] () -- C:\Windows\Installer\7f440da.msp
    [2008/04/18 13:56:18 | 006,215,680 | R--- | M] () -- C:\Windows\Installer\8e2dbae.msp
    [2008/04/25 19:14:40 | 005,052,928 | R--- | M] () -- C:\Windows\Installer\8e2dbd4.msp
    [2008/04/11 17:08:12 | 006,302,720 | R--- | M] () -- C:\Windows\Installer\8e2dbec.msp
    [2008/04/11 17:07:02 | 013,257,728 | R--- | M] () -- C:\Windows\Installer\8e2dc00.msp
    [2008/03/17 16:55:22 | 005,049,344 | R--- | M] () -- C:\Windows\Installer\90fc5a1.msp
    [2008/01/28 17:07:20 | 019,034,624 | R--- | M] () -- C:\Windows\Installer\90fc5b3.msp
    [2008/02/15 07:54:20 | 009,736,192 | R--- | M] () -- C:\Windows\Installer\90fc5d6.msp
    [2009/11/17 18:29:46 | 004,870,656 | R--- | M] () -- C:\Windows\Installer\9128361.msp
    [2009/10/16 07:09:28 | 002,518,016 | R--- | M] () -- C:\Windows\Installer\9128372.msp
    [2009/11/20 23:36:14 | 005,002,752 | R--- | M] () -- C:\Windows\Installer\9128398.msp
    [2008/01/28 18:09:04 | 005,055,488 | R--- | M] () -- C:\Windows\Installer\92b0291.msp
    [2009/08/18 11:56:58 | 005,020,672 | R--- | M] () -- C:\Windows\Installer\95c83.msp
    [2009/03/20 10:48:56 | 000,183,808 | R--- | M] () -- C:\Windows\Installer\95c8e.msp
    [2007/08/29 20:39:53 | 001,022,464 | ---- | M] () -- C:\Windows\Installer\aa67.msi
    [2007/08/29 20:39:56 | 000,647,168 | ---- | M] () -- C:\Windows\Installer\aa6e.msi
    [2007/08/29 20:39:58 | 001,063,424 | ---- | M] () -- C:\Windows\Installer\aa75.msi
    [2007/08/29 20:40:09 | 001,309,184 | ---- | M] () -- C:\Windows\Installer\aa8c.msi
    [2007/08/29 20:40:13 | 001,062,912 | ---- | M] () -- C:\Windows\Installer\aa93.msi
    [2007/08/29 20:40:18 | 001,271,296 | ---- | M] () -- C:\Windows\Installer\aa9a.msi
    [2007/08/29 20:40:22 | 001,934,336 | ---- | M] () -- C:\Windows\Installer\aaa2.msi
    [2012/04/01 11:36:13 | 000,188,416 | ---- | M] () -- C:\Windows\Installer\ab5ec9.msi
    [2007/08/29 20:47:24 | 029,127,168 | ---- | M] () -- C:\Windows\Installer\ab60.msi
    [2007/08/29 20:47:34 | 000,668,672 | ---- | M] () -- C:\Windows\Installer\abfd.msi
    [2007/08/29 20:47:56 | 001,788,416 | ---- | M] () -- C:\Windows\Installer\ac04.msi
    [2007/08/29 20:52:10 | 004,537,344 | ---- | M] () -- C:\Windows\Installer\ac33.msi
    [2007/08/29 20:52:37 | 000,314,880 | ---- | M] () -- C:\Windows\Installer\ac39.msi
    [2011/10/28 14:34:19 | 004,714,496 | ---- | M] () -- C:\Windows\Installer\aef62.msi
    [2011/01/14 11:53:08 | 002,012,672 | ---- | M] () -- C:\Windows\Installer\b10a11.msi
    [2012/04/22 22:37:42 | 001,182,720 | R--- | M] () -- C:\Windows\Installer\b1198.msp
    [2012/03/15 13:43:28 | 004,216,320 | R--- | M] () -- C:\Windows\Installer\b119f.msp
    [2012/05/30 07:17:06 | 005,010,432 | R--- | M] () -- C:\Windows\Installer\b11b2.msp
    [2008/11/13 02:55:32 | 001,306,624 | R--- | M] () -- C:\Windows\Installer\bae01.msp
    [2008/10/20 10:18:14 | 006,474,240 | R--- | M] () -- C:\Windows\Installer\bae13.msp
    [2008/11/26 11:01:50 | 003,667,456 | R--- | M] () -- C:\Windows\Installer\bae37.msp
    [2008/11/13 02:57:00 | 005,099,520 | R--- | M] () -- C:\Windows\Installer\bae4a.msp
    [2008/10/20 10:16:58 | 013,211,648 | R--- | M] () -- C:\Windows\Installer\bae5d.msp
    [2008/10/20 10:21:40 | 011,937,280 | R--- | M] () -- C:\Windows\Installer\bae81.msp
    [2008/10/20 10:22:54 | 011,758,592 | R--- | M] () -- C:\Windows\Installer\baea5.msp
    [2010/11/20 22:33:46 | 001,980,928 | R--- | M] () -- C:\Windows\Installer\bb80d6.msp
    [2011/01/11 16:50:38 | 008,177,152 | R--- | M] () -- C:\Windows\Installer\bb80fa.msp
    [2010/12/21 12:06:38 | 011,570,688 | R--- | M] () -- C:\Windows\Installer\bb812c.msp
    [2011/03/17 19:01:58 | 009,563,648 | R--- | M] () -- C:\Windows\Installer\bb813e.msp
    [2011/02/11 07:43:44 | 010,951,168 | R--- | M] () -- C:\Windows\Installer\bb815e.msp
    [2010/11/20 22:32:52 | 004,165,120 | R--- | M] () -- C:\Windows\Installer\bb8170.msp
    [2011/03/17 19:00:20 | 000,090,624 | R--- | M] () -- C:\Windows\Installer\bb818a.msp
    [2011/04/27 15:44:50 | 020,314,624 | R--- | M] () -- C:\Windows\Installer\bb819d.msp
    [2011/01/11 16:49:20 | 009,003,008 | R--- | M] () -- C:\Windows\Installer\bb81ae.msp
    [2011/03/17 19:05:24 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\bb81d4.msp
    [2012/05/17 21:38:30 | 020,343,808 | R--- | M] () -- C:\Windows\Installer\c4510bc.msp
    [2012/02/17 06:45:24 | 002,299,392 | R--- | M] () -- C:\Windows\Installer\c4510cc.msp
    [2012/04/28 19:43:58 | 008,459,264 | R--- | M] () -- C:\Windows\Installer\c4510f0.msp
    [2012/03/15 00:24:28 | 001,795,584 | R--- | M] () -- C:\Windows\Installer\c451114.msp
    [2011/12/15 11:40:40 | 023,374,336 | R--- | M] () -- C:\Windows\Installer\c45113b.msp
    [2012/04/04 20:38:16 | 003,620,864 | R--- | M] () -- C:\Windows\Installer\c45114c.msp
    [2012/04/30 12:38:28 | 005,011,456 | R--- | M] () -- C:\Windows\Installer\c451172.msp
    [2012/04/28 19:44:02 | 009,586,176 | R--- | M] () -- C:\Windows\Installer\c451185.msp
    [2012/01/19 11:37:24 | 008,999,936 | R--- | M] () -- C:\Windows\Installer\c4511a2.msp
    [2011/12/22 14:50:54 | 000,256,000 | R--- | M] () -- C:\Windows\Installer\c4511a9.msp
    [2012/04/28 19:44:02 | 009,101,824 | R--- | M] () -- C:\Windows\Installer\c4511bb.msp
    [2012/04/04 20:38:44 | 002,831,360 | R--- | M] () -- C:\Windows\Installer\c4511df.msp
    [2012/02/25 13:29:59 | 013,556,736 | R--- | M] () -- C:\Windows\Installer\c50601.msp
    [2012/02/25 13:31:28 | 003,023,872 | R--- | M] () -- C:\Windows\Installer\c50618.msp
    [2012/02/29 22:45:14 | 004,989,440 | R--- | M] () -- C:\Windows\Installer\c60b5b.msp
    [2011/09/15 17:35:54 | 001,411,072 | R--- | M] () -- C:\Windows\Installer\c60b67.msp
    [2011/09/15 17:37:52 | 034,428,416 | R--- | M] () -- C:\Windows\Installer\c60b68.msp
    [2011/09/15 17:37:28 | 016,691,712 | R--- | M] () -- C:\Windows\Installer\c60b85.msp
    [2011/09/15 17:34:54 | 428,804,608 | R--- | M] () -- C:\Windows\Installer\c60cd5.msp
    [2011/09/15 17:38:04 | 010,838,528 | R--- | M] () -- C:\Windows\Installer\c60e45.msp
    [2011/09/15 17:39:22 | 011,163,136 | R--- | M] () -- C:\Windows\Installer\c60e51.msp
    [2011/09/15 17:40:36 | 007,959,552 | R--- | M] () -- C:\Windows\Installer\c60e5b.msp
    [2009/02/25 18:07:14 | 011,646,464 | R--- | M] () -- C:\Windows\Installer\c85de30.msp
    [2009/02/25 18:05:14 | 011,840,000 | R--- | M] () -- C:\Windows\Installer\c85de54.msp
    [2011/01/02 08:05:40 | 025,114,624 | R--- | M] () -- C:\Windows\Installer\e3ebc.msp
    [2009/03/19 15:15:00 | 000,035,328 | R--- | M] () -- C:\Windows\Installer\ec8073b.msp
    [2009/10/20 05:18:45 | 005,035,008 | ---- | M] () -- C:\Windows\Installer\ec85b.msi
    [2012/06/20 08:26:26 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{3C3901C5-3455-3E0A-A214-0B093A5070A6}.SchedServiceConfig.rmi
    [2009/05/09 22:12:30 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{AFA20D47-69C3-4030-8DF8-D37466E70F13}.SchedServiceConfig.rmi
    [2011/03/26 10:35:35 | 000,000,000 | ---- | M] () -- C:\Windows\Installer\wix{CACAEB5F-174D-4C7C-AC56-A33289A807CA}.SchedServiceConfig.rmi
    [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %windir%\system32\tasks\*.* >
    [2012/05/04 15:17:23 | 000,003,682 | ---- | M] () -- C:\Windows\system32\tasks\Adobe Flash Player Updater
    [2007/11/27 12:05:24 | 000,003,638 | ---- | M] () -- C:\Windows\system32\tasks\ExtendedServicePlan
    [2012/03/25 09:25:32 | 000,003,624 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore
    [2012/03/25 09:25:32 | 000,003,876 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA
    [2012/03/23 12:50:50 | 000,003,384 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001Core
    [2012/03/23 12:50:50 | 000,003,780 | ---- | M] () -- C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-1055122923-2272971875-147803915-1001UA
    [2012/07/09 09:10:43 | 000,003,558 | ---- | M] () -- C:\Windows\system32\tasks\HP Health Check
    [2007/12/06 14:02:17 | 000,003,830 | ---- | M] () -- C:\Windows\system32\tasks\IntenetServiceOffers
    [2007/08/29 21:13:21 | 000,003,334 | ---- | M] () -- C:\Windows\system32\tasks\JavaUpdateAdministrator
    [2007/11/27 12:06:02 | 000,003,294 | ---- | M] () -- C:\Windows\system32\tasks\JavaUpdateArleen
    [2007/11/27 12:05:23 | 000,003,920 | ---- | M] () -- C:\Windows\system32\tasks\RecoveryCD
    [2007/12/06 14:32:16 | 000,003,820 | ---- | M] () -- C:\Windows\system32\tasks\Registration
    [2007/11/27 12:05:25 | 000,003,628 | ---- | M] () -- C:\Windows\system32\tasks\ServicePlan
    [2012/07/05 09:56:29 | 000,003,932 | ---- | M] () -- C:\Windows\system32\tasks\User_Feed_Synchronization-{376EE7F5-868F-4566-9F09-E340294B3242}
    [2008/01/04 19:46:19 | 000,003,034 | ---- | M] () -- C:\Windows\system32\tasks\{0326A55F-17C4-44D1-85D9-435762DD4A46}
    [2011/03/10 18:57:00 | 000,003,162 | ---- | M] () -- C:\Windows\system32\tasks\{7D66E6A8-4F63-45E1-B820-252F58648268}
    [2011/11/14 10:41:57 | 000,003,074 | ---- | M] () -- C:\Windows\system32\tasks\{96BED63D-088E-4387-BF20-85678F524E71}

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2007/11/28 22:31:23 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
    [2007/11/28 22:31:22 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
    [2008/01/19 01:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: REGEDIT.EXE >
    [2008/01/19 01:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\erdnt\cache\regedit.exe
    [2008/01/19 01:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
    [2008/01/19 01:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
    [2006/11/02 03:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

    < MD5 for: SVCHOST.EXE >
    [2006/11/02 03:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
    [2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
    [2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/19 01:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
    [2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/19 01:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2006/11/02 03:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 00:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
    [2008/01/19 01:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < C:\Windows\assembly\tmp\U\*.* /s >

    < %Temp%\smtmp\1\*.* >

    < %Temp%\smtmp\2\*.* >

    < %Temp%\smtmp\3\*.* >

    < %Temp%\smtmp\4\*.* >

    < type c:\diskreport.txt /c >
    Microsoft DiskPart version 6.0.6002
    Copyright (C) 1999-2007 Microsoft Corporation.
    On computer: ARLEEN-PC
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    Volume 0 E DVD-ROM 0 B No Media
    Volume 1 C HP NTFS Partition 289 GB Healthy System
    Volume 2 D FACTORY_IMA NTFS Partition 9 GB Healthy
    Volume 3 G Removable 0 B No Media
    Volume 4 H Removable 0 B No Media
    Volume 5 I Removable 0 B No Media
    Volume 6 J Removable 0 B No Media

    < End of report >
     
  10. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    OTL Extras logfile created on: 7/9/2012 7:45:22 PM - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\mom\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19272)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.94 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 64.86% Memory free
    6.07 Gb Paging File | 4.85 Gb Available in Paging File | 79.91% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 289.24 Gb Total Space | 147.89 Gb Free Space | 51.13% Space Free | Partition Type: NTFS
    Drive D: | 8.85 Gb Total Space | 0.85 Gb Free Space | 9.59% Space Free | Partition Type: NTFS

    Computer Name: ARLEEN-PC | User Name: mom | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06EC42B2-3A4F-444B-A864-A096BA3B778A}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
    "{08EFB6D0-F6F3-47AB-B7B8-B2226D8E2EFE}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{12EEF55A-DDB6-4680-9129-92823C357EAB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{13B3D591-6A2C-4ECF-8290-713D82A1CD34}" = lport=139 | protocol=6 | dir=in | app=system |
    "{1BDD5F6A-6FEE-443D-91C6-A2FB330BE3A2}" = lport=138 | protocol=17 | dir=in | app=system |
    "{23EEE64B-C282-4B34-957F-40C3DBA090F8}" = rport=137 | protocol=17 | dir=out | app=system |
    "{24F2DE2E-355E-400D-8C07-E47625C1806E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{36775E67-6859-453A-804A-7D0C1F8B2917}" = lport=137 | protocol=17 | dir=in | app=system |
    "{4998C9D1-05BD-4B5F-8294-B2360980418C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{4A2F3AC4-5B20-4685-8C0D-A7CF9AA4E50C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{54AA7D89-ABDA-40AE-9126-19E841E342C7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{66F0C303-EFDF-4268-911E-803589BD4701}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{74E1784F-BB65-46D6-9981-34B7EEB39729}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7BBD7C2F-A0B4-4A93-867F-F4AAD1CC2FD5}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7E9C8C94-7235-4543-89FC-CBD81C6437C1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{8DB9211D-3A96-41AD-BAB5-CB46D4763544}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{8E19A119-5C17-4715-91DA-9EB9C514D5AC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{AA4F2410-44DE-43C1-9779-6C91B1574827}" = rport=139 | protocol=6 | dir=out | app=system |
    "{AE65968D-5657-47B5-BE2F-9A29A79E70C1}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
    "{C91F883D-4AD0-4955-BA12-1A1AFD7BB62E}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{F7C39ADA-4886-4842-9289-547DC11B53CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F9E47E1B-7DAE-486F-A69F-5C442FFFA982}" = lport=2869 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0A5FCF87-6C31-4DDC-BEA3-0E066C83A94E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0BF38885-0ED6-4E0F-B5C9-0E29F949A696}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{13BCDB60-25FB-4AF1-A7AB-1A6792D85C83}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1E734FBD-4F11-4D92-8F2F-66A50D330AD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2A4F9518-FC6E-4ED0-BDE3-E1E774C1BA9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{2BA09E3C-DAA2-4F3C-A36B-A139E49F44A3}" = protocol=6 | dir=out | app=system |
    "{2DBED044-B711-46FC-8FA6-2DA68999202E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3131E907-5980-4275-B3DF-086378FEEFF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{40393739-4BF6-4825-9F00-8D5A95783114}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{47284CE8-C133-4251-B0EE-D71023A038CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{47F898A0-80F9-4E45-A50A-603A1CE00FB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4B7D9A13-9414-4894-938E-ADA09AF04E70}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{4DDEC94A-E397-467E-8D66-C08C05627E68}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4DFD4DC3-C091-4AE2-BCC1-CDDB44E220BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{5A7547B8-CEE7-41FB-ABE3-89766965B068}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{5EDA5B7C-B0E8-479A-BA9A-FBA8100552F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{79293B4A-5268-4B7F-9B2A-D3BC65638BB6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{8552C9C7-850C-40AC-9B33-FD7783515BD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{890A443B-F0EE-41A8-82D1-701F9F56A485}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{924CED4F-1D1E-4A3F-A7BF-F31123A020A6}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{952F8DBB-0F71-43CE-B87C-409CBCFD5615}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9C206F8A-AFBA-4B35-A0E9-85A5F22408D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A215A372-FDFC-413D-9224-0E6B89B1B9ED}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BE45025B-964F-41CD-96F3-663043A10C2E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{C230BF63-848D-493C-9979-2DF6F095CDC8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{C8FC352E-67C6-4723-B3AA-5EB6D4DFB592}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{D7E8EA3B-575B-4436-9F0B-473B7D61F5B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{E527E310-1871-47B5-AC43-DC24871C7B25}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{E97F4C7E-75FE-4B50-BFEC-DD406E55DF1A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FC181848-DC40-4692-ACC5-6EB4C018C4DB}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
    "{FC77F0A2-9B4A-4DCF-AF1E-4F80D0297ACA}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
    "{FF6346E9-4C4C-4538-A136-A3975C2CBA5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "TCP Query User{8851FD0F-BF8B-4EE4-A9A1-A1E21ECE64A4}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{986C53C5-C316-42A6-8A42-DABD877282B8}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{7946C210-C2E8-4877-8CF7-075C13E7BD4C}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{C42B832B-AF18-4AE6-943E-5FF12BE02C2D}C:\users\mom\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr. Printer
    "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4804" = CanoScan 8600F
    "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
    "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
    "{14AF024E-2E3B-49D0-A175-D1C1A06B155A}" = muvee autoProducer 6.0
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.7
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E06692C-9835-4A72-B157-3084A2EEF158}" = H&R Block Alabama 2009
    "{3E913965-40E7-4801-8C53-82A61E1533E7}" = Shipping Assistant 3.7
    "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
    "{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}" = TaxCut Premium 2007
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009
    "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}" = NETGEAR WNA1000M Wireless USB 2.0 Adapter
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
    "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{99963897-49E1-4DD2-885E-B2EAF4D4D58E}" = H&R Block Alabama 2010
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
    "{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security 2012
    "{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
    "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}" = LightScribe 1.6.45.1
    "{C1D866C2-AFD7-460E-AF57-BE85F37A7304}" = H&R Block Alabama 2011
    "{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
    "{C5EF7396-54AB-4D78-B83D-B211D977BB74}" = TurboTax 2008 waliper
    "{C6006AED-E5A7-4F77-BAD5-95AC43DE04F3}" = H&R Block Deluxe + Efile + State 2011
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
    "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
    "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Canon CanoScan 8600F User Registration" = Canon CanoScan 8600F User Registration
    "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Hamachi" = Hamachi 1.0.3.0
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
    "InstallShield_{62F7B391-E2B2-4714-BBAA-A14E4FAAB95C}" = NETGEAR WNA1000M Wireless USB 2.0 Adapter
    "JumpStart Typing" = JumpStart Typing
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "Pdf995" = Pdf995 (installed by TaxCut)
    "PdfEdit995" = PdfEdit995 (installed by TaxCut)
    "PremElem20" = Adobe Premiere Elements 2.0
    "PROR" = Microsoft Office Professional 2007
    "Quicken WillMaker Plus 2011" = Quicken WillMaker Plus 2011
    "Rhapsody" = Rhapsody
    "Samsung ML-2510 Series" = Samsung ML-2510 Series
    "sp35183" = sp35183
    "TaxCut Premium 2006" = TaxCut Premium 2006
    "TrueCrypt" = TrueCrypt
    "TurboTax 2008" = TurboTax 2008
    "Yahoo! Search Defender" = Yahoo! Search Protection

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/9/2012 1:27:22 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/9/2012 1:27:22 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1076

    Error - 7/9/2012 1:27:22 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1076

    Error - 7/9/2012 1:27:23 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/9/2012 1:27:23 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2262

    Error - 7/9/2012 1:27:23 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2262

    Error - 7/9/2012 1:27:24 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/9/2012 1:27:24 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3323

    Error - 7/9/2012 1:27:24 PM | Computer Name = Arleen-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3323

    Error - 7/9/2012 7:10:13 PM | Computer Name = Arleen-PC | Source = Application Error | ID = 1000
    Description = Faulting application mcupdate.EXE, version 6.0.6002.18005, time stamp
    0x49e02324, faulting module KERNEL32.dll, version 6.0.6002.18449, time stamp 0x4da47967,
    exception code 0xe0434f4d, fault offset 0x0003fc56, process id 0x1228, application
    start time 0x01cd5e27a0469c50.

    [ Media Center Events ]
    Error - 5/26/2008 9:53:28 AM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/28/2008 1:52:39 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/29/2008 10:40:04 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/30/2008 11:15:53 AM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/3/2008 1:23:43 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 1/27/2009 2:35:37 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 6/9/2009 1:18:58 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 5:03:54 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 6:45:17 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 3/15/2010 11:37:21 PM | Computer Name = Arleen-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ OSession Events ]
    Error - 5/13/2008 5:54:16 AM | Computer Name = Arleen-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8423
    seconds with 8220 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 7/8/2012 10:40:30 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/8/2012 11:01:25 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 7/8/2012 11:02:17 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 7/8/2012 11:02:24 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/8/2012 11:07:55 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/8/2012 11:12:53 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 7/9/2012 11:08:59 AM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 7/9/2012 9:31:09 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 7/9/2012 9:31:39 PM | Computer Name = Arleen-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 7/9/2012 9:31:44 PM | Computer Name = Arleen-PC | Source = volsnap | ID = 393232
    Description = The shadow copies of volume D: were aborted because volume D:, which
    contains shadow copy storage for this shadow copy, was force dismounted.


    < End of report >
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,777
    Thanks :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      SRV - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
      DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mom\AppData\Local\Temp\catchme.sys -- (catchme)
      DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
      IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
      IE - HKLM\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
      IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
      IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
      IE - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O7 - HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      [1 C:\*.tmp files -> C:\*.tmp -> ]
      [1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
      :Files
      c:\users\mom\Documents\*.tmp
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.


    -------------------

    Then, can you do the following:

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :file
      C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe
      C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe
      C:\Windows\System32\drivers\tmeevw.sys
      C:\Windows\System32\drivers\WNA1000M.sys
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your Desktop entitled SystemLook.txt


    eddie
     
  12. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    Here's the OTL "run Fix"


    All processes killed
    ========== OTL ==========
    Error: Unable to stop service Amsp!
    Unable to delete service\driver key Amsp.
    File C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe not found.
    Service SymIMMP stopped successfully!
    Service SymIMMP deleted successfully!
    File system32\DRIVERS\SymIM.sys not found.
    Service PcdrNdisuio stopped successfully!
    Service PcdrNdisuio deleted successfully!
    File system32\DRIVERS\pcdrndisuio.sys not found.
    Service NwlnkFwd stopped successfully!
    Service NwlnkFwd deleted successfully!
    File system32\DRIVERS\nwlnkfwd.sys not found.
    Service NwlnkFlt stopped successfully!
    Service NwlnkFlt deleted successfully!
    File system32\DRIVERS\nwlnkflt.sys not found.
    Service IpInIp stopped successfully!
    Service IpInIp deleted successfully!
    File system32\DRIVERS\ipinip.sys not found.
    Service catchme stopped successfully!
    Service catchme deleted successfully!
    File C:\Users\mom\AppData\Local\Temp\catchme.sys not found.
    Service blbdrive stopped successfully!
    Service blbdrive deleted successfully!
    File C:\Windows\system32\drivers\blbdrive.sys not found.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D595EE5-1E5F-499E-B5DB-03FC94DCFFD7}\ not found.
    Registry key HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    HKU\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
    Registry key HKEY_USERS\S-1-5-21-1055122923-2272971875-147803915-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Windows\msdownld.tmp\AS2D8362.tmp folder deleted successfully.
    C:\Windows\msdownld.tmp\AS2D8297.tmp folder deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    C:\QT$INST$.TMP\QTINSTAL.HLP deleted successfully.
    C:\QT$INST$.TMP folder deleted successfully.
    C:\Windows\Installer\MSIB67.tmp deleted successfully.
    ========== FILES ==========
    File\Folder c:\users\mom\Documents\*.tmp not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\mom\Desktop\cmd.bat deleted successfully.
    C:\Users\mom\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41044 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Margaret
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: mom
    ->Temp folder emptied: 2196093 bytes
    ->Temporary Internet Files folder emptied: 9479379 bytes
    ->Java cache emptied: 389 bytes
    ->Google Chrome cache emptied: 163360851 bytes
    ->Flash cache emptied: 41550 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Rich
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 29696 bytes

    Total Files Cleaned = 167.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Margaret

    User: mom
    ->Java cache emptied: 0 bytes

    User: Public

    User: Rich

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Margaret

    User: mom
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Rich

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.53.1 log created on 07112012_144051

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  13. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:53 on 11/07/2012 by mom
    Administrator - Elevation successful

    ========== file ==========

    C:\Program Files\NETGEAR\WNA1000M\WNA1000M.exe - File found and opened.
    MD5: B7FB48205F2E7FC9810B001CC0B46B55
    Created at 15:34 on 22/02/2011
    Modified at 15:34 on 22/02/2011
    Size: 2079200 bytes
    Attributes: --a----
    FileDescription: NetgearCUv3 MFC Application
    FileVersion: 4, 20, 132, 0
    ProductVersion: 4, 20, 132, 0
    OriginalFilename: NetgearCUv3.exe
    InternalName: NETGEAR Smart Configuration
    ProductName: NetgearCUv3 Application
    LegalCopyright: Copyright (C) 2007

    C:\Program Files\NETGEAR\WNA1000M\WlanWpsSvc.exe - File found and opened.
    MD5: EAF90575D9914C8104214E19F1D396B0
    Created at 04:18 on 17/11/2010
    Modified at 04:18 on 17/11/2010
    Size: 174560 bytes
    Attributes: --a----
    FileDescription: WlanSvc Application
    FileVersion: 1, 0, 0, 4
    ProductVersion: 1, 0, 0, 4
    OriginalFilename: WlanSvc.exe
    InternalName: WlanSvc
    ProductName: WlanSvc Application
    LegalCopyright: Copyright (C) 2008

    C:\Windows\System32\drivers\tmeevw.sys - File found and opened.
    MD5: F49CA5C26378F4D5603F2A2FC86E09A1
    Created at 18:09 on 28/01/2012
    Modified at 17:38 on 28/01/2012
    Size: 55056 bytes
    Attributes: --a----
    FileDescription: Trend Micro EagleEye Driver (VW) (i386-fre)
    FileVersion: 1.0.0.1190
    ProductVersion: 1.0
    OriginalFilename: tmeevw.sys
    InternalName: tmeevw
    ProductName: Trend Micro EagleEye
    CompanyName: Trend Micro Inc.
    LegalCopyright: Copyright (C) 2010 - 2011 Trend Micro Incorporated. All rights reserved.
    Comments:

    C:\Windows\System32\drivers\WNA1000M.sys - File found and opened.
    MD5: 1E4D2FD94E4F69431F376814B9B2BBD6
    Created at 22:03 on 31/01/2011
    Modified at 22:03 on 31/01/2011
    Size: 700520 bytes
    Attributes: --a----
    FileDescription: Realtek RTL8192C USB NDIS Driver
    FileVersion: 1012.1.0131.2011 built by: WinDDK
    ProductVersion: 1012.1.0131.2011
    OriginalFilename: Rtl8192cu.sys
    InternalName: Rtl8192cu.sys
    ProductName: Realtek RTL8192C Wireless USB 2.0 Adapter
    CompanyName: Realtek Semiconductor Corporation
    LegalCopyright: Copyright (C) 2008 Realtek Semiconductor Corporation

    -= EOF =-
     
  14. rarodrig

    rarodrig Thread Starter

    Joined:
    Aug 2, 2002
    Messages:
    332
    At startup this morning, PC crashed twice.

    Error Event log:
    DCOM error 1084 attempted to start service Wsearch with arguments "" in order to run server: 1BE1F766-5536-11D1-00C04FB926AF

    DCOM error 1084 starting service ShellHWDetection with arguments "" to run ...

    COM+ Event System bad return code Hresult was 8007043c from line 45 ....

    Is this this malware related or do I have a h/w issue as well?

    Should I back up files from this PC or will the ext HDD get infected? Also, I had shared a couple of MS Office files from this PC to my laptop.... Should I be concerned about Malware on the laptop?
     
  15. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,777
    Are these were blue screens that you're getting, or are they just messages popping up?

    Wsearch is actually related to malware.

    ---

    If its just messages, can you do this for me:

    Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

    Reboot.

    • Please download the Event Viewer Tool by Vino Rosso:

      http://images.malwareremoval.com/vino/VEW.exe

      and save it to your Desktop.
    • Right-click VEW.exe and Run AS Administrator
    • Under Select log to query, select:

      System

    • Under Select type to list, select:

      * Error
      * Warning



      Then use the Number of events as follows:

    • Click the radio button for Number of events
    • Type 20 in the 1 to 20 box
      Then click the Run button.
      Notepad will open with the output log.

    Please post the Output log in your next reply then repeat but select Application.


    -----------

    Then, can you re-run SystemLook, but with the following code and post the log it produces:

    Code:
    :folderfind
    *ask.com
    *conduit
    *DeskAdTop
    :filefind
    *ask.com
    *conduit
    *DeskAdTop
    
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059314