TechSpot

Friend's W7 Home Premium laptop

By learninmypc
Jun 16, 2012
  1. First time for this laptop. Got it last night(06/15/12) from a friend so I could update it & clean it. & had to download the http://www.superantispyware.com/onlinescan.html
    because I couldn't get online in safe mode with networking.
    Once I got it started, I got to messing with the wi fi & got it connected so I started to update SAS which stopped the one I had going.
    I eventually ran full scans with Mbam,SAS,Avast,Spybot & eset online scanner. Will post those results.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.16.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    mercury mia :: MERCURYMIA-HP [administrator]

    6/15/2012 9:35:46 PM
    mbam-log-2012-06-15 (21-35-46).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 309712
    Time elapsed: 32 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 35
    HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> No action taken.
    HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
    HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
    HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 5
    C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\mercury mia\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\mercury mia\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\mercury mia\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\mercury mia\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    Files Detected: 10
    C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> No action taken.
    C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\mercury mia\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    C:\Users\mercury mia\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

    (end)


    Avast found nothing so no log.
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/15/2012 at 09:16 PM

    Application Version : 5.0.1146

    Core Rules Database Version : 8747
    Trace Rules Database Version: 6559

    Scan type : Complete Scan
    Total Scan Time : 00:29:19

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 419
    Memory threats detected : 0
    Registry items scanned : 64952
    Registry threats detected : 0
    File items scanned : 41269
    File threats detected : 9

    Adware.Tracking Cookie
    C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HIF7DU3.txt [ Cookie:mercury mia@media6degrees.com/ ]
    C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKR2YX1N.txt [ Cookie:mercury mia@fidelity.rotator.hadj7.adjuggler.net/ ]
    C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\04DL0EC1.txt [ Cookie:mercury mia@lucidmedia.com/ ]
    C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\V1IU6078.txt [ Cookie:mercury mia@invitemedia.com/ ]
    .clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
    ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
    ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
    ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
    ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    You've been to this forum before so you should know well what we require.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Your MBAM log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
     
  3. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Yes,I had already started those scans. Gmer showed no log & I don't know why Mbam said that because I did click to remove threats or words to that effect. Am re scanning with Mbam as I type (I'm on my pc as I clean the W7
    I tried posting the Eset log,but it was gibberish.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please don't quote my replies as it creates unnecessary clutter.
     
  5. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

  6. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.16.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    mercury mia :: MERCURYMIA-HP [administrator]

    6/16/2012 10:09:44 AM
    mbam-log-2012-06-16 (10-09-44).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 306862
    Time elapsed: 29 minute(s), 47 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  7. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
    Run by mercury mia at 10:48:03 on 2012-06-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1586 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.kirotv.com/
    mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    uRun: [Facebook Update] "C:\Users\mercury mia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
    TCP: Interfaces\{18754E4E-0E10-409F-832B-F8D285E8A827} : DhcpNameServer = 192.168.72.2
    TCP: Interfaces\{1ADD897E-8256-4D3C-8273-132D04D4B10A} : DhcpNameServer = 192.168.1.1 184.16.33.54
    TCP: Interfaces\{A4022C6B-A71F-4FB9-B642-9A8013D8F59B} : DhcpNameServer = 192.168.1.1 184.16.33.54
    TCP: Interfaces\{BE5F69C7-2670-40F5-B95C-FEA4CBEE171D} : NameServer = 10.177.0.34 10.168.185.116
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO-X64: 0x1 - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\mercury mia\AppData\Roaming\Mozilla\Firefox\Profiles\uk8nq2s4.default\
    FF - prefs.js: browser.startup.homepage - www.kirotv.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\mercury mia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\mercury mia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-6 98208]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-21 44768]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-6 13336]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-6 1817088]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-21 1153368]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-3-5 2416000]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
    R3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;C:\Windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys --> C:\Windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [?]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
    S3 CATmobile;T-Mobile Con App Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2011-4-6 118784]
    S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-15 113120]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TMobileRcAppSvc;T-Mobile RcApp Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2011-4-6 114688]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 ZTEusbgps;ZTE GPS Port;C:\Windows\system32\DRIVERS\ZTEusbgps.sys --> C:\Windows\system32\DRIVERS\ZTEusbgps.sys [?]
    S3 ZTEusbMB;ZTE NMEAExt2 Port;C:\Windows\system32\DRIVERS\ZTEusbnmeaext2.sys --> C:\Windows\system32\DRIVERS\ZTEusbnmeaext2.sys [?]
    S3 ZTEusbwwan;ZTE MBN Miniport;C:\Windows\system32\DRIVERS\ZTEusbwwan.sys --> C:\Windows\system32\DRIVERS\ZTEusbwwan.sys [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-06-16 04:28:29 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-06-13 01:16:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 01:16:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-06-13 01:16:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 01:16:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-06-13 01:16:00 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-06-13 01:15:59 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-06-13 01:15:57 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-13 01:15:56 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-06-02 05:17:42 -------- d-----w- C:\Users\mercury mia\AppData\Local\{309A54CD-CE10-43F7-B813-29E02C57A370}
    2012-05-29 03:47:07 -------- d-----w- C:\ProgramData\PC Optimizer Pro
    2012-05-23 07:09:42 -------- d-----w- C:\Program Files (x86)\MplayerforWindows
    2012-05-23 07:09:35 -------- d-----w- C:\Program Files (x86)\The Weather Channel FW
    2012-05-23 07:09:11 -------- d-----w- C:\ProgramData\WeCareReminder
    2012-05-23 07:09:01 -------- d-----w- C:\Users\mercury mia\AppData\Local\The Weather Channel
    .
    ==================== Find3M ====================
    .
    2012-06-16 04:28:22 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-06 02:46:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-06 02:46:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-06 02:46:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ============= FINISH: 10:48:36.83 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/28/2011 7:41:06 PM
    System Uptime: 6/16/2012 10:03:31 AM (0 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3676
    Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 247.974 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.692 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP28: 5/3/2012 4:47:44 AM - Scheduled Checkpoint
    RP29: 5/9/2012 11:52:52 PM - Windows Update
    RP30: 5/19/2012 8:36:32 AM - Scheduled Checkpoint
    RP32: 5/28/2012 9:10:14 PM - PC Optimizer Pro Checkpoint
    RP33: 6/8/2012 8:19:05 PM - Windows Update
    RP34: 6/12/2012 8:22:46 PM - Windows Update
    RP35: 6/15/2012 9:27:31 PM - Installed Java(TM) 6 Update 33
    RP36: 6/15/2012 11:12:49 PM - Revo Uninstaller's restore point - Mozilla Firefox 13.0.1 (x86 en-US)
    .
    ==== Installed Programs ======================
    .
    Adobe Reader X MUI
    Adobe Shockwave Player 11.5
    Agatha Christie - Peril at End House
    avast! Free Antivirus
    Bejeweled 2 Deluxe
    Belarc Advisor 8.2
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    CWA Reminder by We-Care.com v4.0.19.3
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESET Online Scanner v3
    ESU for Microsoft Windows 7
    Facebook Video Calling 1.2.0.159
    Farm Frenzy
    FATE
    FileHippo.com Update Checker
    Final Drive Nitro
    Google Earth
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 33
    Jewel Quest Solitaire 2
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MplayerforWindows v2011-03-27
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - The London Caper
    Penguins!
    Plants vs. Zombies
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek PCIE Card Reader
    REALTEK Wireless LAN Driver
    Recovery Manager
    Revo Uninstaller 1.94
    RoxioNow Player
    Skype Click to Call
    Skype™ 5.9
    Spybot - Search & Destroy
    SpywareBlaster 4.6
    TeamViewer 6
    TeamViewer 7
    The Weather Channel Desktop 6
    VBRunDLL 3.4
    VCGuard 2.1
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR 4.11 (32-bit)
    Y!Supra version 1.0.0.71
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    Yazak Chat 8.95.0
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/15/2012 9:17:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/15/2012 8:37:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/15/2012 8:37:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/15/2012 8:35:09 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/15/2012 8:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/15/2012 8:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/15/2012 8:01:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/15/2012 8:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/15/2012 8:01:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr Wanarpv6
    6/11/2012 7:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Skype C2C Service service.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    ========================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  9. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Bootkit remover will not let me paste it into Notepad.
    Will do next step.
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    There should be debug log on your desktop.
    Post that.
     
  11. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Will re do it next

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-06-16 11:23:10
    -----------------------------
    11:23:10.228 OS Version: Windows x64 6.1.7601 Service Pack 1
    11:23:10.228 Number of processors: 2 586 0x170A
    11:23:10.228 ComputerName: MERCURYMIA-HP UserName: mercury mia
    11:23:11.258 Initialize success
    11:23:11.351 AVAST engine defs: 12061601
    11:23:48.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    11:23:48.947 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
    11:23:48.978 Disk 0 MBR read successfully
    11:23:48.978 Disk 0 MBR scan
    11:23:48.978 Disk 0 Windows 7 default MBR code
    11:23:48.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    11:23:49.010 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291033 MB offset 409600
    11:23:49.041 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13908 MB offset 596445184
    11:23:49.056 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
    11:23:49.088 Disk 0 scanning C:\Windows\system32\drivers
    11:23:57.465 Service scanning
    11:24:24.390 Modules scanning
    11:24:24.390 Disk 0 trace - called modules:
    11:24:24.422 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    11:24:24.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb3060]
    11:24:24.437 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031a6050]
    11:24:25.139 AVAST engine scan C:\Windows
    11:24:26.886 AVAST engine scan C:\Windows\system32
    11:26:02.577 AVAST engine scan C:\Windows\system32\drivers
    11:26:13.388 AVAST engine scan C:\Users\mercury mia
    11:27:48.267 AVAST engine scan C:\ProgramData
    11:29:50.135 Scan finished successfully
    11:44:03.690 Disk 0 MBR has been saved successfully to "C:\Users\mercury mia\Desktop\MBR.dat"
    11:44:03.690 The log file has been saved successfully to "C:\Users\mercury mia\Desktop\aswMBR.txt"
     
  12. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Aaahhh miracles never cease.
    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  14. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    How do I find out if its 32 bit or 64 bit?
    Got it, 64 bit
     
  15. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Ok, everything went fine till I tried to exit notepad & it wouldn't close. I backed out & retried but still no go.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'm not sure what you're saying.
     
  17. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Here
    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.NOTEPAD would not close so I knew of no way to continue.
    • I followed the directions exactly,but got stuck there
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Leave Notepad alone and proceed.
     
  19. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Pardon me,but how do I Leave Notepad alone & Proceed?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Don't close Notepad and proceed with next step.
     
  21. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    It took a bit but I figured it out & its scanning. Thanks for your patience(y)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  23. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    Scan result of Farbar Recovery Scan Tool Version: 16-06-2012
    Ran by SYSTEM at 16-06-2012 15:16:09
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-07] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-07] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-07] (Intel Corporation)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a [12800 2011-04-15] (T-Mobile)
    HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKU\mercury mia\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
    HKU\mercury mia\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17356424 2012-04-05] (Skype Technologies S.A.)
    HKU\mercury mia\...\Run: [Facebook Update] "C:\Users\mercury mia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-05-06] (Facebook Inc.)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54
    Tcpip\..\Interfaces\{BE5F69C7-2670-40F5-B95C-FEA4CBEE171D}: [NameServer]10.177.0.34 10.168.185.116

    ==================== Services (Whitelisted) ======

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
    3 CATmobile; "C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe" /n "CATmobile" [118784 2011-04-06] (SmithMicro Inc.)
    2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-01] (Mozilla Foundation)
    2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
    3 TMobileRcAppSvc; "C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe" /n "TMobileRcAppSvc" [114688 2011-04-06] (SmithMicro Inc.)

    ========================== Drivers (Whitelisted) =============

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
    2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
    1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
    3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2011-02-09] (CyberLink Corporation)
    3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2010-10-20] (MBB Incorporated)
    3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [867328 2009-06-10] (Ralink Technology Corp.)
    3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
    3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2011-04-06] (Smith Micro Inc.)
    3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1142376 2011-03-01] (Realtek Semiconductor Corporation )
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 tmobile_mf691_dc_enum; C:\Windows\System32\Drivers\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)
    3 ZTEusbgps; C:\Windows\System32\Drivers\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated)
    3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-12-08] (ZTE Incorporated)
    3 ZTEusbmdm6k; C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [123520 2010-12-08] (ZTE Incorporated)
    3 ZTEusbnmea; C:\Windows\System32\Drivers\ZTEusbnmea.sys [123520 2010-12-08] (ZTE Incorporated)
    3 ZTEusbser6k; C:\Windows\System32\Drivers\ZTEusbser6k.sys [123520 2010-12-08] (ZTE Incorporated)
    3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-06-16 15:15 - 2012-06-16 15:16 - 00000000 ____D C:\FRST
    2012-06-16 10:44 - 2012-06-16 10:44 - 00002029 ____A C:\Users\mercury mia\Desktop\aswMBR.txt
    2012-06-16 10:44 - 2012-06-16 10:44 - 00000512 ____A C:\Users\mercury mia\Desktop\MBR.dat
    2012-06-16 10:22 - 2012-06-16 10:22 - 04731392 ____A (AVAST Software) C:\Users\mercury mia\Desktop\aswMBR.exe
    2012-06-16 10:03 - 2012-06-16 10:16 - 00052506 ____A C:\Users\mercury mia\Desktop\bootkit_remover.zip
    2012-06-16 09:44 - 2012-06-16 09:44 - 00607260 ____R (Swearware) C:\Users\mercury mia\Desktop\dds.scr
    2012-06-16 08:38 - 2012-06-16 08:38 - 00302592 ____A C:\Users\mercury mia\Downloads\v23p7dmm.exe
    2012-06-16 04:58 - 2012-06-16 04:58 - 00000206 ____A C:\Windows\wininit.ini
    2012-06-15 22:27 - 2012-06-15 22:27 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-15 22:26 - 2012-06-15 22:26 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\U3
    2012-06-15 22:06 - 2012-06-15 22:06 - 00001264 ____A C:\Users\mercury mia\Desktop\Revo Uninstaller.lnk
    2012-06-15 21:20 - 2012-06-15 21:20 - 00000000 ____D C:\Users\mercury mia\Downloads\New folder
    2012-06-15 20:28 - 2012-06-15 20:28 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-06-15 20:28 - 2012-06-15 20:28 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-15 20:28 - 2012-06-15 20:28 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-15 20:18 - 2012-06-16 04:59 - 00009154 ____A C:\Windows\PFRO.log
    2012-06-15 19:41 - 2012-06-15 19:41 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-15 19:00 - 2012-06-15 19:45 - 00084902 ____A C:\Windows\ntbtlog.txt
    2012-06-12 19:23 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-12 19:23 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-12 19:23 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-12 19:23 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-12 19:23 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-12 19:23 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-12 19:23 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-12 19:23 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-12 19:23 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-12 19:23 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-12 19:23 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-12 19:23 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-12 19:23 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-12 19:23 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-12 19:23 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-12 19:23 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-12 19:23 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-12 19:23 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-12 19:23 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-12 19:23 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-12 19:23 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-12 19:23 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-12 19:23 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-12 19:23 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-12 19:23 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-12 19:23 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-12 19:23 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-12 19:23 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-12 19:17 - 2012-06-12 19:17 - 00000011 ____A C:\Users\mercury mia\Desktop\rey.txt
    2012-06-12 17:16 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-12 17:16 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-12 17:16 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-12 17:16 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-12 17:16 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-12 17:15 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-12 17:15 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-12 17:15 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-02 08:08 - 2012-06-16 13:31 - 00002474 ____A C:\Windows\setupact.log
    2012-06-02 08:08 - 2012-06-02 08:08 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-01 21:17 - 2012-06-01 21:17 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{309A54CD-CE10-43F7-B813-29E02C57A370}
    2012-05-31 18:45 - 2012-06-01 09:30 - 00000450 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
    2012-05-28 20:11 - 2012-06-16 10:00 - 00000422 ____A C:\Windows\Tasks\PC Optimizer Pro64 Scan.job
    2012-05-28 19:47 - 2012-06-16 13:33 - 00000426 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2012-05-28 19:47 - 2012-05-28 20:11 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
    2012-05-22 23:09 - 2012-05-22 23:10 - 00000000 ____D C:\Program Files (x86)\MplayerforWindows
    2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\mercury mia\AppData\Local\The Weather Channel
    2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\All Users\WeCareReminder
    2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Program Files (x86)\The Weather Channel FW

    ============ 3 Months Modified Files and Folders =============

    2012-06-16 15:16 - 2012-06-16 15:15 - 00000000 ____D C:\FRST
    2012-06-16 14:06 - 2011-11-06 01:49 - 01989728 ____A C:\Windows\WindowsUpdate.log
    2012-06-16 14:05 - 2012-04-13 19:06 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\Skype
    2012-06-16 13:46 - 2012-03-31 10:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-16 13:38 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-16 13:38 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-16 13:35 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-16 13:33 - 2012-05-28 19:47 - 00000426 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
    2012-06-16 13:31 - 2012-06-02 08:08 - 00002474 ____A C:\Windows\setupact.log
    2012-06-16 13:31 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-16 10:44 - 2012-06-16 10:44 - 00002029 ____A C:\Users\mercury mia\Desktop\aswMBR.txt
    2012-06-16 10:44 - 2012-06-16 10:44 - 00000512 ____A C:\Users\mercury mia\Desktop\MBR.dat
    2012-06-16 10:22 - 2012-06-16 10:22 - 04731392 ____A (AVAST Software) C:\Users\mercury mia\Desktop\aswMBR.exe
    2012-06-16 10:16 - 2012-06-16 10:03 - 00052506 ____A C:\Users\mercury mia\Desktop\bootkit_remover.zip
    2012-06-16 10:00 - 2012-05-28 20:11 - 00000422 ____A C:\Windows\Tasks\PC Optimizer Pro64 Scan.job
    2012-06-16 09:44 - 2012-06-16 09:44 - 00607260 ____R (Swearware) C:\Users\mercury mia\Desktop\dds.scr
    2012-06-16 09:35 - 2012-05-06 21:30 - 00000952 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278694750-386021917-3242230559-1000UA.job
    2012-06-16 08:38 - 2012-06-16 08:38 - 00302592 ____A C:\Users\mercury mia\Downloads\v23p7dmm.exe
    2012-06-16 08:21 - 2012-04-21 07:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-06-16 04:59 - 2012-06-15 20:18 - 00009154 ____A C:\Windows\PFRO.log
    2012-06-16 04:58 - 2012-06-16 04:58 - 00000206 ____A C:\Windows\wininit.ini
    2012-06-15 22:28 - 2012-03-31 09:53 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\Mozilla
    2012-06-15 22:27 - 2012-06-15 22:27 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-06-15 22:26 - 2012-06-15 22:26 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\U3
    2012-06-15 22:06 - 2012-06-15 22:06 - 00001264 ____A C:\Users\mercury mia\Desktop\Revo Uninstaller.lnk
    2012-06-15 21:35 - 2012-05-06 21:30 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278694750-386021917-3242230559-1000Core.job
    2012-06-15 21:20 - 2012-06-15 21:20 - 00000000 ____D C:\Users\mercury mia\Downloads\New folder
    2012-06-15 21:14 - 2011-12-28 19:41 - 00000000 ____D C:\users\mercury mia
    2012-06-15 20:28 - 2012-06-15 20:28 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-06-15 20:28 - 2012-06-15 20:28 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-06-15 20:28 - 2012-06-15 20:28 - 00000000 ____D C:\Program Files (x86)\Java
    2012-06-15 20:28 - 2011-04-09 13:21 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-06-15 19:45 - 2012-06-15 19:00 - 00084902 ____A C:\Windows\ntbtlog.txt
    2012-06-15 19:43 - 2012-04-21 07:31 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
    2012-06-15 19:42 - 2012-04-21 07:21 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2012-06-15 19:41 - 2012-06-15 19:41 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-06-15 18:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2012-06-15 18:43 - 2012-01-18 19:39 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleFormercury mia.job
    2012-06-13 17:51 - 2012-01-10 18:05 - 00000000 ____D C:\Users\mercury mia\Documents\Youcam
    2012-06-13 17:46 - 2009-07-13 20:45 - 00276104 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-12 19:25 - 2012-04-02 14:52 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-12 19:17 - 2012-06-12 19:17 - 00000011 ____A C:\Users\mercury mia\Desktop\rey.txt
    2012-06-11 18:34 - 2012-04-13 19:05 - 00000000 ____D C:\Users\All Users\Skype
    2012-06-11 18:31 - 2012-01-10 17:57 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForMERCURYMIA-HP$.job
    2012-06-02 17:06 - 2012-01-29 18:30 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-06-02 17:06 - 2012-01-11 20:53 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-06-02 08:08 - 2012-06-02 08:08 - 00000000 ____A C:\Windows\setuperr.log
    2012-06-01 21:53 - 2012-01-17 20:47 - 00000000 ____D C:\Windows\Minidump
    2012-06-01 21:53 - 2012-01-12 09:00 - 00000000 ____D C:\Users\mercury mia\AppData\Local\CrashDumps
    2012-06-01 21:17 - 2012-06-01 21:17 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{309A54CD-CE10-43F7-B813-29E02C57A370}
    2012-06-01 09:30 - 2012-05-31 18:45 - 00000450 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
    2012-05-28 20:11 - 2012-05-28 19:47 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
    2012-05-26 11:46 - 2012-01-13 22:51 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Windows Live
    2012-05-22 23:10 - 2012-05-22 23:09 - 00000000 ____D C:\Program Files (x86)\MplayerforWindows
    2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\mercury mia\AppData\Local\The Weather Channel
    2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\All Users\WeCareReminder
    2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Program Files (x86)\The Weather Channel FW
    2012-05-22 23:09 - 2012-03-24 20:45 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Google
    2012-05-22 23:07 - 2011-12-28 19:41 - 00000000 ____D C:\Users\mercury mia\AppData\LocalLow
    2012-05-22 21:03 - 2012-04-21 13:19 - 00000000 ____D C:\Users\mercury mia\AppData\Local\ElevatedDiagnostics
    2012-05-17 18:47 - 2012-06-12 19:23 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 18:16 - 2012-06-12 19:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 18:06 - 2012-06-12 19:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 17:59 - 2012-06-12 19:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 17:59 - 2012-06-12 19:23 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 17:58 - 2012-06-12 19:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 17:58 - 2012-06-12 19:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 17:56 - 2012-06-12 19:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 17:55 - 2012-06-12 19:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 17:55 - 2012-06-12 19:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 17:54 - 2012-06-12 19:23 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 17:51 - 2012-06-12 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 17:51 - 2012-06-12 19:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 17:47 - 2012-06-12 19:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-17 15:11 - 2012-06-12 19:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-05-17 14:48 - 2012-06-12 19:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-05-17 14:45 - 2012-06-12 19:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-05-17 14:36 - 2012-06-12 19:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-05-17 14:35 - 2012-06-12 19:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-05-17 14:35 - 2012-06-12 19:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-05-17 14:33 - 2012-06-12 19:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-05-17 14:31 - 2012-06-12 19:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-05-17 14:29 - 2012-06-12 19:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-05-17 14:29 - 2012-06-12 19:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-12 19:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-05-17 14:25 - 2012-06-12 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-05-17 14:24 - 2012-06-12 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-05-17 14:20 - 2012-06-12 19:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-05-16 06:32 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-05-14 17:32 - 2012-06-12 17:15 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-12 20:23 - 2011-12-28 19:59 - 00000000 ___RD C:\Users\mercury mia\Desktop\ALL FILE MIA
    2012-05-12 20:21 - 2012-03-25 09:50 - 00000000 ___RD C:\Users\mercury mia\Desktop\mercury all picture files
    2012-05-06 21:30 - 2012-05-06 21:30 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Facebook
    2012-05-06 21:11 - 2012-04-13 19:06 - 00000000 ____D C:\Users\All Users\boost_interprocess
    2012-05-05 18:46 - 2012-03-31 11:46 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
    2012-05-05 18:46 - 2012-03-31 10:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-05-05 18:46 - 2011-12-28 19:56 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-05-04 03:06 - 2012-06-12 17:16 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 17:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-04 02:03 - 2012-06-12 17:15 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-03 03:04 - 2011-12-28 22:05 - 00000991 ____A C:\Users\Public\Desktop\Y!Supra.lnk
    2012-05-03 03:04 - 2011-12-28 22:05 - 00000000 ____D C:\Program Files (x86)\Y!Supra
    2012-04-27 19:55 - 2012-06-12 17:15 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-25 21:41 - 2012-06-12 17:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-25 21:41 - 2012-06-12 17:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-25 21:34 - 2012-06-12 17:16 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-21 12:53 - 2012-04-13 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
    2012-04-21 12:46 - 2012-04-21 12:46 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
    2012-04-21 11:53 - 2012-04-21 07:50 - 00000000 ____D C:\Program Files (x86)\Google
    2012-04-21 10:32 - 2012-04-21 10:32 - 00000000 ____D C:\Program Files (x86)\ESET
    2012-04-21 10:32 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
    2012-04-21 09:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
    2012-04-21 09:21 - 2007-01-01 17:25 - 00000000 ____D C:\Windows\Panther
    2012-04-21 08:32 - 2012-04-21 08:32 - 00000000 ____D C:\Users\mercury mia\AppData\Local\visi_coupon
    2012-04-21 08:32 - 2011-12-28 19:56 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
    2012-04-21 08:30 - 2012-04-21 08:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
    2012-04-21 07:50 - 2012-04-21 07:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt
    2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ____D C:\Users\All Users\AVAST Software
    2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ____D C:\Program Files\AVAST Software
    2012-04-21 07:45 - 2012-04-21 07:45 - 00000000 ____D C:\Program Files (x86)\Belarc
    2012-04-21 07:39 - 2012-04-21 07:38 - 03231632 ____A C:\Users\mercury mia\Downloads\advisorinstaller.exe
    2012-04-21 07:36 - 2012-04-21 07:36 - 00000000 ____D C:\Program Files\CCleaner
    2012-04-21 07:34 - 2012-04-21 07:34 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\Malwarebytes
    2012-04-21 07:34 - 2012-04-21 07:34 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-04-21 07:34 - 2012-04-21 07:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-04-21 07:32 - 2012-04-21 07:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2012-04-21 07:25 - 2012-04-21 07:25 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\SUPERAntiSpyware.com
    2012-04-21 07:24 - 2012-04-21 07:24 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
    2012-04-21 07:19 - 2011-11-06 02:04 - 00000000 ____D C:\Users\All Users\Norton
    2012-04-21 07:18 - 2011-11-06 02:04 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2012-04-21 07:17 - 2011-11-06 02:03 - 00000000 ____D C:\Users\All Users\NortonInstaller
    2012-04-18 12:34 - 2011-12-28 19:48 - 00057952 ____A C:\Users\mercury mia\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-04-18 12:31 - 2012-04-18 12:31 - 00002055 ____A C:\Users\Public\Desktop\T-Mobile webConnect Manager.lnk
    2012-04-18 12:31 - 2012-04-18 12:31 - 00000000 ____D C:\HWDrivers
    2012-04-18 12:31 - 2012-01-13 22:40 - 00236386 ____A C:\drivers.log
    2012-04-18 12:30 - 2012-04-18 12:30 - 00000000 ____D C:\Program Files (x86)\T-Mobile
    2012-04-18 12:26 - 2012-04-18 12:26 - 00000000 ____D C:\Users\All Users\T-Mobile
    2012-04-18 11:54 - 2012-01-15 14:19 - 00196608 ____A C:\Windows\System32\Ikeext.etl
    2012-04-18 11:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
    2012-04-13 19:05 - 2012-04-13 19:05 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-04-13 19:04 - 2012-04-13 19:04 - 00944264 ____A (Skype Technologies S.A.) C:\Users\mercury mia\Downloads\SkypeSetup.exe
    2012-04-13 15:59 - 2012-04-13 15:59 - 00000000 ___AH C:\Users\mercury mia\Documents\Default.rdp
    2012-04-13 14:58 - 2012-04-13 14:58 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(4).exe
    2012-04-13 14:58 - 2012-04-13 14:58 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(3).exe
    2012-04-13 14:57 - 2012-04-13 14:57 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(2).exe
    2012-04-13 13:28 - 2012-04-13 13:28 - 00000000 ____D C:\Users\Public\CyberLink
    2012-04-12 18:36 - 2011-04-09 13:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2012-04-12 18:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
    2012-04-12 18:33 - 2012-04-12 18:33 - 00002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
    2012-04-12 18:33 - 2011-04-09 13:02 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
    2012-04-12 18:31 - 2012-04-12 18:31 - 00000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    2012-04-12 18:29 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
    2012-04-11 14:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
    2012-04-04 14:56 - 2012-04-21 07:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 06:34 - 2011-11-06 02:04 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
    2012-04-03 20:11 - 2012-04-03 00:54 - 00864034 ____A C:\Users\mercury mia\Desktop\Vc Sync 2.0.0.2 Ced By Junaid_Mad1.rar
    2012-04-03 08:09 - 2012-04-03 08:08 - 00000000 ____D C:\Program Files (x86)\VCGuard
    2012-04-03 08:08 - 2012-04-03 08:08 - 00000905 ____A C:\Users\mercury mia\Desktop\VCGuard.lnk
    2012-04-03 08:07 - 2012-04-03 08:06 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\WinRAR
    2012-04-03 08:06 - 2012-04-03 08:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
    2012-04-03 00:56 - 2012-04-03 00:56 - 00345553 ____A C:\Users\mercury mia\Desktop\VCguardWithVoiceDominancev2[1][1].1.58.zip
    2012-04-01 17:29 - 2012-04-01 17:29 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(1).exe
    2012-03-31 10:13 - 2012-03-31 10:13 - 00000000 ____D C:\Users\All Users\McAfee
    2012-03-31 09:58 - 2012-03-31 09:58 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{988699E0-7950-4A4B-BE1E-8D10552E66A5}
    2012-03-31 09:58 - 2012-03-31 09:58 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{01C432D5-C7A8-4EE3-83C6-0A4F976F013B}
    2012-03-31 09:53 - 2012-03-31 09:53 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Mozilla
    2012-03-31 09:52 - 2012-03-31 09:52 - 15022488 ____A (Mozilla) C:\Users\mercury mia\Downloads\yahoo_firefox_8.0.1_setup_us.exe
    2012-03-30 03:35 - 2012-05-09 22:47 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-03-30 01:01 - 2012-03-30 00:48 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\TeamViewer
    2012-03-26 04:29 - 2011-12-28 19:43 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Hewlett-Packard
    2012-03-26 00:40 - 2012-03-26 00:40 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
    2012-03-26 00:40 - 2012-03-24 19:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
    2012-03-24 20:14 - 2012-03-24 20:09 - 00000000 ____D C:\Users\mercury mia\Documents\MY YazakChat Files
    2012-03-24 20:09 - 2012-03-24 20:09 - 02137995 ____A (ZakFromAnotherPlanet) C:\Users\mercury mia\Downloads\VbRunDLLv3sp6.exe
    2012-03-24 20:09 - 2012-03-24 20:09 - 00001217 ____A C:\Users\Public\Desktop\Yazak.exe.lnk
    2012-03-24 20:09 - 2012-03-24 20:08 - 00000000 ____D C:\Program Files (x86)\ZakFromAnotherPlanet
    2012-03-24 20:08 - 2012-03-24 20:08 - 00975478 ____A (ZakFromAnotherPlanet) C:\Users\mercury mia\Downloads\Yazak_Install.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 21%
    Total physical RAM: 3001.89 MB
    Available physical RAM: 2367.05 MB
    Total Pagefile: 3000.04 MB
    Available Pagefile: 2357.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:284.21 GB) (Free:247.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:13.58 GB) (Free:1.69 GB) NTFS
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    6 Drive I: (CRUZER 2GB) (Removable) (Total:1.91 GB) (Free:1.59 GB) FAT
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1953 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 284 GB 200 MB
    Partition 3 Primary 13 GB 284 GB
    Partition 4 Primary 103 MB 297 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 284 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E RECOVERY NTFS Partition 13 GB Healthy

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1952 MB 122 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 I CRUZER 2GB FAT Removable 1952 MB Healthy

    ======================================================================================================

    ==========================================================

    Last Boot: 2012-06-12 18:45

    ======================= End Of Log ==========================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    That looks good.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  25. learninmypc

    learninmypc TS Evangelist Topic Starter Posts: 6,597   +335

    15:36:50.0289 4400 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
    15:36:50.0850 4400 ============================================================
    15:36:50.0850 4400 Current date / time: 2012/06/16 15:36:50.0850
    15:36:50.0850 4400 SystemInfo:
    15:36:50.0850 4400
    15:36:50.0850 4400 OS Version: 6.1.7601 ServicePack: 1.0
    15:36:50.0850 4400 Product type: Workstation
    15:36:50.0850 4400 ComputerName: MERCURYMIA-HP
    15:36:50.0850 4400 UserName: mercury mia
    15:36:50.0850 4400 Windows directory: C:\Windows
    15:36:50.0850 4400 System windows directory: C:\Windows
    15:36:50.0850 4400 Running under WOW64
    15:36:50.0850 4400 Processor architecture: Intel x64
    15:36:50.0850 4400 Number of processors: 2
    15:36:50.0850 4400 Page size: 0x1000
    15:36:50.0850 4400 Boot type: Normal boot
    15:36:50.0850 4400 ============================================================
    15:36:51.0490 4400 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    15:36:51.0505 4400 Drive \Device\Harddisk1\DR2 - Size: 0x7A1D1C00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    15:36:51.0505 4400 ============================================================
    15:36:51.0505 4400 \Device\Harddisk0\DR0:
    15:36:51.0505 4400 MBR partitions:
    15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2386C800
    15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238D0800, BlocksNum 0x1B2A000
    15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
    15:36:51.0505 4400 \Device\Harddisk1\DR2:
    15:36:51.0505 4400 MBR partitions:
    15:36:51.0505 4400 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3D070B
    15:36:51.0505 4400 ============================================================
    15:36:51.0537 4400 C: <-> \Device\Harddisk0\DR0\Partition1
    15:36:51.0599 4400 D: <-> \Device\Harddisk0\DR0\Partition2
    15:36:51.0599 4400 ============================================================
    15:36:51.0599 4400 Initialize success
    15:36:51.0599 4400 ============================================================
    15:37:09.0024 4164 ============================================================
    15:37:09.0024 4164 Scan started
    15:37:09.0024 4164 Mode: Manual;
    15:37:09.0024 4164 ============================================================
    15:37:09.0352 4164 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    15:37:09.0352 4164 !SASCORE - ok
    15:37:09.0555 4164 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    15:37:09.0555 4164 1394ohci - ok
    15:37:09.0633 4164 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    15:37:09.0648 4164 ACPI - ok
    15:37:09.0664 4164 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    15:37:09.0679 4164 AcpiPmi - ok
    15:37:09.0804 4164 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    15:37:09.0804 4164 AdobeFlashPlayerUpdateSvc - ok
    15:37:09.0867 4164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    15:37:09.0882 4164 adp94xx - ok
    15:37:09.0945 4164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    15:37:09.0945 4164 adpahci - ok
    15:37:09.0976 4164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    15:37:09.0976 4164 adpu320 - ok
    15:37:10.0023 4164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    15:37:10.0023 4164 AeLookupSvc - ok
    15:37:10.0101 4164 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    15:37:10.0101 4164 AERTFilters - ok
    15:37:10.0179 4164 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
    15:37:10.0179 4164 AFD - ok
    15:37:10.0210 4164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    15:37:10.0210 4164 agp440 - ok
    15:37:10.0241 4164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    15:37:10.0257 4164 ALG - ok
    15:37:10.0272 4164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    15:37:10.0272 4164 aliide - ok
    15:37:10.0303 4164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    15:37:10.0303 4164 amdide - ok
    15:37:10.0366 4164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    15:37:10.0366 4164 AmdK8 - ok
    15:37:10.0397 4164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    15:37:10.0397 4164 AmdPPM - ok
    15:37:10.0428 4164 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    15:37:10.0428 4164 amdsata - ok
    15:37:10.0459 4164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    15:37:10.0459 4164 amdsbs - ok
    15:37:10.0491 4164 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    15:37:10.0491 4164 amdxata - ok
    15:37:10.0584 4164 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    15:37:10.0584 4164 AppID - ok
    15:37:10.0600 4164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    15:37:10.0600 4164 AppIDSvc - ok
    15:37:10.0631 4164 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    15:37:10.0631 4164 Appinfo - ok
    15:37:10.0678 4164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    15:37:10.0678 4164 arc - ok
    15:37:10.0709 4164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    15:37:10.0725 4164 arcsas - ok
    15:37:10.0756 4164 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
    15:37:10.0756 4164 aswFsBlk - ok
    15:37:10.0803 4164 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
    15:37:10.0803 4164 aswMonFlt - ok
    15:37:10.0865 4164 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
    15:37:10.0865 4164 aswRdr - ok
    15:37:10.0943 4164 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
    15:37:10.0943 4164 aswSnx - ok
    15:37:11.0021 4164 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
    15:37:11.0021 4164 aswSP - ok
    15:37:11.0068 4164 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
    15:37:11.0068 4164 aswTdi - ok
    15:37:11.0099 4164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    15:37:11.0099 4164 AsyncMac - ok
    15:37:11.0130 4164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    15:37:11.0130 4164 atapi - ok
    15:37:11.0208 4164 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:37:11.0208 4164 AudioEndpointBuilder - ok
    15:37:11.0224 4164 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    15:37:11.0224 4164 AudioSrv - ok
    15:37:11.0317 4164 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    15:37:11.0317 4164 avast! Antivirus - ok
    15:37:11.0395 4164 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    15:37:11.0395 4164 AxInstSV - ok
    15:37:11.0473 4164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    15:37:11.0473 4164 b06bdrv - ok
    15:37:11.0520 4164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    15:37:11.0536 4164 b57nd60a - ok
    15:37:11.0614 4164 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
    15:37:11.0629 4164 BCM43XX - ok
    15:37:11.0661 4164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    15:37:11.0661 4164 BDESVC - ok
    15:37:11.0723 4164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    15:37:11.0723 4164 Beep - ok
    15:37:11.0785 4164 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    15:37:11.0801 4164 BFE - ok
    15:37:11.0848 4164 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    15:37:11.0863 4164 BITS - ok
    15:37:11.0910 4164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    15:37:11.0910 4164 blbdrive - ok
    15:37:11.0957 4164 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    15:37:11.0957 4164 bowser - ok
    15:37:11.0988 4164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    15:37:11.0988 4164 BrFiltLo - ok
    15:37:12.0019 4164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    15:37:12.0035 4164 BrFiltUp - ok
    15:37:12.0066 4164 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    15:37:12.0066 4164 Browser - ok
    15:37:12.0113 4164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    15:37:12.0113 4164 Brserid - ok
    15:37:12.0160 4164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    15:37:12.0160 4164 BrSerWdm - ok
    15:37:12.0175 4164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    15:37:12.0175 4164 BrUsbMdm - ok
    15:37:12.0207 4164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    15:37:12.0207 4164 BrUsbSer - ok
    15:37:12.0238 4164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    15:37:12.0238 4164 BTHMODEM - ok
    15:37:12.0285 4164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    15:37:12.0285 4164 bthserv - ok
    15:37:12.0378 4164 CATmobile (2e77ddd520e243a8acf964ba474266a6) C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe
    15:37:12.0378 4164 CATmobile - ok
    15:37:12.0409 4164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    15:37:12.0409 4164 cdfs - ok
    15:37:12.0456 4164 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    15:37:12.0456 4164 cdrom - ok
    15:37:12.0487 4164 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    15:37:12.0487 4164 CertPropSvc - ok
    15:37:12.0534 4164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    15:37:12.0534 4164 circlass - ok
    15:37:12.0597 4164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    15:37:12.0597 4164 CLFS - ok
    15:37:12.0675 4164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    15:37:12.0675 4164 clr_optimization_v2.0.50727_32 - ok
    15:37:12.0721 4164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    15:37:12.0737 4164 clr_optimization_v2.0.50727_64 - ok
    15:37:12.0753 4164 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    15:37:12.0753 4164 clwvd - ok
    15:37:12.0799 4164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    15:37:12.0799 4164 CmBatt - ok
    15:37:12.0815 4164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    15:37:12.0815 4164 cmdide - ok
    15:37:12.0877 4164 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
    15:37:12.0893 4164 CNG - ok
    15:37:12.0940 4164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    15:37:12.0940 4164 Compbatt - ok
    15:37:12.0987 4164 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    15:37:12.0987 4164 CompositeBus - ok
    15:37:12.0987 4164 COMSysApp - ok
    15:37:13.0018 4164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    15:37:13.0018 4164 crcdisk - ok
    15:37:13.0065 4164 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    15:37:13.0065 4164 CryptSvc - ok
    15:37:13.0127 4164 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    15:37:13.0143 4164 DcomLaunch - ok
    15:37:13.0174 4164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    15:37:13.0174 4164 defragsvc - ok
    15:37:13.0221 4164 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    15:37:13.0221 4164 DfsC - ok
    15:37:13.0283 4164 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    15:37:13.0299 4164 Dhcp - ok
    15:37:13.0314 4164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    15:37:13.0314 4164 discache - ok
    15:37:13.0361 4164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    15:37:13.0361 4164 Disk - ok
    15:37:13.0392 4164 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
    15:37:13.0408 4164 Dnscache - ok
    15:37:13.0439 4164 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    15:37:13.0455 4164 dot3svc - ok
    15:37:13.0470 4164 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    15:37:13.0486 4164 DPS - ok
    15:37:13.0517 4164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    15:37:13.0517 4164 drmkaud - ok
    15:37:13.0579 4164 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    15:37:13.0595 4164 DXGKrnl - ok
    15:37:13.0626 4164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    15:37:13.0626 4164 EapHost - ok
    15:37:13.0813 4164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    15:37:13.0845 4164 ebdrv - ok
    15:37:13.0938 4164 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
    15:37:13.0938 4164 EFS - ok
    15:37:14.0047 4164 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    15:37:14.0063 4164 ehRecvr - ok
    15:37:14.0094 4164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    15:37:14.0094 4164 ehSched - ok
    15:37:14.0172 4164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    15:37:14.0188 4164 elxstor - ok
    15:37:14.0203 4164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    15:37:14.0203 4164 ErrDev - ok
    15:37:14.0266 4164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    15:37:14.0281 4164 EventSystem - ok
    15:37:14.0328 4164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    15:37:14.0328 4164 exfat - ok
    15:37:14.0359 4164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    15:37:14.0359 4164 fastfat - ok
    15:37:14.0422 4164 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    15:37:14.0422 4164 Fax - ok
    15:37:14.0453 4164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    15:37:14.0469 4164 fdc - ok
    15:37:14.0500 4164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    15:37:14.0500 4164 fdPHost - ok
    15:37:14.0515 4164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    15:37:14.0515 4164 FDResPub - ok
    15:37:14.0547 4164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    15:37:14.0547 4164 FileInfo - ok
    15:37:14.0562 4164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    15:37:14.0562 4164 Filetrace - ok
    15:37:14.0593 4164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    15:37:14.0593 4164 flpydisk - ok
    15:37:14.0640 4164 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    15:37:14.0656 4164 FltMgr - ok
    15:37:14.0734 4164 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    15:37:14.0749 4164 FontCache - ok
    15:37:14.0827 4164 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    15:37:14.0827 4164 FontCache3.0.0.0 - ok
    15:37:14.0874 4164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    15:37:14.0874 4164 FsDepends - ok
    15:37:14.0905 4164 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
    15:37:14.0905 4164 Fs_Rec - ok
    15:37:14.0952 4164 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    15:37:14.0952 4164 fvevol - ok
    15:37:14.0999 4164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    15:37:14.0999 4164 gagp30kx - ok
    15:37:15.0093 4164 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    15:37:15.0093 4164 GameConsoleService - ok
    15:37:15.0155 4164 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    15:37:15.0171 4164 gpsvc - ok
    15:37:15.0186 4164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    15:37:15.0186 4164 hcw85cir - ok
    15:37:15.0264 4164 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    15:37:15.0280 4164 HdAudAddService - ok
    15:37:15.0342 4164 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    15:37:15.0342 4164 HDAudBus - ok
    15:37:15.0373 4164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    15:37:15.0373 4164 HidBatt - ok
    15:37:15.0405 4164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    15:37:15.0405 4164 HidBth - ok
    15:37:15.0436 4164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    15:37:15.0436 4164 HidIr - ok
    15:37:15.0467 4164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    15:37:15.0467 4164 hidserv - ok
    15:37:15.0514 4164 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    15:37:15.0514 4164 HidUsb - ok
    15:37:15.0545 4164 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    15:37:15.0545 4164 hkmsvc - ok
    15:37:15.0576 4164 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    15:37:15.0592 4164 HomeGroupListener - ok
    15:37:15.0623 4164 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    15:37:15.0623 4164 HomeGroupProvider - ok
    15:37:15.0732 4164 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    15:37:15.0732 4164 HP Support Assistant Service - ok
    15:37:15.0841 4164 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    15:37:15.0841 4164 HP Wireless Assistant Service - ok
    15:37:15.0904 4164 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    15:37:15.0919 4164 HPAuto - ok
    15:37:15.0966 4164 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    15:37:15.0982 4164 HPClientSvc - ok
    15:37:16.0060 4164 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    15:37:16.0060 4164 HPDrvMntSvc.exe - ok
    15:37:16.0138 4164 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    15:37:16.0138 4164 hpqwmiex - ok
    15:37:16.0263 4164 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    15:37:16.0263 4164 HpSAMD - ok
    15:37:16.0341 4164 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    15:37:16.0356 4164 HPWMISVC - ok
    15:37:16.0419 4164 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    15:37:16.0434 4164 HTTP - ok
    15:37:16.0450 4164 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    15:37:16.0450 4164 hwpolicy - ok
    15:37:16.0497 4164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    15:37:16.0497 4164 i8042prt - ok
    15:37:16.0559 4164 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
    15:37:16.0575 4164 iaStor - ok
    15:37:16.0668 4164 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    15:37:16.0668 4164 IAStorDataMgrSvc - ok
    15:37:16.0731 4164 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    15:37:16.0731 4164 iaStorV - ok
    15:37:16.0871 4164 IconMan_R (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    15:37:16.0887 4164 IconMan_R - ok
    15:37:17.0027 4164 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    15:37:17.0043 4164 idsvc - ok
    15:37:17.0620 4164 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
    15:37:17.0823 4164 igfx - ok
    15:37:17.0947 4164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    15:37:17.0963 4164 iirsp - ok
    15:37:18.0025 4164 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    15:37:18.0041 4164 IKEEXT - ok
    15:37:18.0197 4164 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
    15:37:18.0213 4164 IntcAzAudAddService - ok
    15:37:18.0337 4164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    15:37:18.0337 4164 intelide - ok
    15:37:18.0369 4164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    15:37:18.0369 4164 intelppm - ok
    15:37:18.0400 4164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    15:37:18.0415 4164 IPBusEnum - ok
    15:37:18.0431 4164 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    15:37:18.0431 4164 IpFilterDriver - ok
    15:37:18.0493 4164 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    15:37:18.0509 4164 iphlpsvc - ok
    15:37:18.0540 4164 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    15:37:18.0540 4164 IPMIDRV - ok
    15:37:18.0556 4164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    15:37:18.0571 4164 IPNAT - ok
    15:37:18.0603 4164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    15:37:18.0603 4164 IRENUM - ok
    15:37:18.0634 4164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    15:37:18.0634 4164 isapnp - ok
    15:37:18.0681 4164 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    15:37:18.0681 4164 iScsiPrt - ok
    15:37:18.0712 4164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    15:37:18.0712 4164 kbdclass - ok
    15:37:18.0759 4164 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    15:37:18.0759 4164 kbdhid - ok
    15:37:18.0790 4164 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
    15:37:18.0790 4164 KeyIso - ok
    15:37:18.0805 4164 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
    15:37:18.0821 4164 KSecDD - ok
    15:37:18.0837 4164 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
    15:37:18.0837 4164 KSecPkg - ok
    15:37:18.0868 4164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    15:37:18.0868 4164 ksthunk - ok
    15:37:18.0915 4164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    15:37:18.0930 4164 KtmRm - ok
    15:37:18.0993 4164 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    15:37:18.0993 4164 LanmanServer - ok
    15:37:19.0008 4164 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    15:37:19.0008 4164 LanmanWorkstation - ok
    15:37:19.0071 4164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    15:37:19.0071 4164 lltdio - ok
    15:37:19.0102 4164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    15:37:19.0117 4164 lltdsvc - ok
    15:37:19.0133 4164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    15:37:19.0133 4164 lmhosts - ok
    15:37:19.0180 4164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    15:37:19.0180 4164 LSI_FC - ok
    15:37:19.0227 4164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    15:37:19.0227 4164 LSI_SAS - ok
    15:37:19.0242 4164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    15:37:19.0242 4164 LSI_SAS2 - ok
    15:37:19.0273 4164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    15:37:19.0273 4164 LSI_SCSI - ok
    15:37:19.0305 4164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    15:37:19.0305 4164 luafv - ok
    15:37:19.0336 4164 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\drivers\massfilter.sys
    15:37:19.0336 4164 massfilter - ok
    15:37:19.0383 4164 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    15:37:19.0383 4164 Mcx2Svc - ok
    15:37:19.0414 4164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    15:37:19.0414 4164 megasas - ok
    15:37:19.0461 4164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    15:37:19.0461 4164 MegaSR - ok
    15:37:19.0492 4164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    15:37:19.0492 4164 MMCSS - ok
    15:37:19.0523 4164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    15:37:19.0523 4164 Modem - ok
    15:37:19.0539 4164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    15:37:19.0539 4164 monitor - ok
    15:37:19.0601 4164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    15:37:19.0601 4164 mouclass - ok
    15:37:19.0632 4164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    15:37:19.0632 4164 mouhid - ok
    15:37:19.0663 4164 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    15:37:19.0679 4164 mountmgr - ok
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...