Major custom help needed..Sirefef

Solved
By MDGuelker
Sep 17, 2012
  1. Hi...new to the forum and looking for some custom help for virus removal. (you guys seem helpful and generally awesome)

    I think I have Sirefef. I had the internet redirect issue and disappearance of MSE. I reinstalled MSE and ended up in the restart after 1 min loop. I eventually managed to break out of the loop...I honestly don't know what I did. I was going to run the FRST from F8-repair my computer that seems to be the first recommendation, but I no longer have the repair my computer option to do that. I was going to run through the 5 pre-steps, but Malware keeps freezing when run and MSE seems to keep disappearing and reappearing. Figured I'm best off to just get more experienced hands involved. Please advise. Thanks!!
  2. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================

    What Windows version is it?
  3. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    Windows 7 (x64)...though I think some software occasionally runs in 32, which I guess is normal
  4. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  5. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    Couple question before moving forward...

    -I know it's a 64 bit system but there is an x86 (32bit) programs folder. Do I need to run both or does the 64bit cover all?

    -I don't have system repair as an option when I hit F8 (I did at one point, but it doesn't show up anymore), can I run FRST on the flash drive but from within windows?
  6. Broni

    Broni Malware Annihilator Posts: 46,319   +252

  7. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    I'm going to make a bootable Win7 USB as that is the most available...
    more stupid questions so I don't divert from the task...

    -size requirements for the USB? I notice the downloaded file is around 3.1 GB...does it expand when used or good on a 4GB jump drive?

    -How do I boot to the USB drive?

    Thanks by the way!
  8. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    I suggest DVD as you need USB for delivering FRST and getting logs.
  9. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    I booted off the Win7 DVD and ran FRST 64, once in Scan, and the second time in Search- services.exe. Durring the second task (search) there was a message about a corrupt file (nothing I could make out in time) and a need to run CheckDisk...I passed on it, finished the Search and restarted. On restart it also brought up the CheckDisk. I passed again as I didn't want to run anything out of order. Please let me know if I should continue to pass that or run it. Below is part of the Scan log (followed next post by the remainder and the Search Log)

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-09-2012 03
    Ran by SYSTEM at 18-09-2012 14:57:46
    Running from H:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe [318464 2009-05-14] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-10-20] (IDT, Inc.)
    HKLM\...\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background [610872 2009-08-25] ()
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-12-05] (Sun Microsystems, Inc.)
    HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [196648 2009-06-03] (ActivIdentity)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [483880 2009-06-03] (ActivIdentity)
    HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-01-21] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-11-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [dldomon.exe] "C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe" [455920 2007-10-05] ()
    HKLM\...\Run: [MemoryCardManager] "C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe" [410864 2007-10-05] ()
    HKLM\...\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [x]
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-12-01] (DigitalPersona, Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-23] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [815512 2012-01-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [Dell 968 AIO Printer] "C:\Program Files (x86)\Dell 968 AIO Printer\fm3032.exe" /s [312560 2007-10-05] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
    HKLM-x32\...\Run: [] [x]
    HKU\Matt\...\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\Matt\...\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-22] (Google Inc.)
    HKU\Matt\...\Run: [HP Photosmart 7510 series (NET)] "C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN23N3555905PX:NW" -scfn "HP Photosmart 7510 series (NET)" -AutoStart 1 [2676584 2011-08-31] (Hewlett-Packard Co.)
    Winlogon\Notify\ScCertProp: wlnotify.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 172.16.2.5 172.18.82.11 4.2.2.2
    Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter DPPWDFLT
    Startup: C:\Users\Matt\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)

    ==================== Services (Whitelisted) ===================

    2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
    2 dldoCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe [34032 2007-10-05] ()
    2 dldo_device; C:\Windows\system32\dldocoms.exe -service [1044720 2007-10-05] ( )
    2 dldo_device; C:\Windows\SysWow64\dldocoms.exe -service [595184 2007-10-05] ( )
    2 DvmMDES; "C:\SPLASH.SYS\config\DVMExportService.exe" [323584 2009-07-08] (DeviceVM, Inc.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [240640 2009-10-20] (IDT, Inc.)

    ==================== Drivers (Whitelisted) =====================

    1 DVMIO; \??\C:\SPLASH.SYS\config\dvmio.sys [21624 2009-09-27] (DeviceVM, Inc.)
    3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [21504 2010-06-24] (http://libusb-win32.sourceforge.net)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
    3 ALSysIO; \??\C:\Users\Matt\AppData\Local\Temp\ALSysIO64.sys [x]
    4 eabfiltr; [x]
    3 RTSTOR; C:\Windows\System32\drivers\RTSTOR.SYS [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-09-18 16:31 - 2012-09-18 16:32 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\Windows 7 USB DVD Download Tool
    2012-09-18 16:31 - 2012-09-18 16:31 - 00002520 ____A C:\Users\Matt\Desktop\Windows 7 USB DVD Download Tool.lnk
    2012-09-17 19:30 - 2012-09-17 19:30 - 02721168 ____A (Microsoft Corporation) C:\Users\Matt\Downloads\Windows7-USB-DVD-tool.exe
    2012-09-17 19:25 - 2012-09-17 20:10 - 3320903680 ____A C:\Users\Matt\Downloads\X17-58997.iso
    2012-09-17 13:48 - 2012-09-17 13:48 - 00000000 ____D C:\Users\Matt\Desktop\FIX
    2012-09-15 19:32 - 2012-09-15 19:32 - 00066527 ____A C:\Users\Matt\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    2012-09-15 19:32 - 2012-09-15 19:32 - 00000000 ____D C:\Users\Matt\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
    2012-09-15 19:08 - 2012-09-15 19:26 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-15 19:08 - 2012-09-15 19:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-09-15 19:08 - 2012-09-15 19:08 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Malwarebytes
    2012-09-15 19:08 - 2012-09-07 19:04 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-15 18:52 - 2012-09-15 18:52 - 00000000 ____D C:\FRST
    2012-09-15 17:59 - 2012-09-15 17:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CF2218433C9EBD1
    2012-09-15 17:56 - 2012-09-15 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6E8FA8A7116FCB3
    2012-09-15 17:52 - 2012-09-15 17:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.574D2FED12405329
    2012-09-15 17:50 - 2012-09-15 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E659A568FE79AC2
    2012-09-15 17:50 - 2012-09-15 17:50 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zaxbajlz.sys
    2012-09-15 17:44 - 2012-09-15 17:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D9DBD21EEE2F44C
    2012-09-15 17:41 - 2012-09-15 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0759B65E5B380895
    2012-09-15 17:37 - 2012-09-15 17:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.804F7D739D0E3E6C
    2012-09-15 17:37 - 2012-09-15 17:37 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yhwdsxbc.sys
    2012-09-15 17:31 - 2012-09-15 17:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD3850BF523D6CC5
    2012-09-15 17:28 - 2012-09-15 17:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF308DE76FC4D6EA
    2012-09-15 17:25 - 2012-09-15 17:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAADE6EE6749F82E
    2012-09-15 17:22 - 2012-09-15 17:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D1E666E5E2F405D9
    2012-09-15 17:19 - 2012-09-15 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.222AF14A3496F8A0
    2012-09-15 17:16 - 2012-09-15 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79EB5716305517F4
    2012-09-15 17:13 - 2012-09-15 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.754C821D6BA4EFA7
    2012-09-15 17:10 - 2012-09-15 17:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70873B28CE7FB15C
    2012-09-15 17:07 - 2012-09-15 17:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AC8207947D4F06B
    2012-09-15 17:03 - 2012-09-15 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE14A138F0801007
    2012-09-15 17:01 - 2012-09-15 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30F2A7140767ECAB
    2012-09-15 16:58 - 2012-09-15 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5228D6CB69620000
    2012-09-15 16:56 - 2012-09-15 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FB51779269D5756
    2012-09-15 16:53 - 2012-09-15 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E258EF28E55166F6
    2012-09-15 16:51 - 2012-09-15 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A719F01CED0987E
    2012-09-15 16:49 - 2012-09-15 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B2E37289A4741736
    2012-09-15 16:47 - 2012-09-15 16:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6542C3ABD0247125
    2012-09-15 16:44 - 2012-09-15 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D8FD68EDE8F98A3
    2012-09-15 16:42 - 2012-09-15 16:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FFBA8B7DB91240B
    2012-09-15 16:40 - 2012-09-15 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F2907C8962DBB4B
    2012-09-15 16:37 - 2012-09-15 16:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.740356A775719DC3
    2012-09-15 16:35 - 2012-09-15 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8EA028E7A0CAA79
    2012-09-15 16:32 - 2012-09-15 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04CB926448C77995
    2012-09-15 16:30 - 2012-09-15 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B57B9BF74D8A0BBF
    2012-09-15 16:26 - 2012-09-15 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA8EBE81E880B9EB
    2012-09-15 16:19 - 2012-09-15 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B8C5FF02D8C8A8
    2012-09-15 16:19 - 2012-09-15 16:19 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eligsisc.sys
    2012-09-15 16:18 - 2012-09-15 16:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-09-15 15:18 - 2012-09-15 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8A4465B0282CED7
    2012-09-15 15:15 - 2012-09-15 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.117C802430F9C1B8
    2012-09-15 14:39 - 2012-09-15 14:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B174A10CC3344FD5
    2012-09-15 14:37 - 2012-09-15 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B5991445642DD8F
    2012-09-15 14:35 - 2012-09-15 14:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE39EC5A08F85527
    2012-09-15 14:32 - 2012-09-15 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C619BBF8543D2E24
    2012-09-15 14:30 - 2012-09-15 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.546C6E0DDAA62408
    2012-09-15 14:28 - 2012-09-15 14:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F2315D2761F2005
    2012-09-15 14:25 - 2012-09-15 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE9419C2B0822074
    2012-09-15 14:23 - 2012-09-15 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83B69C58D54A7A9F
    2012-09-15 14:21 - 2012-09-15 14:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D1D034A50D0E16C4
    2012-09-15 14:18 - 2012-09-15 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC77683CF6955FA1
    2012-09-15 14:16 - 2012-09-15 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.630B701F981F6626
    2012-09-15 14:14 - 2012-09-15 14:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A5F1BB510CBD863
    2012-09-15 14:11 - 2012-09-15 14:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7CD6652DAE707501
    2012-09-14 20:16 - 2012-09-14 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95450904950CB7EA
    2012-09-14 20:14 - 2012-09-14 20:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89C1F7B5DC930D52
    2012-09-14 20:11 - 2012-09-14 20:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE484705F06A97F
    2012-09-14 20:09 - 2012-09-14 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AEB0EEAAF9308A4
    2012-09-14 20:07 - 2012-09-14 20:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0AE66F48430FA528
    2012-09-14 20:05 - 2012-09-14 20:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CB86DA12FA1DD33
    2012-09-14 20:02 - 2012-09-14 20:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5ECA13333CD8E7E
    2012-09-14 19:59 - 2012-09-14 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.417A576AD28691A1
    2012-09-14 19:57 - 2012-09-14 19:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE816E7E1B47CBDD
    2012-09-14 19:55 - 2012-09-14 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.114DAAA64E802807
    2012-09-14 19:52 - 2012-09-14 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B545867A0E9FC83D
    2012-09-14 19:50 - 2012-09-14 19:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05A56A8C6EF85AC5
    2012-09-14 19:48 - 2012-09-14 19:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68A47473D0F5EC48
    2012-09-14 19:45 - 2012-09-14 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F99BAE9F25FE272
    2012-09-14 19:43 - 2012-09-14 19:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A72A66CEC784B87
    2012-09-14 19:41 - 2012-09-14 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE10058F7161FAF5
    2012-09-14 19:38 - 2012-09-14 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D05CC8FC970E968E
    2012-09-14 19:36 - 2012-09-14 19:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.749AC79A5ECA3150
    2012-09-14 19:34 - 2012-09-14 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7BCF813D8EA5A54
    2012-09-14 19:31 - 2012-09-14 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A20DC795C63790E1
    2012-09-14 19:29 - 2012-09-14 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7848194BDEDB2BA0
    2012-09-14 19:26 - 2012-09-14 19:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41CB2275546B1F98
    2012-09-14 19:24 - 2012-09-14 19:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.77081843F7037FA6
    2012-09-14 19:22 - 2012-09-14 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CBAB9766017CFD0C
    2012-09-14 19:20 - 2012-09-14 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B25CAB5CEC7FF06A
    2012-09-14 19:17 - 2012-09-14 19:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A283F7B3E3B82F65
    2012-09-14 19:15 - 2012-09-14 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E46F1882C8D6D13
    2012-09-14 19:12 - 2012-09-14 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3D91F93964BC8A2
    2012-09-14 19:10 - 2012-09-14 19:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.417EF4BE0EA9F950
    2012-09-14 19:08 - 2012-09-14 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4AC6FA0BD9F66B23
    2012-09-14 19:06 - 2012-09-14 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34CB51D3E99E6B56
    2012-09-14 19:03 - 2012-09-14 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C60A769437CF17F
    2012-09-14 19:01 - 2012-09-14 19:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7E88B7871DBE7C3
    2012-09-14 18:59 - 2012-09-14 18:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAAE3411BD37599F
    2012-09-14 18:56 - 2012-09-14 18:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF1F9B0C51D64CE7
    2012-09-14 18:54 - 2012-09-14 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E3AA50494096F7
    2012-09-14 18:51 - 2012-09-14 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7961972A82C76EAA
    2012-09-14 18:49 - 2012-09-14 18:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A733698DD99245E3
    2012-09-14 18:47 - 2012-09-14 18:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA72FF5A1CED6B7B
    2012-09-14 18:45 - 2012-09-14 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9927184F49C4A417
    2012-09-14 18:42 - 2012-09-14 18:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C966D1AE4A11A9BB
    2012-09-14 18:39 - 2012-09-14 18:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06C55F4240D49CB1
    2012-09-14 18:37 - 2012-09-14 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28B4D9F3E0ABBFA3
    2012-09-14 18:35 - 2012-09-14 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.684AAC16B6DDE02E
    2012-09-14 18:32 - 2012-09-14 18:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70BE5A72D0741C8B
    2012-09-14 18:30 - 2012-09-14 18:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.864E9ECF672E988B
    2012-09-14 18:28 - 2012-09-14 18:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4AFFDA56B273BFB4
    2012-09-14 18:25 - 2012-09-14 18:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66D7F45CF45CF80F
    2012-09-14 18:23 - 2012-09-14 18:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C44CDCB93CF15A51
    2012-09-14 18:21 - 2012-09-14 18:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F5D1AB621375276
    2012-09-14 18:18 - 2012-09-14 18:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42E77FD0A95C9A14
    2012-09-14 18:16 - 2012-09-14 18:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEC23D1C9D4356FF
    2012-09-14 18:14 - 2012-09-14 18:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51BC1EA67FDD26D6
    2012-09-14 18:11 - 2012-09-14 18:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8575E2A843DBE1B
    2012-09-14 18:09 - 2012-09-14 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF13C896CF669902
    2012-09-14 18:06 - 2012-09-14 18:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A114A4E8714D2F86
    2012-09-14 18:03 - 2012-09-14 18:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C13CBE8AD2F3E637
    2012-09-14 18:00 - 2012-09-14 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73137033AC4A367E
    2012-09-14 17:57 - 2012-09-14 17:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A64DAE5D9E739E1C
    2012-09-14 17:54 - 2012-09-14 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6D89A1B9E1284C6
    2012-09-14 17:51 - 2012-09-14 17:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5E12CA08FA6B7E4
    2012-09-14 17:48 - 2012-09-14 17:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F32D7F8F1C5FFFEF
    2012-09-14 17:45 - 2012-09-14 17:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BB8F7953C81FB41
    2012-09-14 17:43 - 2012-09-14 17:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02429F40511502CC
    2012-09-14 17:41 - 2012-09-14 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0323D4DB8D702BC4
    2012-09-14 17:39 - 2012-09-14 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7165AA3F3AC1CAC4
    2012-09-14 17:37 - 2012-09-14 17:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FF86E912C54ABB6
    2012-09-14 17:34 - 2012-09-14 17:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0436C597D9C689C
    2012-09-14 17:32 - 2012-09-14 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3993ADB4EAC224F0
    2012-09-14 17:29 - 2012-09-14 17:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7FC51080A847C9A
    2012-09-14 17:26 - 2012-09-14 17:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CB83777F7C28262
    2012-09-14 17:23 - 2012-09-14 17:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BEDCA8440138B3A
    2012-09-14 17:21 - 2012-09-14 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32A893DE3DBB5703
    2012-09-14 17:19 - 2012-09-14 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A17B645688F700A
    2012-09-14 17:17 - 2012-09-14 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9556171E0F869F54
    2012-09-14 17:15 - 2012-09-14 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CC899560DF02D81
    2012-09-14 17:13 - 2012-09-14 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FCAE241D1A6FD02
    2012-09-14 17:10 - 2012-09-14 17:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACD9265EE5943AB2
    2012-09-14 17:07 - 2012-09-14 17:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8388866B0234BDE7
    2012-09-14 17:05 - 2012-09-14 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A63C677D708C844
    2012-09-14 17:02 - 2012-09-14 17:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.439551454AB9CB46
    2012-09-14 16:59 - 2012-09-14 16:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.357800D38AE4E153
    2012-09-14 16:56 - 2012-09-14 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BE7C02698002681
    2012-09-14 16:53 - 2012-09-14 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.479E277A452E07AC
    2012-09-14 16:50 - 2012-09-14 16:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3052843EB49E2E2D
    2012-09-14 16:47 - 2012-09-14 16:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45B9C39CB536A97
    2012-09-14 16:44 - 2012-09-14 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC6D05F7127052F5
    2012-09-14 16:41 - 2012-09-14 16:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.594F419F0075EC5B
    2012-09-14 16:38 - 2012-09-14 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1CC11DC39A7940A
    2012-09-14 16:35 - 2012-09-14 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F02A525AE1356CD
    2012-09-14 16:32 - 2012-09-14 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0AB15FBD22AE9E32
    2012-09-14 16:29 - 2012-09-14 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABDB4341A51D5B47
    2012-09-14 16:27 - 2012-09-14 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63991B0D5AAF3968
    2012-09-14 16:24 - 2012-09-14 16:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CD4BB80C2BBCA08
    2012-09-14 16:21 - 2012-09-14 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3940A9DD80648D19
    2012-09-14 16:18 - 2012-09-14 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.362292EBFE85831C
    2012-09-14 16:16 - 2012-09-14 16:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0602669B6C727A2B
    2012-09-14 16:13 - 2012-09-14 16:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70D5604AB2FBE3D8
    2012-09-14 16:11 - 2012-09-14 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A8B55BE70214933
    2012-09-14 16:09 - 2012-09-14 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5ACF7861C5EB0C7F
    2012-09-14 16:07 - 2012-09-14 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8C1A6D6BCA80ED1
    2012-09-14 16:04 - 2012-09-14 16:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5EB2C4DDFD67A74
    2012-09-14 16:01 - 2012-09-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.697EE1858786FEF1
    2012-09-14 15:58 - 2012-09-14 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA7F32C6B333A3BA
    2012-09-14 15:55 - 2012-09-14 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FF1A5A392DA50FF
    2012-09-14 15:52 - 2012-09-14 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A982D851EC53D1C4
    2012-09-14 15:50 - 2012-09-14 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1BACB5F2125B4CD
    2012-09-14 15:47 - 2012-09-14 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E09B0100F2574BF9
    2012-09-14 15:44 - 2012-09-14 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A6A76ED56D4FB5E
    2012-09-14 15:41 - 2012-09-14 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.333D4DDF0132AC12
    2012-09-14 15:38 - 2012-09-14 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75EE736F0E4F12CD
    2012-09-14 15:35 - 2012-09-14 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.832171E0182D2E7C
    2012-09-14 15:32 - 2012-09-14 15:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE0EF283A355BA3E
    2012-09-14 15:29 - 2012-09-14 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9CA19157622A9831
    2012-09-14 15:27 - 2012-09-14 15:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EFDE73A05141798D
    2012-09-14 15:25 - 2012-09-14 15:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B246C14F348C2B94
    2012-09-14 15:23 - 2012-09-14 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E87B0C5DDB8EABC
    2012-09-14 15:20 - 2012-09-14 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6976DD3C928E6370
    2012-09-14 15:18 - 2012-09-14 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.368DA1176A9F5B32
    2012-09-14 15:16 - 2012-09-14 15:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15009F0B9DB39897
    2012-09-14 15:13 - 2012-09-14 15:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A202A9B6D634077F
    2012-09-14 15:10 - 2012-09-14 15:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D2E2D6E4415AB21
    2012-09-14 15:07 - 2012-09-14 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13F5800C54250A6A
    2012-09-14 15:04 - 2012-09-14 15:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA6B3F3CBE5A7024
    2012-09-14 15:01 - 2012-09-14 15:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA647C4744563A7E
    2012-09-14 14:58 - 2012-09-14 14:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE193342C9F62786
    2012-09-14 14:56 - 2012-09-14 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.35139C9DF2F0A968
    2012-09-14 14:53 - 2012-09-14 14:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B5D71C8F4585729
    2012-09-14 14:51 - 2012-09-14 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18A3734688A2C3DE
    2012-09-14 14:49 - 2012-09-14 14:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5CCC3AC55C069FD
    2012-09-14 14:47 - 2012-09-14 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34B7CA9C0FBDFD21
    2012-09-14 14:45 - 2012-09-14 14:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D87DFA069FF00A1
    2012-09-13 20:42 - 2012-09-13 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A4BB3CDFD731F04
    2012-09-13 20:40 - 2012-09-13 20:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCFFA02194B03A62
    2012-09-13 20:35 - 2012-09-13 20:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA5A1F9C9C5CB69E
    2012-09-13 20:31 - 2012-09-13 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BD0B241259DE8C1
    2012-09-13 20:26 - 2012-09-13 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.98078E9915CB4AB2
    2012-09-13 20:22 - 2012-09-13 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D912E6385B81B888
    2012-09-13 20:18 - 2012-09-13 20:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89E2AB594B7822B8
    2012-09-13 20:13 - 2012-09-13 20:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8FF4A81CD5B7A07
    2012-09-13 20:07 - 2012-09-13 20:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58E8B29002A35027
    2012-09-13 19:57 - 2012-09-13 19:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-09-13 19:57 - 2012-09-13 19:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
  10. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    ==================== 3 Months Modified Files ==================

    2012-09-18 16:49 - 2010-06-02 01:05 - 00000177 ____H C:\dvmexp.idx
    2012-09-18 16:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-09-18 16:49 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-09-18 16:45 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-09-18 16:45 - 2009-07-13 20:51 - 00080576 ____A C:\Windows\setupact.log
    2012-09-18 16:41 - 2011-12-22 18:33 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174133610-2724806526-2353754245-1000UA.job
    2012-09-18 16:38 - 2010-06-02 00:26 - 01768343 ____A C:\Windows\WindowsUpdate.log
    2012-09-18 16:31 - 2012-09-18 16:31 - 00002520 ____A C:\Users\Matt\Desktop\Windows 7 USB DVD Download Tool.lnk
    2012-09-18 16:28 - 2012-08-12 00:01 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-09-18 16:28 - 2012-05-28 20:07 - 00000254 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
    2012-09-18 13:18 - 2011-12-22 18:33 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1174133610-2724806526-2353754245-1000Core.job
    2012-09-17 20:10 - 2012-09-17 19:25 - 3320903680 ____A C:\Users\Matt\Downloads\X17-58997.iso
    2012-09-17 19:35 - 2009-07-13 21:13 - 00729770 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-17 19:30 - 2012-09-17 19:30 - 02721168 ____A (Microsoft Corporation) C:\Users\Matt\Downloads\Windows7-USB-DVD-tool.exe
    2012-09-16 14:54 - 2011-07-14 18:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-09-15 19:32 - 2012-09-15 19:32 - 00066527 ____A C:\Users\Matt\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    2012-09-15 19:26 - 2012-09-15 19:08 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-09-15 19:05 - 2011-06-27 06:20 - 00002198 ____A C:\Windows\epplauncher.mif
    2012-09-15 18:02 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-09-15 17:59 - 2012-09-15 17:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CF2218433C9EBD1
    2012-09-15 17:56 - 2012-09-15 17:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A6E8FA8A7116FCB3
    2012-09-15 17:52 - 2012-09-15 17:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.574D2FED12405329
    2012-09-15 17:50 - 2012-09-15 17:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E659A568FE79AC2
    2012-09-15 17:50 - 2012-09-15 17:50 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\zaxbajlz.sys
    2012-09-15 17:44 - 2012-09-15 17:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D9DBD21EEE2F44C
    2012-09-15 17:41 - 2012-09-15 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0759B65E5B380895
    2012-09-15 17:37 - 2012-09-15 17:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.804F7D739D0E3E6C
    2012-09-15 17:37 - 2012-09-15 17:37 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\yhwdsxbc.sys
    2012-09-15 17:31 - 2012-09-15 17:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AD3850BF523D6CC5
    2012-09-15 17:28 - 2012-09-15 17:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF308DE76FC4D6EA
    2012-09-15 17:25 - 2012-09-15 17:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAADE6EE6749F82E
    2012-09-15 17:22 - 2012-09-15 17:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D1E666E5E2F405D9
    2012-09-15 17:19 - 2012-09-15 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.222AF14A3496F8A0
    2012-09-15 17:16 - 2012-09-15 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.79EB5716305517F4
    2012-09-15 17:13 - 2012-09-15 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.754C821D6BA4EFA7
    2012-09-15 17:10 - 2012-09-15 17:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70873B28CE7FB15C
    2012-09-15 17:07 - 2012-09-15 17:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2AC8207947D4F06B
    2012-09-15 17:03 - 2012-09-15 17:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE14A138F0801007
    2012-09-15 17:01 - 2012-09-15 17:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.30F2A7140767ECAB
    2012-09-15 16:58 - 2012-09-15 16:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5228D6CB69620000
    2012-09-15 16:56 - 2012-09-15 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FB51779269D5756
    2012-09-15 16:53 - 2012-09-15 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E258EF28E55166F6
    2012-09-15 16:51 - 2012-09-15 16:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5A719F01CED0987E
    2012-09-15 16:49 - 2012-09-15 16:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B2E37289A4741736
    2012-09-15 16:47 - 2012-09-15 16:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6542C3ABD0247125
    2012-09-15 16:44 - 2012-09-15 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8D8FD68EDE8F98A3
    2012-09-15 16:42 - 2012-09-15 16:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FFBA8B7DB91240B
    2012-09-15 16:40 - 2012-09-15 16:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F2907C8962DBB4B
    2012-09-15 16:37 - 2012-09-15 16:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.740356A775719DC3
    2012-09-15 16:35 - 2012-09-15 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8EA028E7A0CAA79
    2012-09-15 16:32 - 2012-09-15 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04CB926448C77995
    2012-09-15 16:30 - 2012-09-15 16:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B57B9BF74D8A0BBF
    2012-09-15 16:26 - 2012-09-15 16:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DA8EBE81E880B9EB
    2012-09-15 16:19 - 2012-09-15 16:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.56B8C5FF02D8C8A8
    2012-09-15 16:19 - 2012-09-15 16:19 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\eligsisc.sys
    2012-09-15 16:18 - 2012-09-15 16:18 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-09-15 15:18 - 2012-09-15 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8A4465B0282CED7
    2012-09-15 15:15 - 2012-09-15 15:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.117C802430F9C1B8
    2012-09-15 14:39 - 2012-09-15 14:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B174A10CC3344FD5
    2012-09-15 14:37 - 2012-09-15 14:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9B5991445642DD8F
    2012-09-15 14:35 - 2012-09-15 14:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FE39EC5A08F85527
    2012-09-15 14:32 - 2012-09-15 14:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C619BBF8543D2E24
    2012-09-15 14:30 - 2012-09-15 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.546C6E0DDAA62408
    2012-09-15 14:28 - 2012-09-15 14:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5F2315D2761F2005
    2012-09-15 14:25 - 2012-09-15 14:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AE9419C2B0822074
    2012-09-15 14:23 - 2012-09-15 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.83B69C58D54A7A9F
    2012-09-15 14:21 - 2012-09-15 14:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D1D034A50D0E16C4
    2012-09-15 14:18 - 2012-09-15 14:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AC77683CF6955FA1
    2012-09-15 14:16 - 2012-09-15 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.630B701F981F6626
    2012-09-15 14:14 - 2012-09-15 14:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A5F1BB510CBD863
    2012-09-15 14:11 - 2012-09-15 14:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7CD6652DAE707501
    2012-09-14 20:16 - 2012-09-14 20:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.95450904950CB7EA
    2012-09-14 20:14 - 2012-09-14 20:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89C1F7B5DC930D52
    2012-09-14 20:11 - 2012-09-14 20:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5DE484705F06A97F
    2012-09-14 20:09 - 2012-09-14 20:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9AEB0EEAAF9308A4
    2012-09-14 20:07 - 2012-09-14 20:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0AE66F48430FA528
    2012-09-14 20:05 - 2012-09-14 20:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CB86DA12FA1DD33
    2012-09-14 20:02 - 2012-09-14 20:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5ECA13333CD8E7E
    2012-09-14 19:59 - 2012-09-14 19:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.417A576AD28691A1
    2012-09-14 19:57 - 2012-09-14 19:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CE816E7E1B47CBDD
    2012-09-14 19:55 - 2012-09-14 19:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.114DAAA64E802807
    2012-09-14 19:52 - 2012-09-14 19:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B545867A0E9FC83D
    2012-09-14 19:50 - 2012-09-14 19:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.05A56A8C6EF85AC5
    2012-09-14 19:48 - 2012-09-14 19:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68A47473D0F5EC48
    2012-09-14 19:45 - 2012-09-14 19:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F99BAE9F25FE272
    2012-09-14 19:43 - 2012-09-14 19:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9A72A66CEC784B87
    2012-09-14 19:41 - 2012-09-14 19:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE10058F7161FAF5
    2012-09-14 19:38 - 2012-09-14 19:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D05CC8FC970E968E
    2012-09-14 19:36 - 2012-09-14 19:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.749AC79A5ECA3150
    2012-09-14 19:34 - 2012-09-14 19:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C7BCF813D8EA5A54
    2012-09-14 19:31 - 2012-09-14 19:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A20DC795C63790E1
    2012-09-14 19:29 - 2012-09-14 19:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7848194BDEDB2BA0
    2012-09-14 19:26 - 2012-09-14 19:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.41CB2275546B1F98
    2012-09-14 19:24 - 2012-09-14 19:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.77081843F7037FA6
    2012-09-14 19:22 - 2012-09-14 19:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CBAB9766017CFD0C
    2012-09-14 19:20 - 2012-09-14 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B25CAB5CEC7FF06A
    2012-09-14 19:17 - 2012-09-14 19:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A283F7B3E3B82F65
    2012-09-14 19:15 - 2012-09-14 19:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1E46F1882C8D6D13
    2012-09-14 19:12 - 2012-09-14 19:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B3D91F93964BC8A2
    2012-09-14 19:10 - 2012-09-14 19:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.417EF4BE0EA9F950
    2012-09-14 19:10 - 2009-07-13 21:08 - 00032634 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-09-14 19:08 - 2012-09-14 19:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4AC6FA0BD9F66B23
    2012-09-14 19:06 - 2012-09-14 19:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34CB51D3E99E6B56
    2012-09-14 19:03 - 2012-09-14 19:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2C60A769437CF17F
    2012-09-14 19:01 - 2012-09-14 19:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B7E88B7871DBE7C3
    2012-09-14 18:59 - 2012-09-14 18:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AAAE3411BD37599F
    2012-09-14 18:56 - 2012-09-14 18:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FF1F9B0C51D64CE7
    2012-09-14 18:54 - 2012-09-14 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9E3AA50494096F7
    2012-09-14 18:51 - 2012-09-14 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7961972A82C76EAA
    2012-09-14 18:49 - 2012-09-14 18:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A733698DD99245E3
    2012-09-14 18:47 - 2012-09-14 18:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA72FF5A1CED6B7B
    2012-09-14 18:45 - 2012-09-14 18:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9927184F49C4A417
    2012-09-14 18:42 - 2012-09-14 18:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C966D1AE4A11A9BB
    2012-09-14 18:39 - 2012-09-14 18:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06C55F4240D49CB1
    2012-09-14 18:37 - 2012-09-14 18:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28B4D9F3E0ABBFA3
    2012-09-14 18:35 - 2012-09-14 18:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.684AAC16B6DDE02E
    2012-09-14 18:32 - 2012-09-14 18:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70BE5A72D0741C8B
    2012-09-14 18:30 - 2012-09-14 18:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.864E9ECF672E988B
    2012-09-14 18:28 - 2012-09-14 18:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4AFFDA56B273BFB4
    2012-09-14 18:25 - 2012-09-14 18:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66D7F45CF45CF80F
    2012-09-14 18:23 - 2012-09-14 18:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C44CDCB93CF15A51
    2012-09-14 18:21 - 2012-09-14 18:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6F5D1AB621375276
    2012-09-14 18:18 - 2012-09-14 18:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.42E77FD0A95C9A14
    2012-09-14 18:16 - 2012-09-14 18:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BEC23D1C9D4356FF
    2012-09-14 18:14 - 2012-09-14 18:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.51BC1EA67FDD26D6
    2012-09-14 18:11 - 2012-09-14 18:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8575E2A843DBE1B
    2012-09-14 18:09 - 2012-09-14 18:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EF13C896CF669902
    2012-09-14 18:06 - 2012-09-14 18:06 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A114A4E8714D2F86
    2012-09-14 18:03 - 2012-09-14 18:03 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C13CBE8AD2F3E637
    2012-09-14 18:00 - 2012-09-14 18:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.73137033AC4A367E
    2012-09-14 17:57 - 2012-09-14 17:57 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A64DAE5D9E739E1C
    2012-09-14 17:54 - 2012-09-14 17:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B6D89A1B9E1284C6
    2012-09-14 17:51 - 2012-09-14 17:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C5E12CA08FA6B7E4
    2012-09-14 17:48 - 2012-09-14 17:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F32D7F8F1C5FFFEF
    2012-09-14 17:45 - 2012-09-14 17:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9BB8F7953C81FB41
    2012-09-14 17:43 - 2012-09-14 17:43 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.02429F40511502CC
    2012-09-14 17:41 - 2012-09-14 17:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0323D4DB8D702BC4
    2012-09-14 17:39 - 2012-09-14 17:39 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7165AA3F3AC1CAC4
    2012-09-14 17:37 - 2012-09-14 17:37 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FF86E912C54ABB6
    2012-09-14 17:34 - 2012-09-14 17:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B0436C597D9C689C
    2012-09-14 17:32 - 2012-09-14 17:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3993ADB4EAC224F0
    2012-09-14 17:29 - 2012-09-14 17:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7FC51080A847C9A
    2012-09-14 17:26 - 2012-09-14 17:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2CB83777F7C28262
    2012-09-14 17:23 - 2012-09-14 17:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BEDCA8440138B3A
    2012-09-14 17:21 - 2012-09-14 17:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.32A893DE3DBB5703
    2012-09-14 17:19 - 2012-09-14 17:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6A17B645688F700A
    2012-09-14 17:17 - 2012-09-14 17:17 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9556171E0F869F54
    2012-09-14 17:15 - 2012-09-14 17:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CC899560DF02D81
    2012-09-14 17:13 - 2012-09-14 17:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6FCAE241D1A6FD02
    2012-09-14 17:10 - 2012-09-14 17:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ACD9265EE5943AB2
    2012-09-14 17:07 - 2012-09-14 17:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8388866B0234BDE7
    2012-09-14 17:05 - 2012-09-14 17:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A63C677D708C844
    2012-09-14 17:02 - 2012-09-14 17:02 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.439551454AB9CB46
    2012-09-14 16:59 - 2012-09-14 16:59 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.357800D38AE4E153
    2012-09-14 16:56 - 2012-09-14 16:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6BE7C02698002681
    2012-09-14 16:53 - 2012-09-14 16:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.479E277A452E07AC
    2012-09-14 16:50 - 2012-09-14 16:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3052843EB49E2E2D
    2012-09-14 16:47 - 2012-09-14 16:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A45B9C39CB536A97
    2012-09-14 16:44 - 2012-09-14 16:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CC6D05F7127052F5
    2012-09-14 16:41 - 2012-09-14 16:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.594F419F0075EC5B
    2012-09-14 16:38 - 2012-09-14 16:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A1CC11DC39A7940A
    2012-09-14 16:35 - 2012-09-14 16:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F02A525AE1356CD
    2012-09-14 16:32 - 2012-09-14 16:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0AB15FBD22AE9E32
    2012-09-14 16:30 - 2012-09-14 16:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.ABDB4341A51D5B47
    2012-09-14 16:27 - 2012-09-14 16:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.63991B0D5AAF3968
    2012-09-14 16:24 - 2012-09-14 16:24 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0CD4BB80C2BBCA08
    2012-09-14 16:21 - 2012-09-14 16:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3940A9DD80648D19
    2012-09-14 16:18 - 2012-09-14 16:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.362292EBFE85831C
    2012-09-14 16:16 - 2012-09-14 16:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0602669B6C727A2B
    2012-09-14 16:13 - 2012-09-14 16:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.70D5604AB2FBE3D8
    2012-09-14 16:11 - 2012-09-14 16:11 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A8B55BE70214933
    2012-09-14 16:09 - 2012-09-14 16:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5ACF7861C5EB0C7F
    2012-09-14 16:07 - 2012-09-14 16:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B8C1A6D6BCA80ED1
    2012-09-14 16:04 - 2012-09-14 16:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B5EB2C4DDFD67A74
    2012-09-14 16:01 - 2012-09-14 16:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.697EE1858786FEF1
    2012-09-14 15:58 - 2012-09-14 15:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA7F32C6B333A3BA
    2012-09-14 15:55 - 2012-09-14 15:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9FF1A5A392DA50FF
    2012-09-14 15:52 - 2012-09-14 15:52 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A982D851EC53D1C4
    2012-09-14 15:50 - 2012-09-14 15:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1BACB5F2125B4CD
    2012-09-14 15:47 - 2012-09-14 15:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E09B0100F2574BF9
    2012-09-14 15:44 - 2012-09-14 15:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3A6A76ED56D4FB5E
    2012-09-14 15:41 - 2012-09-14 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.333D4DDF0132AC12
    2012-09-14 15:38 - 2012-09-14 15:38 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.75EE736F0E4F12CD
    2012-09-14 15:35 - 2012-09-14 15:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.832171E0182D2E7C
    2012-09-14 15:32 - 2012-09-14 15:32 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DE0EF283A355BA3E
    2012-09-14 15:29 - 2012-09-14 15:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9CA19157622A9831
    2012-09-14 15:27 - 2012-09-14 15:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EFDE73A05141798D
    2012-09-14 15:25 - 2012-09-14 15:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B246C14F348C2B94
    2012-09-14 15:23 - 2012-09-14 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4E87B0C5DDB8EABC
    2012-09-14 15:20 - 2012-09-14 15:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6976DD3C928E6370
    2012-09-14 15:18 - 2012-09-14 15:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.368DA1176A9F5B32
    2012-09-14 15:16 - 2012-09-14 15:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.15009F0B9DB39897
    2012-09-14 15:13 - 2012-09-14 15:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A202A9B6D634077F
    2012-09-14 15:10 - 2012-09-14 15:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1D2E2D6E4415AB21
    2012-09-14 15:07 - 2012-09-14 15:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13F5800C54250A6A
    2012-09-14 15:04 - 2012-09-14 15:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA6B3F3CBE5A7024
    2012-09-14 15:01 - 2012-09-14 15:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EA647C4744563A7E
    2012-09-14 14:58 - 2012-09-14 14:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.EE193342C9F62786
    2012-09-14 14:56 - 2012-09-14 14:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.35139C9DF2F0A968
    2012-09-14 14:53 - 2012-09-14 14:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3B5D71C8F4585729
    2012-09-14 14:51 - 2012-09-14 14:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18A3734688A2C3DE
    2012-09-14 14:49 - 2012-09-14 14:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D5CCC3AC55C069FD
    2012-09-14 14:47 - 2012-09-14 14:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.34B7CA9C0FBDFD21
    2012-09-14 14:45 - 2012-09-14 14:45 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.9D87DFA069FF00A1
    2012-09-13 20:42 - 2012-09-13 20:42 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A4BB3CDFD731F04
    2012-09-13 20:40 - 2012-09-13 20:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BCFFA02194B03A62
    2012-09-13 20:35 - 2012-09-13 20:35 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.AA5A1F9C9C5CB69E
    2012-09-13 20:31 - 2012-09-13 20:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8BD0B241259DE8C1
    2012-09-13 20:26 - 2012-09-13 20:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.98078E9915CB4AB2
    2012-09-13 20:22 - 2012-09-13 20:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D912E6385B81B888
    2012-09-13 20:18 - 2012-09-13 20:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.89E2AB594B7822B8
    2012-09-13 20:13 - 2012-09-13 20:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8FF4A81CD5B7A07
    2012-09-13 20:07 - 2012-09-13 20:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.58E8B29002A35027
    2012-09-13 19:57 - 2011-06-27 06:20 - 00743856 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-09-13 19:47 - 2012-07-16 02:06 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForMatt.job
    2012-09-07 19:04 - 2012-09-15 19:08 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-14 21:55 - 2012-08-12 00:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-14 21:55 - 2011-07-06 07:12 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-29 15:49 - 2012-01-16 12:14 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-16 22:08 - 2009-07-13 20:45 - 04996840 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-16 21:45 - 2011-07-16 16:27 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-08 15:05 - 2010-06-02 00:34 - 00191936 ____A C:\Windows\PFRO.log
    2012-07-08 03:11 - 2012-04-15 23:15 - 00052736 __ASH C:\Users\Matt\Downloads\Thumbs.db
    2012-07-01 17:14 - 2012-07-01 17:10 - 00000947 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-06-23 11:07 - 2011-10-02 22:16 - 00001017 ____A C:\Users\Matt\Desktop\Dropbox.lnk

    ZeroAccess:
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\L
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\n
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\U
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\L\00000004.@
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\L\201d3dde

    ZeroAccess:
    C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}
    C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\@
    C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\L
    C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-08-01 19:19:18
    Restore point made on: 2012-08-05 15:06:04
    Restore point made on: 2012-08-08 23:11:22
    Restore point made on: 2012-08-11 23:49:26
    Restore point made on: 2012-08-14 21:57:17
    Restore point made on: 2012-09-11 19:55:54
    Restore point made on: 2012-09-15 18:05:52
    Restore point made on: 2012-09-18 16:31:44

    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 3894.79 MB
    Available physical RAM: 3253.07 MB
    Total Pagefile: 3892.99 MB
    Available Pagefile: 3255.25 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:213.72 GB) (Free:90.78 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:18.87 GB) (Free:3.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    4 Drive g: (GSP1RMCHPXFRER_EN_DVD) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF
    5 Drive h: () (Removable) (Total:3.67 GB) (Free:3.67 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 232 GB 0 B
    Disk 1 Online 3768 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 213 GB 200 MB
    Partition 3 Primary 18 GB 213 GB
    Partition 4 Primary 103 MB 232 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y NTFS Partition 199 MB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 213 GB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 18 GB Healthy

    =========================================================

    Disk: 0
    Partition 4
    Type : 0C
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3767 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 H FAT32 Removable 3767 MB Healthy

    =========================================================

    Last Boot: 2012-09-18 13:30

    ==================== End Of Log =============================






    Farbar Recovery Scan Tool (x64) Version: 15-09-2012 03
    Ran by SYSTEM at 2012-09-18 15:00:15
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2012-09-15 18:02] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    ====== End Of Search ======
  11. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    If the computer asks you to run chkdsk again let it run.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ====================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ============================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    Attached Files:

     
  12. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    I ran all of the listed scans, etc...except MBAM froze up after almost 11 minutes...it did not produce a log file. Should I run again? any way to not have it lock up? Below are all the other log files:


    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-09-2012 03
    Ran by SYSTEM at 2012-09-18 16:00:26 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\System32\services.exe.2CF2218433C9EBD1 moved successfully.
    C:\Windows\System32\services.exe.A6E8FA8A7116FCB3 moved successfully.
    C:\Windows\System32\services.exe.574D2FED12405329 moved successfully.
    C:\Windows\System32\services.exe.1E659A568FE79AC2 moved successfully.
    C:\Windows\System32\Drivers\zaxbajlz.sys moved successfully.
    C:\Windows\System32\services.exe.1D9DBD21EEE2F44C moved successfully.
    C:\Windows\System32\services.exe.0759B65E5B380895 moved successfully.
    C:\Windows\System32\services.exe.804F7D739D0E3E6C moved successfully.
    C:\Windows\System32\Drivers\yhwdsxbc.sys moved successfully.
    C:\Windows\System32\services.exe.AD3850BF523D6CC5 moved successfully.
    C:\Windows\System32\services.exe.CF308DE76FC4D6EA moved successfully.
    C:\Windows\System32\services.exe.AAADE6EE6749F82E moved successfully.
    C:\Windows\System32\services.exe.D1E666E5E2F405D9 moved successfully.
    C:\Windows\System32\services.exe.222AF14A3496F8A0 moved successfully.
    C:\Windows\System32\services.exe.79EB5716305517F4 moved successfully.
    C:\Windows\System32\services.exe.754C821D6BA4EFA7 moved successfully.
    C:\Windows\System32\services.exe.70873B28CE7FB15C moved successfully.
    C:\Windows\System32\services.exe.2AC8207947D4F06B moved successfully.
    C:\Windows\System32\services.exe.AE14A138F0801007 moved successfully.
    C:\Windows\System32\services.exe.30F2A7140767ECAB moved successfully.
    C:\Windows\System32\services.exe.5228D6CB69620000 moved successfully.
    C:\Windows\System32\services.exe.9FB51779269D5756 moved successfully.
    C:\Windows\System32\services.exe.E258EF28E55166F6 moved successfully.
    C:\Windows\System32\services.exe.5A719F01CED0987E moved successfully.
    C:\Windows\System32\services.exe.B2E37289A4741736 moved successfully.
    C:\Windows\System32\services.exe.6542C3ABD0247125 moved successfully.
    C:\Windows\System32\services.exe.8D8FD68EDE8F98A3 moved successfully.
    C:\Windows\System32\services.exe.9FFBA8B7DB91240B moved successfully.
    C:\Windows\System32\services.exe.3F2907C8962DBB4B moved successfully.
    C:\Windows\System32\services.exe.740356A775719DC3 moved successfully.
    C:\Windows\System32\services.exe.F8EA028E7A0CAA79 moved successfully.
    C:\Windows\System32\services.exe.04CB926448C77995 moved successfully.
    C:\Windows\System32\services.exe.B57B9BF74D8A0BBF moved successfully.
    C:\Windows\System32\services.exe.DA8EBE81E880B9EB moved successfully.
    C:\Windows\System32\services.exe.56B8C5FF02D8C8A8 moved successfully.
    C:\Windows\System32\Drivers\eligsisc.sys moved successfully.
    C:\Windows\System32\services.exe.F8A4465B0282CED7 moved successfully.
    C:\Windows\System32\services.exe.117C802430F9C1B8 moved successfully.
    C:\Windows\System32\services.exe.B174A10CC3344FD5 moved successfully.
    C:\Windows\System32\services.exe.9B5991445642DD8F moved successfully.
    C:\Windows\System32\services.exe.FE39EC5A08F85527 moved successfully.
    C:\Windows\System32\services.exe.C619BBF8543D2E24 moved successfully.
    C:\Windows\System32\services.exe.546C6E0DDAA62408 moved successfully.
    C:\Windows\System32\services.exe.5F2315D2761F2005 moved successfully.
    C:\Windows\System32\services.exe.AE9419C2B0822074 moved successfully.
    C:\Windows\System32\services.exe.83B69C58D54A7A9F moved successfully.
    C:\Windows\System32\services.exe.D1D034A50D0E16C4 moved successfully.
    C:\Windows\System32\services.exe.AC77683CF6955FA1 moved successfully.
    C:\Windows\System32\services.exe.630B701F981F6626 moved successfully.
    C:\Windows\System32\services.exe.3A5F1BB510CBD863 moved successfully.
    C:\Windows\System32\services.exe.7CD6652DAE707501 moved successfully.
    C:\Windows\System32\services.exe.95450904950CB7EA moved successfully.
    C:\Windows\System32\services.exe.89C1F7B5DC930D52 moved successfully.
    C:\Windows\System32\services.exe.5DE484705F06A97F moved successfully.
    C:\Windows\System32\services.exe.9AEB0EEAAF9308A4 moved successfully.
    C:\Windows\System32\services.exe.0AE66F48430FA528 moved successfully.
    C:\Windows\System32\services.exe.0CB86DA12FA1DD33 moved successfully.
    C:\Windows\System32\services.exe.F5ECA13333CD8E7E moved successfully.
    C:\Windows\System32\services.exe.417A576AD28691A1 moved successfully.
    C:\Windows\System32\services.exe.CE816E7E1B47CBDD moved successfully.
    C:\Windows\System32\services.exe.114DAAA64E802807 moved successfully.
    C:\Windows\System32\services.exe.B545867A0E9FC83D moved successfully.
    C:\Windows\System32\services.exe.05A56A8C6EF85AC5 moved successfully.
    C:\Windows\System32\services.exe.68A47473D0F5EC48 moved successfully.
    C:\Windows\System32\services.exe.0F99BAE9F25FE272 moved successfully.
    C:\Windows\System32\services.exe.9A72A66CEC784B87 moved successfully.
    C:\Windows\System32\services.exe.DE10058F7161FAF5 moved successfully.
    C:\Windows\System32\services.exe.D05CC8FC970E968E moved successfully.
    C:\Windows\System32\services.exe.749AC79A5ECA3150 moved successfully.
    C:\Windows\System32\services.exe.C7BCF813D8EA5A54 moved successfully.
    C:\Windows\System32\services.exe.A20DC795C63790E1 moved successfully.
    C:\Windows\System32\services.exe.7848194BDEDB2BA0 moved successfully.
    C:\Windows\System32\services.exe.41CB2275546B1F98 moved successfully.
    C:\Windows\System32\services.exe.77081843F7037FA6 moved successfully.
    C:\Windows\System32\services.exe.CBAB9766017CFD0C moved successfully.
    C:\Windows\System32\services.exe.B25CAB5CEC7FF06A moved successfully.
    C:\Windows\System32\services.exe.A283F7B3E3B82F65 moved successfully.
    C:\Windows\System32\services.exe.1E46F1882C8D6D13 moved successfully.
    C:\Windows\System32\services.exe.B3D91F93964BC8A2 moved successfully.
    C:\Windows\System32\services.exe.417EF4BE0EA9F950 moved successfully.
    C:\Windows\System32\services.exe.4AC6FA0BD9F66B23 moved successfully.
    C:\Windows\System32\services.exe.34CB51D3E99E6B56 moved successfully.
    C:\Windows\System32\services.exe.2C60A769437CF17F moved successfully.
    C:\Windows\System32\services.exe.B7E88B7871DBE7C3 moved successfully.
    C:\Windows\System32\services.exe.AAAE3411BD37599F moved successfully.
    C:\Windows\System32\services.exe.FF1F9B0C51D64CE7 moved successfully.
    C:\Windows\System32\services.exe.A9E3AA50494096F7 moved successfully.
    C:\Windows\System32\services.exe.7961972A82C76EAA moved successfully.
    C:\Windows\System32\services.exe.A733698DD99245E3 moved successfully.
    C:\Windows\System32\services.exe.EA72FF5A1CED6B7B moved successfully.
    C:\Windows\System32\services.exe.9927184F49C4A417 moved successfully.
    C:\Windows\System32\services.exe.C966D1AE4A11A9BB moved successfully.
    C:\Windows\System32\services.exe.06C55F4240D49CB1 moved successfully.
    C:\Windows\System32\services.exe.28B4D9F3E0ABBFA3 moved successfully.
    C:\Windows\System32\services.exe.684AAC16B6DDE02E moved successfully.
    C:\Windows\System32\services.exe.70BE5A72D0741C8B moved successfully.
    C:\Windows\System32\services.exe.864E9ECF672E988B moved successfully.
    C:\Windows\System32\services.exe.4AFFDA56B273BFB4 moved successfully.
    C:\Windows\System32\services.exe.66D7F45CF45CF80F moved successfully.
    C:\Windows\System32\services.exe.C44CDCB93CF15A51 moved successfully.
    C:\Windows\System32\services.exe.6F5D1AB621375276 moved successfully.
    C:\Windows\System32\services.exe.42E77FD0A95C9A14 moved successfully.
    C:\Windows\System32\services.exe.BEC23D1C9D4356FF moved successfully.
    C:\Windows\System32\services.exe.51BC1EA67FDD26D6 moved successfully.
    C:\Windows\System32\services.exe.F8575E2A843DBE1B moved successfully.
    C:\Windows\System32\services.exe.EF13C896CF669902 moved successfully.
    C:\Windows\System32\services.exe.A114A4E8714D2F86 moved successfully.
    C:\Windows\System32\services.exe.C13CBE8AD2F3E637 moved successfully.
    C:\Windows\System32\services.exe.73137033AC4A367E moved successfully.
    C:\Windows\System32\services.exe.A64DAE5D9E739E1C moved successfully.
    C:\Windows\System32\services.exe.B6D89A1B9E1284C6 moved successfully.
    C:\Windows\System32\services.exe.C5E12CA08FA6B7E4 moved successfully.
    C:\Windows\System32\services.exe.F32D7F8F1C5FFFEF moved successfully.
    C:\Windows\System32\services.exe.9BB8F7953C81FB41 moved successfully.
    C:\Windows\System32\services.exe.02429F40511502CC moved successfully.
    C:\Windows\System32\services.exe.0323D4DB8D702BC4 moved successfully.
    C:\Windows\System32\services.exe.7165AA3F3AC1CAC4 moved successfully.
    C:\Windows\System32\services.exe.3FF86E912C54ABB6 moved successfully.
    C:\Windows\System32\services.exe.B0436C597D9C689C moved successfully.
    C:\Windows\System32\services.exe.3993ADB4EAC224F0 moved successfully.
    C:\Windows\System32\services.exe.F7FC51080A847C9A moved successfully.
    C:\Windows\System32\services.exe.2CB83777F7C28262 moved successfully.
    C:\Windows\System32\services.exe.8BEDCA8440138B3A moved successfully.
    C:\Windows\System32\services.exe.32A893DE3DBB5703 moved successfully.
    C:\Windows\System32\services.exe.6A17B645688F700A moved successfully.
    C:\Windows\System32\services.exe.9556171E0F869F54 moved successfully.
    C:\Windows\System32\services.exe.3CC899560DF02D81 moved successfully.
    C:\Windows\System32\services.exe.6FCAE241D1A6FD02 moved successfully.
    C:\Windows\System32\services.exe.ACD9265EE5943AB2 moved successfully.
    C:\Windows\System32\services.exe.8388866B0234BDE7 moved successfully.
    C:\Windows\System32\services.exe.3A63C677D708C844 moved successfully.
    C:\Windows\System32\services.exe.439551454AB9CB46 moved successfully.
    C:\Windows\System32\services.exe.357800D38AE4E153 moved successfully.
    C:\Windows\System32\services.exe.6BE7C02698002681 moved successfully.
    C:\Windows\System32\services.exe.479E277A452E07AC moved successfully.
    C:\Windows\System32\services.exe.3052843EB49E2E2D moved successfully.
    C:\Windows\System32\services.exe.A45B9C39CB536A97 moved successfully.
    C:\Windows\System32\services.exe.CC6D05F7127052F5 moved successfully.
    C:\Windows\System32\services.exe.594F419F0075EC5B moved successfully.
    C:\Windows\System32\services.exe.A1CC11DC39A7940A moved successfully.
    C:\Windows\System32\services.exe.3F02A525AE1356CD moved successfully.
    C:\Windows\System32\services.exe.0AB15FBD22AE9E32 moved successfully.
    C:\Windows\System32\services.exe.ABDB4341A51D5B47 moved successfully.
    C:\Windows\System32\services.exe.63991B0D5AAF3968 moved successfully.
    C:\Windows\System32\services.exe.0CD4BB80C2BBCA08 moved successfully.
    C:\Windows\System32\services.exe.3940A9DD80648D19 moved successfully.
    C:\Windows\System32\services.exe.362292EBFE85831C moved successfully.
    C:\Windows\System32\services.exe.0602669B6C727A2B moved successfully.
    C:\Windows\System32\services.exe.70D5604AB2FBE3D8 moved successfully.
    C:\Windows\System32\services.exe.1A8B55BE70214933 moved successfully.
    C:\Windows\System32\services.exe.5ACF7861C5EB0C7F moved successfully.
    C:\Windows\System32\services.exe.B8C1A6D6BCA80ED1 moved successfully.
    C:\Windows\System32\services.exe.B5EB2C4DDFD67A74 moved successfully.
    C:\Windows\System32\services.exe.697EE1858786FEF1 moved successfully.
    C:\Windows\System32\services.exe.EA7F32C6B333A3BA moved successfully.
    C:\Windows\System32\services.exe.9FF1A5A392DA50FF moved successfully.
    C:\Windows\System32\services.exe.A982D851EC53D1C4 moved successfully.
    C:\Windows\System32\services.exe.B1BACB5F2125B4CD moved successfully.
    C:\Windows\System32\services.exe.E09B0100F2574BF9 moved successfully.
    C:\Windows\System32\services.exe.3A6A76ED56D4FB5E moved successfully.
    C:\Windows\System32\services.exe.333D4DDF0132AC12 moved successfully.
    C:\Windows\System32\services.exe.75EE736F0E4F12CD moved successfully.
    C:\Windows\System32\services.exe.832171E0182D2E7C moved successfully.
    C:\Windows\System32\services.exe.DE0EF283A355BA3E moved successfully.
    C:\Windows\System32\services.exe.9CA19157622A9831 moved successfully.
    C:\Windows\System32\services.exe.EFDE73A05141798D moved successfully.
    C:\Windows\System32\services.exe.B246C14F348C2B94 moved successfully.
    C:\Windows\System32\services.exe.4E87B0C5DDB8EABC moved successfully.
    C:\Windows\System32\services.exe.6976DD3C928E6370 moved successfully.
    C:\Windows\System32\services.exe.368DA1176A9F5B32 moved successfully.
    C:\Windows\System32\services.exe.15009F0B9DB39897 moved successfully.
    C:\Windows\System32\services.exe.A202A9B6D634077F moved successfully.
    C:\Windows\System32\services.exe.1D2E2D6E4415AB21 moved successfully.
    C:\Windows\System32\services.exe.13F5800C54250A6A moved successfully.
    C:\Windows\System32\services.exe.AA6B3F3CBE5A7024 moved successfully.
    C:\Windows\System32\services.exe.EA647C4744563A7E moved successfully.
    C:\Windows\System32\services.exe.EE193342C9F62786 moved successfully.
    C:\Windows\System32\services.exe.35139C9DF2F0A968 moved successfully.
    C:\Windows\System32\services.exe.3B5D71C8F4585729 moved successfully.
    C:\Windows\System32\services.exe.18A3734688A2C3DE moved successfully.
    C:\Windows\System32\services.exe.D5CCC3AC55C069FD moved successfully.
    C:\Windows\System32\services.exe.34B7CA9C0FBDFD21 moved successfully.
    C:\Windows\System32\services.exe.9D87DFA069FF00A1 moved successfully.
    C:\Windows\System32\services.exe.1A4BB3CDFD731F04 moved successfully.
    C:\Windows\System32\services.exe.BCFFA02194B03A62 moved successfully.
    C:\Windows\System32\services.exe.AA5A1F9C9C5CB69E moved successfully.
    C:\Windows\System32\services.exe.8BD0B241259DE8C1 moved successfully.
    C:\Windows\System32\services.exe.98078E9915CB4AB2 moved successfully.
    C:\Windows\System32\services.exe.D912E6385B81B888 moved successfully.
    C:\Windows\System32\services.exe.89E2AB594B7822B8 moved successfully.
    C:\Windows\System32\services.exe.E8FF4A81CD5B7A07 moved successfully.
    C:\Windows\System32\services.exe.58E8B29002A35027 moved successfully.
    C:\Windows\Installer\{432e5aed-ab81-6bb4-104f-9bcb347b95e8} moved successfully.
    C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8} moved successfully.

    ==== End of Fixlog ====
  13. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    16:05:38.0185 5860 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    16:05:38.0575 5860 ============================================================
    16:05:38.0575 5860 Current date / time: 2012/09/18 16:05:38.0575
    16:05:38.0575 5860 SystemInfo:
    16:05:38.0575 5860
    16:05:38.0575 5860 OS Version: 6.1.7601 ServicePack: 1.0
    16:05:38.0575 5860 Product type: Workstation
    16:05:38.0575 5860 ComputerName: MATT-LAPTOP
    16:05:38.0575 5860 UserName: Matt
    16:05:38.0575 5860 Windows directory: C:\Windows
    16:05:38.0575 5860 System windows directory: C:\Windows
    16:05:38.0575 5860 Running under WOW64
    16:05:38.0575 5860 Processor architecture: Intel x64
    16:05:38.0575 5860 Number of processors: 4
    16:05:38.0575 5860 Page size: 0x1000
    16:05:38.0575 5860 Boot type: Normal boot
    16:05:38.0575 5860 ============================================================
    16:05:42.0653 5860 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:05:42.0669 5860 Drive \Device\Harddisk1\DR1 - Size: 0xEB800000 (3.68 Gb), SectorSize: 0x200, Cylinders: 0x1E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:05:42.0669 5860 ============================================================
    16:05:42.0669 5860 \Device\Harddisk0\DR0:
    16:05:42.0669 5860 MBR partitions:
    16:05:42.0669 5860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    16:05:42.0669 5860 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AB71800
    16:05:42.0669 5860 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1ABD5800, BlocksNum 0x25BC000
    16:05:42.0669 5860 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
    16:05:42.0669 5860 \Device\Harddisk1\DR1:
    16:05:42.0669 5860 MBR partitions:
    16:05:42.0669 5860 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x75BFE0
    16:05:42.0669 5860 ============================================================
    16:05:42.0685 5860 C: <-> \Device\Harddisk0\DR0\Partition2
    16:05:42.0716 5860 D: <-> \Device\Harddisk0\DR0\Partition3
    16:05:42.0763 5860 E: <-> \Device\Harddisk0\DR0\Partition4
    16:05:42.0763 5860 ============================================================
    16:05:42.0763 5860 Initialize success
    16:05:42.0763 5860 ============================================================
    16:05:53.0264 5316 ============================================================
    16:05:53.0264 5316 Scan started
    16:05:53.0264 5316 Mode: Manual;
    16:05:53.0264 5316 ============================================================
    16:05:53.0694 5316 ================ Scan system memory ========================
    16:05:53.0694 5316 System memory - ok
    16:05:53.0694 5316 ================ Scan services =============================
    16:05:53.0884 5316 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    16:05:53.0914 5316 1394ohci - ok
    16:05:54.0004 5316 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    16:05:54.0054 5316 ac.sharedstore - ok
    16:05:54.0104 5316 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    16:05:54.0124 5316 Accelerometer - ok
    16:05:54.0154 5316 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    16:05:54.0164 5316 ACPI - ok
    16:05:54.0184 5316 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    16:05:54.0194 5316 AcpiPmi - ok
    16:05:54.0324 5316 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:05:54.0324 5316 AdobeFlashPlayerUpdateSvc - ok
    16:05:54.0374 5316 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    16:05:54.0394 5316 adp94xx - ok
    16:05:54.0404 5316 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    16:05:54.0404 5316 adpahci - ok
    16:05:54.0414 5316 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    16:05:54.0424 5316 adpu320 - ok
    16:05:54.0454 5316 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:05:54.0454 5316 AeLookupSvc - ok
    16:05:54.0544 5316 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
    16:05:54.0614 5316 AESTFilters - ok
    16:05:54.0654 5316 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    16:05:54.0684 5316 AFD - ok
    16:05:54.0744 5316 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    16:05:54.0874 5316 AgereSoftModem - ok
    16:05:54.0904 5316 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:05:54.0924 5316 agp440 - ok
    16:05:54.0974 5316 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    16:05:55.0014 5316 ALG - ok
    16:05:55.0024 5316 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    16:05:55.0024 5316 aliide - ok
    16:05:55.0134 5316 ALSysIO - ok
    16:05:55.0154 5316 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    16:05:55.0154 5316 amdide - ok
    16:05:55.0184 5316 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    16:05:55.0214 5316 AmdK8 - ok
    16:05:55.0234 5316 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:05:55.0254 5316 AmdPPM - ok
    16:05:55.0274 5316 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:05:55.0274 5316 amdsata - ok
    16:05:55.0294 5316 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    16:05:55.0294 5316 amdsbs - ok
    16:05:55.0304 5316 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    16:05:55.0304 5316 amdxata - ok
    16:05:55.0334 5316 [ 05F1A0A81A98CF27E3F028213FB6C36A ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    16:05:55.0344 5316 ApfiltrService - ok
    16:05:55.0384 5316 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    16:05:55.0394 5316 AppID - ok
    16:05:55.0444 5316 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:05:55.0464 5316 AppIDSvc - ok
    16:05:55.0484 5316 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    16:05:55.0494 5316 Appinfo - ok
    16:05:55.0494 5316 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    16:05:55.0504 5316 arc - ok
    16:05:55.0504 5316 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    16:05:55.0504 5316 arcsas - ok
    16:05:55.0534 5316 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:05:55.0544 5316 AsyncMac - ok
    16:05:55.0564 5316 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    16:05:55.0564 5316 atapi - ok
    16:05:55.0634 5316 [ 40734F3A5EEC4C4AC6A1FAF10B293714 ] athr C:\Windows\system32\DRIVERS\athrx.sys
    16:05:55.0774 5316 athr - ok
    16:05:55.0854 5316 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:05:55.0944 5316 AudioEndpointBuilder - ok
    16:05:55.0974 5316 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:05:55.0974 5316 AudioSrv - ok
    16:05:55.0984 5316 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:05:56.0014 5316 AxInstSV - ok
    16:05:56.0034 5316 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    16:05:56.0064 5316 b06bdrv - ok
    16:05:56.0114 5316 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:05:56.0144 5316 b57nd60a - ok
    16:05:56.0264 5316 [ 7B6EAAA086DDE01D4C7FF215720987C6 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    16:05:56.0424 5316 BCM43XX - ok
    16:05:56.0464 5316 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:05:56.0494 5316 BDESVC - ok
    16:05:56.0514 5316 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:05:56.0524 5316 Beep - ok
    16:05:56.0564 5316 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    16:05:56.0584 5316 blbdrive - ok
    16:05:56.0604 5316 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:05:56.0624 5316 bowser - ok
    16:05:56.0644 5316 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    16:05:56.0654 5316 BrFiltLo - ok
    16:05:56.0674 5316 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    16:05:56.0684 5316 BrFiltUp - ok
    16:05:56.0714 5316 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    16:05:56.0744 5316 Browser - ok
    16:05:56.0764 5316 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:05:56.0784 5316 Brserid - ok
    16:05:56.0804 5316 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:05:56.0814 5316 BrSerWdm - ok
    16:05:56.0824 5316 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:05:56.0834 5316 BrUsbMdm - ok
    16:05:56.0844 5316 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:05:56.0854 5316 BrUsbSer - ok
    16:05:56.0864 5316 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    16:05:56.0884 5316 BTHMODEM - ok
    16:05:56.0904 5316 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    16:05:56.0934 5316 bthserv - ok
    16:05:56.0954 5316 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:05:56.0964 5316 cdfs - ok
    16:05:56.0994 5316 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:05:57.0004 5316 cdrom - ok
    16:05:57.0024 5316 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    16:05:57.0054 5316 CertPropSvc - ok
    16:05:57.0064 5316 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    16:05:57.0074 5316 circlass - ok
    16:05:57.0094 5316 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:05:57.0104 5316 CLFS - ok
    16:05:57.0174 5316 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:05:57.0234 5316 clr_optimization_v2.0.50727_32 - ok
    16:05:57.0274 5316 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:05:57.0294 5316 clr_optimization_v2.0.50727_64 - ok
    16:05:57.0334 5316 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:05:57.0354 5316 clr_optimization_v4.0.30319_32 - ok
    16:05:57.0384 5316 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:05:57.0384 5316 clr_optimization_v4.0.30319_64 - ok
    16:05:57.0414 5316 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    16:05:57.0434 5316 CmBatt - ok
    16:05:57.0464 5316 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:05:57.0464 5316 cmdide - ok
    16:05:57.0494 5316 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    16:05:57.0504 5316 CNG - ok
    16:05:57.0584 5316 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    16:05:57.0594 5316 Com4QLBEx - ok
    16:05:57.0604 5316 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    16:05:57.0604 5316 Compbatt - ok
    16:05:57.0634 5316 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    16:05:57.0644 5316 CompositeBus - ok
    16:05:57.0644 5316 COMSysApp - ok
    16:05:57.0664 5316 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    16:05:57.0684 5316 crcdisk - ok
    16:05:57.0714 5316 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:05:57.0744 5316 CryptSvc - ok
    16:05:57.0784 5316 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:05:57.0794 5316 DcomLaunch - ok
    16:05:57.0814 5316 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    16:05:57.0844 5316 defragsvc - ok
    16:05:57.0874 5316 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:05:57.0884 5316 DfsC - ok
    16:05:57.0914 5316 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:05:57.0954 5316 Dhcp - ok
    16:05:57.0964 5316 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    16:05:57.0974 5316 discache - ok
    16:05:57.0984 5316 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    16:05:57.0984 5316 Disk - ok
    16:05:58.0054 5316 [ 6CF2EBB115DE91515D620244CC90F847 ] dldoCATSCustConnectService C:\Windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe
    16:05:58.0064 5316 dldoCATSCustConnectService - ok
    16:05:58.0114 5316 dldo_device - ok
    16:05:58.0134 5316 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:05:58.0204 5316 Dnscache - ok
    16:05:58.0234 5316 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    16:05:58.0274 5316 dot3svc - ok
    16:05:58.0324 5316 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    16:05:58.0414 5316 DpHost - ok
    16:05:58.0424 5316 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    16:05:58.0434 5316 DPS - ok
    16:05:58.0464 5316 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:05:58.0474 5316 drmkaud - ok
    16:05:58.0544 5316 [ F9F437B39CC0FCACCE8AC7CE422F537F ] DVMIO C:\SPLASH.SYS\config\dvmio.sys
    16:05:58.0564 5316 DVMIO - ok
    16:05:58.0594 5316 [ 577582D57D90FB64276ACFEE958DBFD3 ] DvmMDES C:\SPLASH.SYS\config\DVMExportService.exe
    16:05:58.0684 5316 DvmMDES - ok
    16:05:58.0724 5316 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:05:58.0744 5316 DXGKrnl - ok
    16:05:58.0794 5316 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:05:58.0824 5316 EapHost - ok
    16:05:58.0914 5316 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    16:05:58.0994 5316 ebdrv - ok
    16:05:59.0034 5316 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    16:05:59.0044 5316 EFS - ok
    16:05:59.0084 5316 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:05:59.0164 5316 ehRecvr - ok
    16:05:59.0184 5316 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:05:59.0224 5316 ehSched - ok
    16:05:59.0244 5316 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    16:05:59.0244 5316 elxstor - ok
    16:05:59.0264 5316 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
    16:05:59.0284 5316 enecir - ok
    16:05:59.0294 5316 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:05:59.0304 5316 ErrDev - ok
    16:05:59.0354 5316 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    16:05:59.0364 5316 EventSystem - ok
    16:05:59.0394 5316 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    16:05:59.0404 5316 exfat - ok
    16:05:59.0424 5316 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:05:59.0444 5316 fastfat - ok
    16:05:59.0484 5316 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    16:05:59.0494 5316 Fax - ok
    16:05:59.0514 5316 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    16:05:59.0524 5316 fdc - ok
    16:05:59.0544 5316 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:05:59.0544 5316 fdPHost - ok
    16:05:59.0554 5316 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:05:59.0574 5316 FDResPub - ok
    16:05:59.0624 5316 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:05:59.0634 5316 FileInfo - ok
    16:05:59.0644 5316 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:05:59.0664 5316 Filetrace - ok
    16:05:59.0684 5316 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    16:05:59.0694 5316 flpydisk - ok
    16:05:59.0754 5316 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:05:59.0774 5316 FltMgr - ok
    16:05:59.0884 5316 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    16:05:59.0914 5316 FontCache - ok
    16:05:59.0944 5316 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:05:59.0954 5316 FontCache3.0.0.0 - ok
    16:05:59.0964 5316 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:05:59.0974 5316 FsDepends - ok
    16:06:00.0034 5316 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    16:06:00.0054 5316 fssfltr - ok
    16:06:00.0254 5316 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    16:06:00.0524 5316 fsssvc - ok
    16:06:00.0554 5316 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:06:00.0554 5316 Fs_Rec - ok
    16:06:00.0574 5316 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:06:00.0574 5316 fvevol - ok
    16:06:00.0604 5316 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    16:06:00.0614 5316 gagp30kx - ok
    16:06:00.0694 5316 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    16:06:00.0784 5316 GameConsoleService - ok
    16:06:00.0824 5316 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    16:06:00.0864 5316 gpsvc - ok
    16:06:00.0884 5316 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:06:00.0894 5316 hcw85cir - ok
    16:06:00.0924 5316 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:06:00.0944 5316 HdAudAddService - ok
    16:06:00.0964 5316 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    16:06:00.0964 5316 HDAudBus - ok
    16:06:00.0994 5316 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    16:06:01.0014 5316 HECIx64 - ok
    16:06:01.0024 5316 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    16:06:01.0034 5316 HidBatt - ok
    16:06:01.0054 5316 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    16:06:01.0074 5316 HidBth - ok
    16:06:01.0094 5316 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    16:06:01.0104 5316 HidIr - ok
    16:06:01.0124 5316 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    16:06:01.0134 5316 hidserv - ok
    16:06:01.0144 5316 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:06:01.0164 5316 HidUsb - ok
    16:06:01.0184 5316 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:06:01.0214 5316 hkmsvc - ok
    16:06:01.0274 5316 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:06:01.0304 5316 HomeGroupListener - ok
    16:06:01.0324 5316 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:06:01.0334 5316 HomeGroupProvider - ok
    16:06:01.0384 5316 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:06:01.0384 5316 HP Support Assistant Service - ok
    16:06:01.0444 5316 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:06:01.0444 5316 HPDrvMntSvc.exe - ok
    16:06:01.0474 5316 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    16:06:01.0484 5316 hpdskflt - ok
    16:06:01.0514 5316 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    16:06:01.0524 5316 HpqKbFiltr - ok
    16:06:01.0554 5316 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    16:06:01.0564 5316 hpqwmiex - ok
    16:06:01.0584 5316 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:06:01.0594 5316 HpSAMD - ok
    16:06:01.0604 5316 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe
    16:06:01.0604 5316 hpsrv - ok
    16:06:01.0684 5316 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:06:01.0734 5316 HTTP - ok
    16:06:01.0774 5316 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:06:01.0784 5316 hwpolicy - ok
    16:06:01.0804 5316 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    16:06:01.0824 5316 i8042prt - ok
    16:06:01.0864 5316 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    16:06:01.0864 5316 iaStor - ok
    16:06:01.0884 5316 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:06:01.0884 5316 iaStorV - ok
    16:06:01.0934 5316 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:06:01.0994 5316 idsvc - ok
    16:06:02.0164 5316 [ 0372C154226F7074CD150F475A4870A6 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    16:06:02.0524 5316 igfx - ok
    16:06:02.0554 5316 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    16:06:02.0554 5316 iirsp - ok
    16:06:02.0584 5316 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    16:06:02.0644 5316 IKEEXT - ok
    16:06:02.0674 5316 [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    16:06:02.0694 5316 Impcd - ok
    16:06:02.0724 5316 [ 49072EDBC5C2F964917D1B585C90ED0A ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    16:06:02.0744 5316 IntcDAud - ok
    16:06:02.0754 5316 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    16:06:02.0754 5316 intelide - ok
    16:06:02.0774 5316 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    16:06:02.0774 5316 intelppm - ok
    16:06:02.0814 5316 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:06:02.0844 5316 IPBusEnum - ok
    16:06:02.0864 5316 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:06:02.0884 5316 IpFilterDriver - ok
    16:06:02.0904 5316 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:06:02.0924 5316 IPMIDRV - ok
    16:06:02.0944 5316 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:06:02.0954 5316 IPNAT - ok
    16:06:02.0974 5316 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:06:02.0984 5316 IRENUM - ok
    16:06:03.0014 5316 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:06:03.0014 5316 isapnp - ok
    16:06:03.0044 5316 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:06:03.0074 5316 iScsiPrt - ok
    16:06:03.0114 5316 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:06:03.0134 5316 kbdclass - ok
    16:06:03.0144 5316 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    16:06:03.0164 5316 kbdhid - ok
    16:06:03.0174 5316 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    16:06:03.0174 5316 KeyIso - ok
    16:06:03.0204 5316 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:06:03.0204 5316 KSecDD - ok
    16:06:03.0224 5316 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:06:03.0224 5316 KSecPkg - ok
    16:06:03.0234 5316 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:06:03.0244 5316 ksthunk - ok
    16:06:03.0284 5316 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:06:03.0314 5316 KtmRm - ok
    16:06:03.0344 5316 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:06:03.0394 5316 LanmanServer - ok
    16:06:03.0414 5316 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:06:03.0454 5316 LanmanWorkstation - ok
    16:06:03.0474 5316 libusb0 - ok
    16:06:03.0534 5316 [ 0EE66BDF485C6828AA65C0EF5D591133 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    16:06:03.0594 5316 LightScribeService - ok
    16:06:03.0624 5316 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:06:03.0634 5316 lltdio - ok
    16:06:03.0664 5316 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:06:03.0694 5316 lltdsvc - ok
    16:06:03.0714 5316 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:06:03.0734 5316 lmhosts - ok
    16:06:03.0804 5316 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    16:06:03.0804 5316 LMS - ok
    16:06:03.0829 5316 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    16:06:03.0829 5316 LSI_FC - ok
    16:06:03.0861 5316 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    16:06:03.0861 5316 LSI_SAS - ok
    16:06:03.0876 5316 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    16:06:03.0876 5316 LSI_SAS2 - ok
    16:06:03.0892 5316 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    16:06:03.0892 5316 LSI_SCSI - ok
    16:06:03.0907 5316 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    16:06:03.0939 5316 luafv - ok
    16:06:04.0001 5316 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    16:06:04.0001 5316 MBAMProtector - ok
    16:06:04.0048 5316 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    16:06:04.0048 5316 MBAMScheduler - ok
    16:06:04.0095 5316 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    16:06:04.0110 5316 MBAMService - ok
    16:06:04.0157 5316 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    16:06:04.0173 5316 mcdbus - ok
    16:06:04.0219 5316 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:06:04.0235 5316 Mcx2Svc - ok
    16:06:04.0251 5316 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    16:06:04.0266 5316 megasas - ok
    16:06:04.0266 5316 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    16:06:04.0282 5316 MegaSR - ok
    16:06:04.0344 5316 Microsoft SharePoint Workspace Audit Service - ok
    16:06:04.0375 5316 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    16:06:04.0407 5316 MMCSS - ok
    16:06:04.0422 5316 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:06:04.0438 5316 Modem - ok
    16:06:04.0453 5316 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:06:04.0469 5316 monitor - ok
    16:06:04.0485 5316 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:06:04.0500 5316 mouclass - ok
    16:06:04.0516 5316 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:06:04.0531 5316 mouhid - ok
    16:06:04.0563 5316 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:06:04.0563 5316 mountmgr - ok
    16:06:04.0609 5316 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:06:04.0687 5316 MozillaMaintenance - ok
    16:06:04.0743 5316 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    16:06:04.0743 5316 MpFilter - ok
    16:06:04.0763 5316 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:06:04.0773 5316 mpio - ok
    16:06:04.0793 5316 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:06:04.0803 5316 mpsdrv - ok
    16:06:04.0833 5316 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:06:04.0853 5316 MRxDAV - ok
    16:06:04.0873 5316 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:06:04.0893 5316 mrxsmb - ok
    16:06:04.0933 5316 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:06:04.0953 5316 mrxsmb10 - ok
    16:06:04.0973 5316 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:06:04.0993 5316 mrxsmb20 - ok
    16:06:05.0003 5316 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    16:06:05.0013 5316 msahci - ok
    16:06:05.0033 5316 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:06:05.0033 5316 msdsm - ok
    16:06:05.0063 5316 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:06:05.0093 5316 MSDTC - ok
    16:06:05.0113 5316 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:06:05.0123 5316 Msfs - ok
    16:06:05.0133 5316 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:06:05.0143 5316 mshidkmdf - ok
    16:06:05.0173 5316 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:06:05.0173 5316 msisadrv - ok
    16:06:05.0203 5316 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:06:05.0223 5316 MSiSCSI - ok
    16:06:05.0233 5316 msiserver - ok
    16:06:05.0253 5316 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:06:05.0263 5316 MSKSSRV - ok
    16:06:05.0343 5316 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    16:06:05.0343 5316 MsMpSvc - ok
    16:06:05.0353 5316 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
  14. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    16:06:05.0373 5316 MSPCLOCK - ok
    16:06:05.0383 5316 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:06:05.0393 5316 MSPQM - ok
    16:06:05.0423 5316 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:06:05.0433 5316 MsRPC - ok
    16:06:05.0443 5316 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:06:05.0453 5316 mssmbios - ok
    16:06:05.0463 5316 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:06:05.0473 5316 MSTEE - ok
    16:06:05.0483 5316 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    16:06:05.0493 5316 MTConfig - ok
    16:06:05.0513 5316 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:06:05.0513 5316 Mup - ok
    16:06:05.0543 5316 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    16:06:05.0553 5316 napagent - ok
    16:06:05.0573 5316 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:06:05.0593 5316 NativeWifiP - ok
    16:06:05.0613 5316 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:06:05.0633 5316 NDIS - ok
    16:06:05.0653 5316 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:06:05.0663 5316 NdisCap - ok
    16:06:05.0683 5316 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:06:05.0703 5316 NdisTapi - ok
    16:06:05.0723 5316 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:06:05.0733 5316 Ndisuio - ok
    16:06:05.0763 5316 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:06:05.0783 5316 NdisWan - ok
    16:06:05.0813 5316 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:06:05.0833 5316 NDProxy - ok
    16:06:05.0853 5316 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:06:05.0863 5316 NetBIOS - ok
    16:06:05.0893 5316 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:06:05.0913 5316 NetBT - ok
    16:06:05.0923 5316 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    16:06:05.0933 5316 Netlogon - ok
    16:06:05.0963 5316 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    16:06:05.0973 5316 Netman - ok
    16:06:06.0003 5316 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    16:06:06.0013 5316 netprofm - ok
    16:06:06.0043 5316 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    16:06:06.0083 5316 NetTcpPortSharing - ok
    16:06:06.0213 5316 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    16:06:06.0473 5316 netw5v64 - ok
    16:06:06.0503 5316 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    16:06:06.0503 5316 nfrd960 - ok
    16:06:06.0533 5316 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    16:06:06.0553 5316 NisDrv - ok
    16:06:06.0583 5316 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    16:06:06.0633 5316 NisSrv - ok
    16:06:06.0653 5316 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:06:06.0693 5316 NlaSvc - ok
    16:06:06.0723 5316 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:06:06.0733 5316 Npfs - ok
    16:06:06.0753 5316 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:06:06.0763 5316 nsi - ok
    16:06:06.0779 5316 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:06:06.0794 5316 nsiproxy - ok
    16:06:06.0857 5316 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:06:06.0888 5316 Ntfs - ok
    16:06:06.0903 5316 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    16:06:06.0903 5316 Null - ok
    16:06:06.0919 5316 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:06:06.0935 5316 nvraid - ok
    16:06:06.0966 5316 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:06:06.0966 5316 nvstor - ok
    16:06:06.0996 5316 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:06:07.0016 5316 nv_agp - ok
    16:06:07.0046 5316 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:06:07.0056 5316 ohci1394 - ok
    16:06:07.0106 5316 [ 4965B005492CBA7719E82B71E3245495 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:06:07.0176 5316 ose64 - ok
    16:06:07.0316 5316 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:06:07.0426 5316 osppsvc - ok
    16:06:07.0466 5316 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:06:07.0496 5316 p2pimsvc - ok
    16:06:07.0516 5316 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:06:07.0546 5316 p2psvc - ok
    16:06:07.0566 5316 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    16:06:07.0586 5316 Parport - ok
    16:06:07.0606 5316 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:06:07.0616 5316 partmgr - ok
    16:06:07.0636 5316 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:06:07.0666 5316 PcaSvc - ok
    16:06:07.0686 5316 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    16:06:07.0686 5316 pci - ok
    16:06:07.0716 5316 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    16:06:07.0716 5316 pciide - ok
    16:06:07.0736 5316 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    16:06:07.0756 5316 pcmcia - ok
    16:06:07.0766 5316 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:06:07.0766 5316 pcw - ok
    16:06:07.0786 5316 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:06:07.0816 5316 PEAUTH - ok
    16:06:07.0886 5316 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:06:07.0916 5316 PerfHost - ok
    16:06:07.0986 5316 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    16:06:08.0076 5316 pla - ok
    16:06:08.0106 5316 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:06:08.0146 5316 PlugPlay - ok
    16:06:08.0156 5316 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:06:08.0186 5316 PNRPAutoReg - ok
    16:06:08.0206 5316 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:06:08.0206 5316 PNRPsvc - ok
    16:06:08.0226 5316 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:06:08.0256 5316 PolicyAgent - ok
    16:06:08.0276 5316 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    16:06:08.0316 5316 Power - ok
    16:06:08.0336 5316 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:06:08.0356 5316 PptpMiniport - ok
    16:06:08.0376 5316 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    16:06:08.0386 5316 Processor - ok
    16:06:08.0416 5316 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:06:08.0446 5316 ProfSvc - ok
    16:06:08.0466 5316 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:06:08.0466 5316 ProtectedStorage - ok
    16:06:08.0506 5316 [ 64E413BA0C529AA40C3924BBCC4153DB ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
    16:06:08.0506 5316 ProtexisLicensing - ok
    16:06:08.0536 5316 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:06:08.0556 5316 Psched - ok
    16:06:08.0626 5316 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    16:06:08.0656 5316 ql2300 - ok
    16:06:08.0676 5316 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    16:06:08.0676 5316 ql40xx - ok
    16:06:08.0716 5316 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:06:08.0746 5316 QWAVE - ok
    16:06:08.0756 5316 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:06:08.0776 5316 QWAVEdrv - ok
    16:06:08.0796 5316 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:06:08.0806 5316 RasAcd - ok
    16:06:08.0826 5316 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:06:08.0846 5316 RasAgileVpn - ok
    16:06:08.0856 5316 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:06:08.0886 5316 RasAuto - ok
    16:06:08.0906 5316 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:06:08.0916 5316 Rasl2tp - ok
    16:06:08.0936 5316 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    16:06:08.0966 5316 RasMan - ok
    16:06:08.0986 5316 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:06:08.0996 5316 RasPppoe - ok
    16:06:09.0006 5316 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:06:09.0016 5316 RasSstp - ok
    16:06:09.0046 5316 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:06:09.0076 5316 rdbss - ok
    16:06:09.0096 5316 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    16:06:09.0106 5316 rdpbus - ok
    16:06:09.0116 5316 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:06:09.0126 5316 RDPCDD - ok
    16:06:09.0146 5316 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:06:09.0156 5316 RDPENCDD - ok
    16:06:09.0166 5316 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:06:09.0176 5316 RDPREFMP - ok
    16:06:09.0216 5316 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:06:09.0236 5316 RDPWD - ok
    16:06:09.0256 5316 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:06:09.0266 5316 rdyboost - ok
    16:06:09.0276 5316 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:06:09.0296 5316 RemoteAccess - ok
    16:06:09.0316 5316 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:06:09.0336 5316 RemoteRegistry - ok
    16:06:09.0406 5316 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    16:06:09.0406 5316 RichVideo - ok
    16:06:09.0436 5316 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:06:09.0466 5316 RpcEptMapper - ok
    16:06:09.0486 5316 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    16:06:09.0506 5316 RpcLocator - ok
    16:06:09.0526 5316 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:06:09.0536 5316 RpcSs - ok
    16:06:09.0566 5316 [ 48C4D7895B5B6A655CA9F8C480DB293B ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
    16:06:09.0566 5316 RSPCIESTOR - ok
    16:06:09.0596 5316 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:06:09.0606 5316 rspndr - ok
    16:06:09.0636 5316 [ 9AA2048CAB0B57DC408BB119AD52F70D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    16:06:09.0656 5316 RSUSBSTOR - ok
    16:06:09.0676 5316 [ 365ED58B47B46DE8B1C5FA759B6FCD6E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:06:09.0696 5316 RTL8167 - ok
    16:06:09.0696 5316 RTSTOR - ok
    16:06:09.0736 5316 [ 8D9D16F3A38D54ADDD350605A0A2ABA6 ] S3XXx64 C:\Windows\system32\DRIVERS\S3XXx64.sys
    16:06:09.0756 5316 S3XXx64 - ok
    16:06:09.0776 5316 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    16:06:09.0776 5316 SamSs - ok
    16:06:09.0806 5316 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:06:09.0806 5316 sbp2port - ok
    16:06:09.0836 5316 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:06:09.0876 5316 SCardSvr - ok
    16:06:09.0906 5316 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:06:09.0916 5316 scfilter - ok
    16:06:09.0956 5316 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    16:06:10.0016 5316 Schedule - ok
    16:06:10.0056 5316 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:06:10.0056 5316 SCPolicySvc - ok
    16:06:10.0066 5316 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    16:06:10.0086 5316 sdbus - ok
    16:06:10.0116 5316 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:06:10.0146 5316 SDRSVC - ok
    16:06:10.0196 5316 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:06:10.0196 5316 secdrv - ok
    16:06:10.0216 5316 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    16:06:10.0246 5316 seclogon - ok
    16:06:10.0296 5316 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    16:06:10.0296 5316 SENS - ok
    16:06:10.0316 5316 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:06:10.0346 5316 SensrSvc - ok
    16:06:10.0366 5316 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    16:06:10.0386 5316 Serenum - ok
    16:06:10.0416 5316 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    16:06:10.0436 5316 Serial - ok
    16:06:10.0456 5316 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    16:06:10.0466 5316 sermouse - ok
    16:06:10.0506 5316 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:06:10.0526 5316 SessionEnv - ok
    16:06:10.0546 5316 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:06:10.0556 5316 sffdisk - ok
    16:06:10.0566 5316 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:06:10.0576 5316 sffp_mmc - ok
    16:06:10.0596 5316 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:06:10.0606 5316 sffp_sd - ok
    16:06:10.0616 5316 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    16:06:10.0626 5316 sfloppy - ok
    16:06:10.0666 5316 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:06:10.0706 5316 ShellHWDetection - ok
    16:06:10.0716 5316 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    16:06:10.0716 5316 SiSRaid2 - ok
    16:06:10.0726 5316 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    16:06:10.0736 5316 SiSRaid4 - ok
    16:06:10.0756 5316 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:06:10.0766 5316 Smb - ok
    16:06:10.0796 5316 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:06:10.0816 5316 SNMPTRAP - ok
    16:06:10.0836 5316 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:06:10.0836 5316 spldr - ok
    16:06:10.0856 5316 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    16:06:10.0916 5316 Spooler - ok
    16:06:11.0016 5316 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    16:06:11.0126 5316 sppsvc - ok
    16:06:11.0166 5316 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:06:11.0196 5316 sppuinotify - ok
    16:06:11.0276 5316 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:06:11.0316 5316 srv - ok
    16:06:11.0346 5316 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:06:11.0376 5316 srv2 - ok
    16:06:11.0406 5316 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    16:06:11.0446 5316 SrvHsfHDA - ok
    16:06:11.0486 5316 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    16:06:11.0566 5316 SrvHsfV92 - ok
    16:06:11.0586 5316 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    16:06:11.0646 5316 SrvHsfWinac - ok
    16:06:11.0666 5316 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:06:11.0696 5316 srvnet - ok
    16:06:11.0736 5316 [ 866F8212EF7E75BAC8BCA03331E30CB4 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    16:06:11.0756 5316 ssadbus - ok
    16:06:11.0786 5316 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:06:11.0786 5316 SSDPSRV - ok
    16:06:11.0806 5316 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:06:11.0826 5316 SstpSvc - ok
    16:06:11.0926 5316 [ 57BEB4500716DD30B65DFA85A35CC3D7 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
    16:06:12.0006 5316 STacSV - ok
    16:06:12.0056 5316 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    16:06:12.0056 5316 stexstor - ok
    16:06:12.0096 5316 [ 1FEDF8D130CE221521B9BAD6703B92DE ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    16:06:12.0126 5316 STHDA - ok
    16:06:12.0166 5316 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    16:06:12.0176 5316 StillCam - ok
    16:06:12.0226 5316 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:06:12.0246 5316 stisvc - ok
    16:06:12.0276 5316 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:06:12.0286 5316 swenum - ok
    16:06:12.0376 5316 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    16:06:12.0376 5316 SwitchBoard - ok
    16:06:12.0446 5316 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    16:06:12.0526 5316 swprv - ok
    16:06:12.0786 5316 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    16:06:12.0826 5316 SysMain - ok
    16:06:12.0846 5316 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:06:12.0866 5316 TabletInputService - ok
    16:06:12.0906 5316 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:06:12.0936 5316 TapiSrv - ok
    16:06:12.0956 5316 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    16:06:12.0986 5316 TBS - ok
    16:06:13.0036 5316 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:06:13.0086 5316 Tcpip - ok
    16:06:13.0126 5316 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:06:13.0136 5316 TCPIP6 - ok
    16:06:13.0156 5316 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:06:13.0156 5316 tcpipreg - ok
    16:06:13.0186 5316 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:06:13.0186 5316 TDPIPE - ok
    16:06:13.0216 5316 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:06:13.0226 5316 TDTCP - ok
    16:06:13.0246 5316 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:06:13.0266 5316 tdx - ok
    16:06:13.0286 5316 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:06:13.0306 5316 TermDD - ok
    16:06:13.0326 5316 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    16:06:13.0376 5316 TermService - ok
    16:06:13.0396 5316 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    16:06:13.0426 5316 Themes - ok
    16:06:13.0446 5316 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    16:06:13.0446 5316 THREADORDER - ok
    16:06:13.0466 5316 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    16:06:13.0466 5316 TrkWks - ok
    16:06:13.0516 5316 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:06:13.0546 5316 TrustedInstaller - ok
    16:06:13.0566 5316 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:06:13.0576 5316 tssecsrv - ok
    16:06:13.0616 5316 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:06:13.0626 5316 TsUsbFlt - ok
    16:06:13.0656 5316 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:06:13.0676 5316 tunnel - ok
    16:06:13.0706 5316 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    16:06:13.0716 5316 uagp35 - ok
    16:06:13.0756 5316 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:06:13.0776 5316 udfs - ok
    16:06:13.0796 5316 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:06:13.0816 5316 UI0Detect - ok
    16:06:13.0846 5316 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:06:13.0866 5316 uliagpkx - ok
    16:06:13.0896 5316 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    16:06:13.0906 5316 umbus - ok
    16:06:13.0936 5316 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    16:06:13.0946 5316 UmPass - ok
    16:06:14.0086 5316 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    16:06:14.0106 5316 UNS - ok
    16:06:14.0146 5316 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    16:06:14.0186 5316 upnphost - ok
    16:06:14.0196 5316 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:06:14.0216 5316 usbccgp - ok
    16:06:14.0246 5316 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:06:14.0266 5316 usbcir - ok
    16:06:14.0296 5316 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    16:06:14.0306 5316 usbehci - ok
    16:06:14.0356 5316 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:06:14.0376 5316 usbhub - ok
    16:06:14.0406 5316 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:06:14.0416 5316 usbohci - ok
    16:06:14.0446 5316 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:06:14.0456 5316 usbprint - ok
    16:06:14.0526 5316 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    16:06:14.0546 5316 usbscan - ok
    16:06:14.0556 5316 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:06:14.0576 5316 USBSTOR - ok
    16:06:14.0596 5316 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:06:14.0606 5316 usbuhci - ok
    16:06:14.0626 5316 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    16:06:14.0646 5316 usbvideo - ok
    16:06:14.0696 5316 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    16:06:14.0726 5316 UxSms - ok
    16:06:14.0746 5316 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:06:14.0756 5316 VaultSvc - ok
    16:06:14.0846 5316 [ BDB28D602E63DE51C252996290EC0CA4 ] vcsFPService C:\Windows\system32\vcsFPService.exe
    16:06:14.0896 5316 vcsFPService - ok
    16:06:14.0906 5316 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:06:14.0906 5316 vdrvroot - ok
    16:06:14.0966 5316 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    16:06:15.0016 5316 vds - ok
    16:06:15.0046 5316 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:06:15.0056 5316 vga - ok
    16:06:15.0076 5316 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:06:15.0086 5316 VgaSave - ok
    16:06:15.0126 5316 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:06:15.0146 5316 vhdmp - ok
    16:06:15.0176 5316 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:06:15.0176 5316 viaide - ok
    16:06:15.0206 5316 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:06:15.0206 5316 volmgr - ok
    16:06:15.0236 5316 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:06:15.0246 5316 volmgrx - ok
    16:06:15.0256 5316 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:06:15.0266 5316 volsnap - ok
    16:06:15.0286 5316 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    16:06:15.0286 5316 vsmraid - ok
    16:06:15.0326 5316 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    16:06:15.0426 5316 VSS - ok
    16:06:15.0456 5316 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:06:15.0466 5316 vwifibus - ok
    16:06:15.0476 5316 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:06:15.0486 5316 vwififlt - ok
    16:06:15.0516 5316 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    16:06:15.0546 5316 W32Time - ok
    16:06:15.0566 5316 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    16:06:15.0586 5316 WacomPen - ok
    16:06:15.0596 5316 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:06:15.0616 5316 WANARP - ok
    16:06:15.0616 5316 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:06:15.0616 5316 Wanarpv6 - ok
    16:06:15.0676 5316 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:06:15.0985 5316 WatAdminSvc - ok
    16:06:16.0032 5316 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    16:06:16.0235 5316 wbengine - ok
    16:06:16.0266 5316 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:06:16.0297 5316 WbioSrvc - ok
    16:06:16.0359 5316 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:06:16.0375 5316 wcncsvc - ok
    16:06:16.0391 5316 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:06:16.0422 5316 WcsPlugInService - ok
    16:06:16.0453 5316 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    16:06:16.0453 5316 Wd - ok
    16:06:16.0484 5316 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    16:06:16.0500 5316 WDC_SAM - ok
    16:06:16.0515 5316 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:06:16.0531 5316 Wdf01000 - ok
    16:06:16.0547 5316 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:06:16.0547 5316 WdiServiceHost - ok
    16:06:16.0562 5316 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:06:16.0562 5316 WdiSystemHost - ok
    16:06:16.0578 5316 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:06:16.0609 5316 WebClient - ok
    16:06:16.0625 5316 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:06:16.0656 5316 Wecsvc - ok
    16:06:16.0656 5316 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:06:16.0687 5316 wercplsupport - ok
    16:06:16.0687 5316 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:06:16.0703 5316 WerSvc - ok
    16:06:16.0703 5316 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:06:16.0718 5316 WfpLwf - ok
    16:06:16.0734 5316 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:06:16.0749 5316 WIMMount - ok
    16:06:16.0749 5316 WinHttpAutoProxySvc - ok
    16:06:16.0812 5316 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:06:16.0812 5316 Winmgmt - ok
    16:06:16.0874 5316 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    16:06:16.0999 5316 WinRM - ok
    16:06:17.0030 5316 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    16:06:17.0046 5316 WinUSB - ok
    16:06:17.0096 5316 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:06:17.0176 5316 Wlansvc - ok
    16:06:17.0256 5316 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:06:17.0296 5316 wlcrasvc - ok
    16:06:17.0396 5316 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:06:17.0446 5316 wlidsvc - ok
    16:06:17.0476 5316 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:06:17.0476 5316 WmiAcpi - ok
    16:06:17.0536 5316 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:06:17.0556 5316 wmiApSrv - ok
    16:06:17.0596 5316 WMPNetworkSvc - ok
    16:06:17.0616 5316 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:06:17.0636 5316 WPCSvc - ok
    16:06:17.0676 5316 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:06:17.0676 5316 WPDBusEnum - ok
    16:06:17.0706 5316 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:06:17.0716 5316 ws2ifsl - ok
    16:06:17.0776 5316 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    16:06:17.0786 5316 WSDPrintDevice - ok
    16:06:17.0796 5316 WSearch - ok
    16:06:17.0816 5316 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:06:17.0836 5316 WudfPf - ok
    16:06:17.0866 5316 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:06:17.0866 5316 WUDFRd - ok
    16:06:17.0896 5316 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:06:17.0926 5316 wudfsvc - ok
    16:06:17.0986 5316 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:06:18.0006 5316 WwanSvc - ok
    16:06:18.0086 5316 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    16:06:18.0116 5316 yukonw7 - ok
    16:06:18.0156 5316 ================ Scan global ===============================
    16:06:18.0186 5316 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    16:06:18.0226 5316 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:06:18.0276 5316 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    16:06:18.0296 5316 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    16:06:18.0426 5316 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    16:06:18.0476 5316 [Global] - ok
    16:06:18.0476 5316 ================ Scan MBR ==================================
    16:06:18.0496 5316 [ 6D06FBACF20C1175BDA3AB8CE42A2436 ] \Device\Harddisk0\DR0
    16:06:18.0776 5316 \Device\Harddisk0\DR0 - ok
    16:06:18.0786 5316 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    16:06:21.0404 5316 \Device\Harddisk1\DR1 - ok
    16:06:21.0419 5316 ================ Scan VBR ==================================
    16:06:21.0419 5316 [ 986712BF4D406074D90307606EFD596F ] \Device\Harddisk0\DR0\Partition1
    16:06:21.0435 5316 \Device\Harddisk0\DR0\Partition1 - ok
    16:06:21.0435 5316 [ 36A17230E8DCEB31C73152E497FB1C64 ] \Device\Harddisk0\DR0\Partition2
    16:06:21.0435 5316 \Device\Harddisk0\DR0\Partition2 - ok
    16:06:21.0466 5316 [ 972EBFB9FB0D949F0054526BBFEA0CFB ] \Device\Harddisk0\DR0\Partition3
    16:06:21.0482 5316 \Device\Harddisk0\DR0\Partition3 - ok
    16:06:21.0497 5316 [ BB85DC05C753D71D6100C76D28CD7741 ] \Device\Harddisk0\DR0\Partition4
    16:06:21.0497 5316 \Device\Harddisk0\DR0\Partition4 - ok
    16:06:21.0513 5316 [ 0A63D866B81AD1EF21DEC6BA7D38B0BD ] \Device\Harddisk1\DR1\Partition1
    16:06:21.0513 5316 \Device\Harddisk1\DR1\Partition1 - ok
    16:06:21.0513 5316 ============================================================
    16:06:21.0513 5316 Scan finished
    16:06:21.0513 5316 ============================================================
    16:06:21.0529 5192 Detected object count: 0
    16:06:21.0529 5192 Actual detected object count: 0
    16:09:54.0138 5680 Deinitialize success
  15. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    ***Rogue Killer made 2 log files....or else I screwed something up...***

    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Scan -- Date : 09/18/2012 16:20:21

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\n.) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9250410AS +++++
    --- User ---
    [MBR] 8920f08fcd46fb0ae54136dcaa38c4ca
    [BSP] 164e0f556b18c53c31b88562bdd361eb : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 218851 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 448616448 | Size: 19320 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: FLASH Drive SM_USB20 USB Device +++++
    --- User ---
    [MBR] 336ebdaf271ea27fbe7d8e4f9f5c53e5
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3767 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt


    RogueKiller V8.0.3 [09/13/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Matt [Admin rights]
    Mode : Remove -- Date : 09/18/2012 16:20:47

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 3 ¤¤¤
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Matt\AppData\Local\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 activate.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9250410AS +++++
    --- User ---
    [MBR] 8920f08fcd46fb0ae54136dcaa38c4ca
    [BSP] 164e0f556b18c53c31b88562bdd361eb : Windows Vista/7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 218851 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 448616448 | Size: 19320 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: FLASH Drive SM_USB20 USB Device +++++
    --- User ---
    [MBR] 336ebdaf271ea27fbe7d8e4f9f5c53e5
    [BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3767 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  16. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-18 16:41:27
    -----------------------------
    16:41:27.852 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:41:27.852 Number of processors: 4 586 0x2502
    16:41:27.852 ComputerName: MATT-LAPTOP UserName: Matt
    16:41:30.673 Initialize success
    16:43:11.959 AVAST engine defs: 12091400
    16:44:12.520 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    16:44:12.520 Disk 0 Vendor: ST925041 0006 Size: 238475MB BusType: 3
    16:44:12.535 Disk 0 MBR read successfully
    16:44:12.535 Disk 0 MBR scan
    16:44:12.566 Disk 0 unknown MBR code
    16:44:12.566 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    16:44:12.644 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 218851 MB offset 409600
    16:44:12.722 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19320 MB offset 448616448
    16:44:12.816 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    16:44:13.003 Disk 0 scanning C:\Windows\system32\drivers
    16:44:30.876 Service scanning
    16:45:03.740 Modules scanning
    16:45:03.756 Disk 0 trace - called modules:
    16:45:03.771 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
    16:45:03.787 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005845060]
    16:45:03.787 3 CLASSPNP.SYS[fffff880010a543f] -> nt!IofCallDriver -> [0xfffffa80056dda50]
    16:45:03.787 5 hpdskflt.sys[fffff880023de289] -> nt!IofCallDriver -> [0xfffffa8004a4d5a0]
    16:45:03.802 7 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a4e050]
    16:45:04.894 AVAST engine scan C:\Windows
    16:45:13.011 AVAST engine scan C:\Windows\system32
    16:51:19.286 AVAST engine scan C:\Windows\system32\drivers
    16:51:36.976 AVAST engine scan C:\Users\Matt
    16:56:23.121 File: C:\Users\Matt\AppData\Local\Temp\cnxesrmoaw.exe **INFECTED** Win32:Malware-gen
    17:04:16.420 AVAST engine scan C:\ProgramData
    17:11:05.891 Scan finished successfully
    17:11:31.679 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
    17:11:31.759 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
  17. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    Go ahead and retry MBAM
  18. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    MBAM Successful...log below; MSE is amber again (potential threat detected), but I have not done anything with it yet.

    Malwarebytes Anti-Malware (Trial) 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Matt :: MATT-LAPTOP [administrator]

    Protection: Enabled

    9/18/2012 5:50:16 PM
    mbam-log-2012-09-18 (17-50-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201403
    Time elapsed: 23 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  19. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    What's the threat name and location?

    Any current issues?

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    The threat is...
    Detected Items-
    Adware:MSIL/SanctionedMedia
    Items: C:\Users\Matt\AppData\Local\Temp\cnxesrmoaw.exe

    Current Issues...seemingly running very slow with occassional significant pauses and freezes.


    OTL logfile created on: 9/19/2012 1:57:18 PM - Run 1
    OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Matt\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 62.23% Memory free
    7.61 Gb Paging File | 6.00 Gb Available in Paging File | 78.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 213.72 Gb Total Space | 89.74 Gb Free Space | 41.99% Space Free | Partition Type: NTFS
    Drive D: | 18.87 Gb Total Space | 3.04 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 95.07 Mb Free Space | 95.86% Space Free | Partition Type: FAT32
    Drive G: | 3.67 Gb Total Space | 3.67 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

    Computer Name: MATT-LAPTOP | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/19 13:54:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/05/24 08:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/01/03 03:10:50 | 000,815,512 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2011/10/07 20:56:17 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2010/11/08 19:10:06 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
    PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    PRC - [2009/10/05 20:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/09/30 18:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/09/30 18:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2009/07/08 16:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) -- C:\SPLASH.SYS\config\DVMExportService.exe
    PRC - [2007/10/05 03:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
    PRC - [2007/10/05 03:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
    PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/07 20:56:11 | 000,061,496 | ---- | M] () -- C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
    MOD - [2009/10/05 20:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2007/10/05 03:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
    MOD - [2007/10/05 03:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
    MOD - [2007/09/06 10:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldoscw.dll
    MOD - [2007/07/31 22:15:51 | 000,077,906 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldocfg.dll
    MOD - [2007/05/03 05:39:31 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\dldodatr.dll
    MOD - [2007/04/09 03:16:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Dell 968 AIO Printer\DLDOptp.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/01/07 10:09:00 | 001,926,448 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
    SRV:64bit: - [2009/10/20 21:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2009/07/08 10:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
    SRV:64bit: - [2009/06/03 16:38:36 | 000,277,032 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
    SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
    SRV:64bit: - [2007/10/05 13:31:08 | 001,044,720 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldocoms.exe -- (dldo_device)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/08/14 19:55:38 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/24 21:46:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/01/07 09:53:16 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
    SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
    SRV - [2009/10/20 21:35:26 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe -- (STacSV)
    SRV - [2009/09/30 18:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/09/30 18:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/07/08 16:55:26 | 000,323,584 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SPLASH.SYS\config\DVMExportService.exe -- (DvmMDES)
    SRV - [2009/06/10 11:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/06/05 14:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe -- (AESTFilters)
    SRV - [2007/10/05 13:31:20 | 000,034,032 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe -- (dldoCATSCustConnectService)
    SRV - [2007/10/05 03:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dldocoms.exe -- (dldo_device)
    SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 20:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/06/16 05:54:06 | 000,069,888 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
    DRV:64bit: - [2011/03/10 20:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 20:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/22 12:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/11/20 03:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 01:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/19 23:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/06/01 22:28:13 | 002,838,008 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2010/05/25 15:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
    DRV:64bit: - [2009/11/12 10:07:18 | 000,200,736 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2009/11/12 10:07:10 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/11/05 20:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/10/30 09:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/10/20 21:35:26 | 000,501,760 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/10/12 16:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/09/26 04:42:58 | 000,233,984 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/07 03:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/13 15:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 15:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 15:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 14:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2009/07/13 14:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/08 10:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2009/07/08 10:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2009/06/29 08:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
    DRV:64bit: - [2009/06/10 11:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 11:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 11:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 11:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 10:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 10:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 10:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 10:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 10:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 10:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/12 16:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/04/29 06:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2010/06/24 12:53:04 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
    DRV - [2009/09/27 10:47:24 | 000,021,624 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\SPLASH.SYS\config\dvmio.sys -- (DVMIO)
    DRV - [2009/07/13 15:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3246954D-068D-4691-B544-15E6F22105A6}
    IE:64bit: - HKLM\..\SearchScopes\{3246954D-068D-4691-B544-15E6F22105A6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{DB686C35-2784-49C2-BA6D-E1C119AD3455}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {3246954D-068D-4691-B544-15E6F22105A6}
    IE - HKLM\..\SearchScopes\{3246954D-068D-4691-B544-15E6F22105A6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{DB686C35-2784-49C2-BA6D-E1C119AD3455}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
    IE - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\..\SearchScopes,DefaultScope = {3246954D-068D-4691-B544-15E6F22105A6}
    IE - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\..\SearchScopes\{3246954D-068D-4691-B544-15E6F22105A6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\..\SearchScopes\{BC796D34-8228-4736-810D-50A1D6A201BA}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
    FF - prefs.js..extensions.enabledAddons: web2pdfextension@web2pdf.adobedotcom:1.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.10.1\npHDPlg.dll ()
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Matt\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/05 09:28:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/08 00:21:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/02/11 16:21:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/24 21:46:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/28 18:06:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011/07/08 00:21:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/24 21:46:51 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/28 18:06:53 | 000,000,000 | ---D | M]

    [2011/06/30 22:53:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
    [2012/06/13 22:06:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\qcvej2a1.default\extensions
    [2012/06/13 20:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/05 14:52:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/02/11 16:21:33 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
    [2012/07/24 21:46:51 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/10/06 14:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2007/02/12 09:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files (x86)\mozilla firefox\plugins\npigl.dll
    [2010/10/06 14:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/06/25 22:10:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/06/25 22:10:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2011/09/22 21:54:22 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
    O4:64bit: - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe File not found
    O4:64bit: - HKLM..\Run: [dldomon.exe] C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MemoryCardManager] C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe ()
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Dell 968 AIO Printer] C:\Program Files (x86)\Dell 968 AIO Printer\fm3032.exe ()
    O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
    O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000..\Run: [HP Photosmart 7510 series (NET)] C:\Program Files\HP\HP Photosmart 7510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
    O4 - HKU\S-1-5-21-1174133610-2724806526-2353754245-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
  21. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FD92ED7-65B7-4B5F-B371-D98BBA8045AB}: DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49C20BBD-B219-451A-BF00-8D1DCFCF0BAB}: DhcpNameServer = 10.0.0.1
    O18:64bit: - Protocol\Handler\bwfile-8876480 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O18 - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\Shell - "" = AutoRun
    O33 - MountPoints2\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/19 13:54:27 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/09/18 16:40:59 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2012/09/18 16:20:02 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
    [2012/09/18 16:05:18 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\TDSSKiller.exe
    [2012/09/18 15:46:50 | 000,000,000 | -HSD | C] -- C:\found.000
    [2012/09/18 14:31:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
    [2012/09/17 11:48:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\FIX
    [2012/09/15 17:32:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums_files
    [2012/09/15 17:08:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
    [2012/09/15 17:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/15 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/15 17:08:00 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/09/15 17:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/09/15 16:52:44 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/09/13 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/09/13 17:57:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

    ========== Files - Modified Within 30 Days ==========

    [2012/09/19 14:01:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
    [2012/09/19 13:55:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174133610-2724806526-2353754245-1000UA.job
    [2012/09/19 13:54:29 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
    [2012/09/19 13:47:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/19 13:47:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/09/19 10:55:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1174133610-2724806526-2353754245-1000Core.job
    [2012/09/18 18:00:25 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
    [2012/09/18 17:56:39 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/18 17:56:34 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/18 17:48:23 | 3062,984,704 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/18 17:11:31 | 000,000,512 | ---- | M] () -- C:\Users\Matt\Desktop\MBR.dat
    [2012/09/18 16:41:17 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Matt\Desktop\aswMBR.exe
    [2012/09/18 16:18:39 | 001,378,816 | ---- | M] () -- C:\Users\Matt\Desktop\RogueKiller.exe
    [2012/09/18 16:04:27 | 002,193,278 | ---- | M] () -- C:\Users\Matt\Desktop\tdsskiller.zip
    [2012/09/18 15:49:33 | 000,003,416 | ---- | M] () -- C:\bootsqm.dat
    [2012/09/18 14:31:50 | 000,002,520 | ---- | M] () -- C:\Users\Matt\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012/09/17 19:25:14 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\TDSSKiller.exe
    [2012/09/17 17:35:10 | 000,729,770 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/09/17 17:35:10 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/09/17 17:35:10 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/09/15 17:32:22 | 000,066,527 | ---- | M] () -- C:\Users\Matt\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    [2012/09/15 17:26:27 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/15 17:05:59 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/09/15 14:18:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2012/09/13 17:57:35 | 000,743,856 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/09/13 17:47:02 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMatt.job
    [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/09/18 17:11:31 | 000,000,512 | ---- | C] () -- C:\Users\Matt\Desktop\MBR.dat
    [2012/09/18 16:18:39 | 001,378,816 | ---- | C] () -- C:\Users\Matt\Desktop\RogueKiller.exe
    [2012/09/18 16:04:22 | 002,193,278 | ---- | C] () -- C:\Users\Matt\Desktop\tdsskiller.zip
    [2012/09/18 15:49:33 | 000,003,416 | ---- | C] () -- C:\bootsqm.dat
    [2012/09/18 14:31:50 | 000,002,520 | ---- | C] () -- C:\Users\Matt\Desktop\Windows 7 USB DVD Download Tool.lnk
    [2012/09/15 17:32:21 | 000,066,527 | ---- | C] () -- C:\Users\Matt\Desktop\UPDATED 5-step Viruses_Spyware_Malware Preliminary Removal Instructions - TechSpot Forums.htm
    [2012/09/15 17:08:09 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/15 14:18:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2012/09/13 17:57:37 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/05/28 18:04:32 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/01/19 19:57:43 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/01/19 19:57:43 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/09/28 21:22:08 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\dldocomx.dll
    [2011/09/28 21:22:08 | 000,348,160 | ---- | C] () -- C:\Windows\SysWow64\dldoinst.dll
    [2011/09/28 21:22:07 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoinpa.dll
    [2011/09/28 21:22:07 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoiesc.dll
    [2011/09/28 21:22:07 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dldojswr.dll
    [2011/09/28 21:22:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dldopmui.dll
    [2011/09/28 21:22:06 | 000,503,808 | ---- | C] () -- C:\Windows\SysWow64\dldoutil.dll
    [2011/09/28 21:22:06 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldoinsr.dll
    [2011/09/28 21:22:06 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldocur.dll
    [2011/09/28 21:22:05 | 000,954,368 | ---- | C] ( ) -- C:\Windows\SysWow64\dldousb1.dll
    [2011/09/28 21:22:05 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoinsb.dll
    [2011/09/28 21:22:05 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldoins.dll
    [2011/09/28 21:22:05 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldocub.dll
    [2011/09/28 21:22:05 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldocu.dll
    [2011/09/28 21:22:04 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoserv.dll
    [2011/09/28 21:22:04 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoprox.dll
    [2011/09/28 21:22:03 | 000,663,552 | ---- | C] ( ) -- C:\Windows\SysWow64\dldohbn3.dll
    [2011/09/28 21:22:03 | 000,569,344 | ---- | C] ( ) -- C:\Windows\SysWow64\dldolmpm.dll
    [2011/09/28 21:22:03 | 000,320,752 | ---- | C] ( ) -- C:\Windows\SysWow64\dldoih.exe
    [2011/09/28 21:22:02 | 000,595,184 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocoms.exe
    [2011/09/28 21:22:01 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomc.dll
    [2011/09/28 21:22:01 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocomm.dll
    [2011/09/28 21:22:00 | 000,365,808 | ---- | C] ( ) -- C:\Windows\SysWow64\dldocfg.exe
    [2011/09/28 21:22:00 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\dldocfg.dll
    [2011/07/30 18:35:21 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
    [2011/07/30 18:35:21 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
    [2011/07/30 18:35:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
    [2011/07/30 18:35:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth2.dll
    [2011/07/30 18:35:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\serauth1.dll
    [2011/07/30 18:35:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\nsprs.dll
    [2011/07/30 18:27:44 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth2.dll
    [2011/07/30 18:27:44 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\grcauth1.dll
    [2011/07/30 18:27:44 | 000,000,100 | ---- | C] () -- C:\Windows\SysWow64\prsgrc.dll
    [2011/07/30 18:13:47 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2011/07/30 18:13:47 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2011/06/27 04:20:03 | 000,743,856 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2012/08/22 22:20:24 | 000,003,383 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11818911983@x23[1].htm
    [2012/09/04 21:21:23 | 000,000,523 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11ae3bce32c8b3e1937271be5b9ff295326948615@x90[1].htm
    [2012/09/08 10:47:53 | 000,000,245 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\120120908204744@x90[1].htm
    [2012/09/08 10:47:54 | 000,000,245 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\120120908204744@x90[2].htm
    [2012/08/22 22:20:21 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1272616779@x90[1].htm
    [2012/09/04 21:21:23 | 000,003,396 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1296242263@x23[1].htm
    [2012/09/13 17:45:26 | 000,006,474 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1351420889@x96[1].htm
    [2012/08/23 08:47:35 | 000,006,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1401594033@x96[1].htm
    [2012/08/22 22:20:11 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1431241412@x90[1].htm
    [2012/08/28 21:40:34 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1499964038@x96[1].htm
    [2012/09/01 23:19:48 | 000,003,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1599470633@x23[1].htm
    [2012/08/22 22:20:21 | 000,003,383 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1797715634@x23[1].htm
    [2012/08/28 19:28:24 | 000,000,273 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1943305433@Right[1].js
    [2012/08/28 19:53:47 | 000,000,303 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\2011Generic@Bottom3[1].htm
    [2012/08/28 21:40:34 | 000,006,472 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\414671736@x96[1].htm
    [2012/09/08 16:41:08 | 000,006,938 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\938370384@x96[1].htm
    [2012/08/28 19:53:48 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Bottom3[1].htm
    [2012/08/26 11:04:44 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Right[1].htm
    [2012/08/28 19:28:25 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Right[2].htm
    [2012/08/26 11:04:43 | 000,000,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Top[1].htm
    [2012/08/25 14:34:40 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\Beetle_Vw03@Bottom3[1].htm
    [2012/09/01 23:19:47 | 000,003,453 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x72[1].htm
    [2012/08/28 19:53:46 | 000,003,423 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x92[1].htm
    [2012/08/28 19:53:46 | 000,003,423 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x92[2].htm
    [2012/08/25 14:34:40 | 000,001,463 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\IBFace_SX_NonSecure@Bottom3[1].htm
    [2012/09/04 21:21:22 | 000,000,524 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1048172A8-6B0B-417B-A7CD-8BF74DEE96B9@x90[1].htm
    [2012/08/28 19:53:47 | 000,001,735 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11008854137@x96[1].htm
    [2012/09/02 22:58:35 | 000,006,472 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1135113377@x96[1].htm
    [2012/09/01 23:19:49 | 000,003,421 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11359441462@x23[1].htm
    [2012/09/08 10:47:29 | 000,003,358 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11387071771@x23[1].htm
    [2012/08/22 22:20:24 | 000,003,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11495244534@x23[1].htm
    [2012/08/22 22:20:24 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11862389050@x90[1].htm
    [2012/09/04 21:21:22 | 000,003,389 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11962034705@x23[1].htm
    [2012/09/08 10:47:29 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1387071771@x96[1].htm
    [2012/09/13 17:45:51 | 000,006,474 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1525501573@x96[1].htm
    [2012/08/24 20:28:12 | 000,000,235 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1549991612648@x90[1].htm
    [2012/08/30 22:06:41 | 000,006,948 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1622147344@x96[1].htm
    [2012/08/28 19:33:30 | 000,002,346 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1728382595@x15[1].js
    [2012/08/30 22:06:46 | 000,000,165 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1883809782@x23[1].htm
    [2012/08/28 19:28:22 | 000,000,270 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1943305433@Right[1].js
    [2012/08/28 19:28:23 | 000,000,270 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1943305433@Right[2].js
    [2012/08/15 23:00:12 | 000,000,236 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1b8f9b180-0c44-4e22-9947-9d827d838893@x90[1].htm
    [2012/08/23 08:47:30 | 000,006,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\674885955@x96[1].htm
    [2012/08/25 14:34:39 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\@Bottom3[1].htm
    [2012/08/28 19:53:49 | 000,020,959 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\@x96[1].htm
    [2012/08/28 19:53:50 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\Beetle_Vw03@Bottom3[1].htm
    [2012/09/01 23:19:48 | 000,003,495 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\DLX@x72[1].htm
    [2012/08/28 19:53:49 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\IBNail_SX_NonSecure@Bottom3[1].htm
    [2012/08/28 19:53:47 | 000,009,882 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ZAPSegments@x96[1].htm
    [2012/09/11 17:37:37 | 000,003,379 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11488590701@x23[1].htm
    [2012/09/11 17:37:37 | 000,000,518 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1218454452@x90[1].htm
    [2012/08/22 22:20:24 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1232036730@x90[1].htm
    [2012/08/28 19:53:49 | 000,000,411 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\12q2_Hair_Ibehavior@Bottom3[1].htm
    [2012/08/24 20:08:07 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1782d3b5bfd5049f29226da2cd8afb840@x90[1].htm
    [2012/09/08 16:41:12 | 000,006,948 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\2132801573@x96[1].htm
    [2012/08/26 11:04:48 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@Right[1].htm
    [2012/08/23 08:48:28 | 000,000,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@Top[1].htm
    [2012/08/28 19:53:48 | 000,000,666 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@x94[1].htm
    [2012/08/25 14:34:39 | 000,020,935 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@x96[1].htm
    [2012/08/28 19:53:49 | 000,001,465 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\IBFace_SX_NonSecure@Bottom3[1].htm
    [2012/08/28 19:53:50 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\IBFace_SX_NonSecure@Bottom3[2].htm
    [2012/09/01 23:18:34 | 000,000,524 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\10f5ad798be7d23e2ecf745cac8eb3bbe5a464436@x90[1].htm
    [2012/08/28 19:53:47 | 000,004,179 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11008854137@x71[1].htm
    [2012/09/01 23:18:34 | 000,003,392 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11378552986@x23[1].htm
    [2012/08/22 22:20:11 | 000,000,519 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11410573318@x90[1].htm
    [2012/08/28 19:28:26 | 000,000,321 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1146647457@Right[1].js
    [2012/08/28 19:53:49 | 000,000,305 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11488689199@x96[1].htm
    [2012/08/25 14:34:40 | 000,000,304 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11613301826@x96[1].htm
    [2012/08/22 22:20:11 | 000,003,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11679880215@x23[1].htm
    [2012/08/22 22:20:21 | 000,003,382 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11982066054@x23[1].htm
    [2012/08/22 22:20:21 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12012934823@x90[1].htm
    [2012/08/22 22:20:11 | 000,003,386 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\125512536@x23[1].htm
    [2012/08/25 14:34:40 | 000,000,411 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12q2_Hair_Ibehavior@Bottom3[1].htm
    [2012/08/28 19:33:27 | 000,002,346 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1327978641@x15[1].js
    [2012/08/30 22:06:45 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1429568409@x90[1].htm
    [2012/09/08 16:41:31 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1543486935@x96[1].htm
    [2012/08/28 19:07:25 | 000,000,316 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1548637918@Right[1].js
    [2012/08/15 23:00:47 | 000,001,261 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1595190967@x23[1].htm
    [2012/08/28 21:40:33 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1598893812@x96[1].htm
    [2012/08/15 23:00:47 | 000,000,523 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1f496121f4e75455e998487e2695d09f3b09da603@x90[1].htm
    [2012/09/02 22:58:40 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\599186997@x96[1].htm
    [2012/08/28 21:40:34 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\653480210@x96[1].htm
    [2012/09/08 16:41:31 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\902900901@x96[1].htm
    [2012/08/23 08:48:25 | 000,000,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\@Top[1].htm
    [2012/08/25 14:34:40 | 000,001,533 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\iBehavior_DataDictionary_SX@Bottom3[1].htm
    [2012/08/28 19:53:49 | 000,001,532 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\iBehavior_DataDictionary_SX@Bottom3[2].htm
    [2012/08/25 14:34:40 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\IBFace_SX_NonSecure@Bottom3[1].htm
    [2012/08/25 14:34:40 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\IBNail_SX_NonSecure@Bottom3[1].htm
    [2012/09/04 22:18:25 | 000,000,330 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Seg001@Bottom3[1].htm
    [2012/09/04 22:18:25 | 000,000,667 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Seg001_Secure@Bottom3[1].htm
    [2012/08/25 14:34:40 | 000,001,687 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\SX@Bottom3[1].htm
    [2012/08/28 19:53:49 | 000,001,684 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\SX@Bottom3[2].htm
    [2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    ========== LOP Check ==========

    [2011/09/28 21:30:02 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\968 Series
    [2011/07/06 06:31:45 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DigitalPersona
    [2012/09/19 10:50:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
    [2011/09/03 12:18:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\MinMaxGames
    [2011/11/06 21:51:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SharePod
    [2012/08/11 22:01:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\SWF.max
    [2012/08/13 18:05:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\uTorrent
    [2011/07/07 22:49:19 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WildTangent
    [2011/09/22 22:58:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >
  22. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    OTL Extras logfile created on: 9/19/2012 1:57:18 PM - Run 1
    OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Matt\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.37 Gb Available Physical Memory | 62.23% Memory free
    7.61 Gb Paging File | 6.00 Gb Available in Paging File | 78.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 213.72 Gb Total Space | 89.74 Gb Free Space | 41.99% Space Free | Partition Type: NTFS
    Drive D: | 18.87 Gb Total Space | 3.04 Gb Free Space | 16.14% Space Free | Partition Type: NTFS
    Drive E: | 99.18 Mb Total Space | 95.07 Mb Free Space | 95.86% Space Free | Partition Type: FAT32
    Drive G: | 3.67 Gb Total Space | 3.67 Gb Free Space | 99.96% Space Free | Partition Type: FAT32

    Computer Name: MATT-LAPTOP | User Name: Matt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1174133610-2724806526-2353754245-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0446B95B-C0FD-4DE9-BD8E-76015D05E4F3}" = HP Photosmart 7510 series Basic Device Software
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
    "{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
    "{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
    "{86E45973-5352-439F-A115-2E8EE4D40140}" = ActivClient CAC x64
    "{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
    "{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
    "{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
    "{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-bit
    "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D9F55AA1-FD3E-47FF-A385-72ED53666D3F}" = HP Photosmart 7510 series Product Improvement Study
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
    "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "Dell 968 AIO Printer" = Dell 968 AIO Printer
    "FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1747DF05-6890-440B-B094-2146F5DC50E0}" = HP MediaSmart SlingPlayer
    "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21FFAF37-E51A-41AB-8749-ACD1F9CF8E37}" = HP QuickWeb
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C8CC208-965C-48A1-90A8-DFB484358F1C}" = FaxRedist
    "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35021DFB-F9CA-402A-89A2-47F91E506465}" = HP MediaSmart/TouchSmart Netflix
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3F41BA46-09C3-4500-96D7-DC4390AD0124}" = Acrobat X Suite
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
    "{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DA782CB-C9A0-462F-9D18-17D301BC507C}" = Amos 16.0
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
    "{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
    "{6357D25F-A9C9-4CC7-A1FB-0DCF344E7C40}" = HP Photosmart 7510 series Help
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69B6B9E1-A5DF-3177-2B1D-3B672F29EF86}" = Adobe Captivate Quiz Results Analyzer
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78915DBA-4FD6-4B85-AC4C-5862BB4D884F}" = HP User Guides 0186
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8432FFD1-6F4D-F9B8-D641-5932E60359A2}" = Adobe Captivate Reviewer
    "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB2.0&PCIE Card Reader
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D61524CF-93FE-4193-91AD-C6E21FEEAA5A}" = Logitech Harmony Remote Software 7
    "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EA61B3FD-10FF-4979-BC69-D3CC9E753765}" = SPSS SmartViewer 16.0
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
    "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Reviewer
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "Digital Editions" = Adobe Digital Editions
    "HP Photo Creations" = HP Photo Creations
    "HP Smart Web Printing" = HP Smart Web Printing
    "igLoader" = igLoader
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
    "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
    "Kobo" = Kobo
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Captivate Quiz Results Analyzer
    "SWF.max" = Aero SWF.max 1.6.868
    "The Walking Dead (c) 3_is1" = The Walking Dead (c) 3 version 1
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.1.11
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Xvid Video Codec 1.3.2" = Xvid Video Codec

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1174133610-2724806526-2353754245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "HuluDesktop" = Hulu Desktop

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/10/2012 3:52:00 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 9.0.8112.16447, time
    stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x001d9aa6 Faulting process
    id: 0x1c8c Faulting application start time: 0x01cd8f27c4114a01 Faulting application
    path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
    Report
    Id: 6690d2a3-fb1c-11e1-8eb4-705ab6aceec3

    Error - 9/10/2012 4:03:46 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 9.0.8112.16447, time
    stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x001d9aa6 Faulting process
    id: 0x2140 Faulting application start time: 0x01cd8f295988417d Faulting application
    path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
    Report
    Id: 0b4e13f1-fb1e-11e1-8eb4-705ab6aceec3

    Error - 9/11/2012 11:48:51 PM | Computer Name = Matt-Laptop | Source = SideBySide | ID = 16842827
    Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
    Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
    Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
    Multiple
    requestedPrivileges elements are not allowed in manifest.

    Error - 9/11/2012 11:50:42 PM | Computer Name = Matt-Laptop | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Common
    Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
    Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
    "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
    "version" in element "assemblyIdentity" is invalid.

    Error - 9/12/2012 2:44:39 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 9.0.8112.16447, time
    stamp: 0x4fc9d776 Exception code: 0xc0000005 Fault offset: 0x001d9aa6 Faulting process
    id: 0x94c Faulting application start time: 0x01cd90b0f837249a Faulting application
    path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
    Report
    Id: 52c32d65-fca5-11e1-8eb4-705ab6aceec3

    Error - 9/14/2012 12:00:06 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74aac9f1 Faulting process id: 0x126c Faulting application
    start time: 0x01cd922d6c214358 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: aabb3b93-fe20-11e1-b352-705ab6aceec3

    Error - 9/14/2012 12:01:08 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74aac9f1 Faulting process id: 0x5b4 Faulting application
    start time: 0x01cd922d91f07a16 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: cfa3cb57-fe20-11e1-b352-705ab6aceec3

    Error - 9/14/2012 12:02:08 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74aac9f1 Faulting process id: 0x940 Faulting application
    start time: 0x01cd922db5daf30d Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: f38c40ae-fe20-11e1-b352-705ab6aceec3

    Error - 9/14/2012 12:03:08 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74aac9f1 Faulting process id: 0x630 Faulting application
    start time: 0x01cd922dd9b8e900 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 17692d01-fe21-11e1-b352-705ab6aceec3

    Error - 9/14/2012 12:06:25 AM | Computer Name = Matt-Laptop | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x74aac9f1 Faulting process id: 0x318 Faulting application
    start time: 0x01cd922e4ede9c96 Faulting application path: C:\Windows\SysWOW64\svchost.exe
    Faulting
    module path: unknown Report Id: 8cb6003b-fe21-11e1-b352-705ab6aceec3

    [ Hewlett-Packard Events ]
    Error - 12/14/2011 6:06:55 AM | Computer Name = Matt-Laptop | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088hpsa_service.exe at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3894 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

    Error - 12/19/2011 4:37:11 AM | Computer Name = Matt-Laptop | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3894 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

    Error - 12/26/2011 4:42:03 AM | Computer Name = Matt-Laptop | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
    Version:
    06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 3894 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

    Error - 3/4/2012 8:42:55 PM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    Error - 3/18/2012 6:01:32 PM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    Error - 4/29/2012 6:31:09 PM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    Error - 5/6/2012 10:25:49 PM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    Error - 7/3/2012 4:53:39 AM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/15/2012 8:53:30 PM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    Error - 8/16/2012 4:45:31 AM | Computer Name = Matt-Laptop | Source = HPSF.exe | ID = 4000
    Description =

    [ System Events ]
    Error - 9/14/2012 12:30:08 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7000
    Description = The dldoCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 9/14/2012 12:30:10 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 9/14/2012 12:30:10 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.

    Error - 9/14/2012 12:30:46 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 9/14/2012 12:30:46 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 9/14/2012 12:32:28 AM | Computer Name = Matt-Laptop | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 6:30:06 PM on ?9/?13/?2012 was unexpected.

    Error - 9/14/2012 12:32:30 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the dldoCATSCustConnectService
    service to connect.

    Error - 9/14/2012 12:32:30 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7000
    Description = The dldoCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 9/14/2012 12:32:32 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7003
    Description = The IKE and AuthIP IPsec Keying Modules service depends the following
    service: BFE. This service might not be installed.

    Error - 9/14/2012 12:32:32 AM | Computer Name = Matt-Laptop | Source = Service Control Manager | ID = 7003
    Description = The IPsec Policy Agent service depends the following service: BFE.
    This service might not be installed.


    < End of report >
  23. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    If after running OTL fix listed below MSE still complains about same file let it fix it.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O33 - MountPoints2\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\Shell - "" = AutoRun
      O33 - MountPoints2\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
      [2012/09/15 16:52:44 | 000,000,000 | ---D | C] -- C:\FRST
      [2012/08/22 22:20:24 | 000,003,383 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11818911983@x23[1].htm
      [2012/09/04 21:21:23 | 000,000,523 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11ae3bce32c8b3e1937271be5b9ff295326948615@x90[1].htm
      [2012/09/08 10:47:53 | 000,000,245 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\120120908204744@x90[1].htm
      [2012/09/08 10:47:54 | 000,000,245 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\120120908204744@x90[2].htm
      [2012/08/22 22:20:21 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1272616779@x90[1].htm
      [2012/09/04 21:21:23 | 000,003,396 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1296242263@x23[1].htm
      [2012/09/13 17:45:26 | 000,006,474 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1351420889@x96[1].htm
      [2012/08/23 08:47:35 | 000,006,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1401594033@x96[1].htm
      [2012/08/22 22:20:11 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1431241412@x90[1].htm
      [2012/08/28 21:40:34 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1499964038@x96[1].htm
      [2012/09/01 23:19:48 | 000,003,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1599470633@x23[1].htm
      [2012/08/22 22:20:21 | 000,003,383 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1797715634@x23[1].htm
      [2012/08/28 19:28:24 | 000,000,273 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1943305433@Right[1].js
      [2012/08/28 19:53:47 | 000,000,303 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\2011Generic@Bottom3[1].htm
      [2012/08/28 21:40:34 | 000,006,472 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\414671736@x96[1].htm
      [2012/09/08 16:41:08 | 000,006,938 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\938370384@x96[1].htm
      [2012/08/28 19:53:48 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Bottom3[1].htm
      [2012/08/26 11:04:44 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Right[1].htm
      [2012/08/28 19:28:25 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Right[2].htm
      [2012/08/26 11:04:43 | 000,000,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Top[1].htm
      [2012/08/25 14:34:40 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\Beetle_Vw03@Bottom3[1].htm
      [2012/09/01 23:19:47 | 000,003,453 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x72[1].htm
      [2012/08/28 19:53:46 | 000,003,423 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x92[1].htm
      [2012/08/28 19:53:46 | 000,003,423 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x92[2].htm
      [2012/08/25 14:34:40 | 000,001,463 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\IBFace_SX_NonSecure@Bottom3[1].htm
      [2012/09/04 21:21:22 | 000,000,524 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1048172A8-6B0B-417B-A7CD-8BF74DEE96B9@x90[1].htm
      [2012/08/28 19:53:47 | 000,001,735 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11008854137@x96[1].htm
      [2012/09/02 22:58:35 | 000,006,472 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1135113377@x96[1].htm
      [2012/09/01 23:19:49 | 000,003,421 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11359441462@x23[1].htm
      [2012/09/08 10:47:29 | 000,003,358 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11387071771@x23[1].htm
      [2012/08/22 22:20:24 | 000,003,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11495244534@x23[1].htm
      [2012/08/22 22:20:24 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11862389050@x90[1].htm
      [2012/09/04 21:21:22 | 000,003,389 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11962034705@x23[1].htm
      [2012/09/08 10:47:29 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1387071771@x96[1].htm
      [2012/09/13 17:45:51 | 000,006,474 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1525501573@x96[1].htm
      [2012/08/24 20:28:12 | 000,000,235 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1549991612648@x90[1].htm
      [2012/08/30 22:06:41 | 000,006,948 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1622147344@x96[1].htm
      [2012/08/28 19:33:30 | 000,002,346 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1728382595@x15[1].js
      [2012/08/30 22:06:46 | 000,000,165 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1883809782@x23[1].htm
      [2012/08/28 19:28:22 | 000,000,270 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1943305433@Right[1].js
      [2012/08/28 19:28:23 | 000,000,270 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1943305433@Right[2].js
      [2012/08/15 23:00:12 | 000,000,236 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1b8f9b180-0c44-4e22-9947-9d827d838893@x90[1].htm
      [2012/08/23 08:47:30 | 000,006,493 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\674885955@x96[1].htm
      [2012/08/25 14:34:39 | 000,000,623 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\@Bottom3[1].htm
      [2012/08/28 19:53:49 | 000,020,959 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\@x96[1].htm
      [2012/08/28 19:53:50 | 000,000,487 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\Beetle_Vw03@Bottom3[1].htm
      [2012/09/01 23:19:48 | 000,003,495 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\DLX@x72[1].htm
      [2012/08/28 19:53:49 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\IBNail_SX_NonSecure@Bottom3[1].htm
      [2012/08/28 19:53:47 | 000,009,882 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ZAPSegments@x96[1].htm
      [2012/09/11 17:37:37 | 000,003,379 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11488590701@x23[1].htm
      [2012/09/11 17:37:37 | 000,000,518 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1218454452@x90[1].htm
      [2012/08/22 22:20:24 | 000,000,521 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1232036730@x90[1].htm
      [2012/08/28 19:53:49 | 000,000,411 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\12q2_Hair_Ibehavior@Bottom3[1].htm
      [2012/08/24 20:08:07 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1782d3b5bfd5049f29226da2cd8afb840@x90[1].htm
      [2012/09/08 16:41:12 | 000,006,948 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\2132801573@x96[1].htm
      [2012/08/26 11:04:48 | 000,000,650 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@Right[1].htm
      [2012/08/23 08:48:28 | 000,000,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@Top[1].htm
      [2012/08/28 19:53:48 | 000,000,666 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@x94[1].htm
      [2012/08/25 14:34:39 | 000,020,935 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@x96[1].htm
      [2012/08/28 19:53:49 | 000,001,465 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\IBFace_SX_NonSecure@Bottom3[1].htm
      [2012/08/28 19:53:50 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\IBFace_SX_NonSecure@Bottom3[2].htm
      [2012/09/01 23:18:34 | 000,000,524 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\10f5ad798be7d23e2ecf745cac8eb3bbe5a464436@x90[1].htm
      [2012/08/28 19:53:47 | 000,004,179 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11008854137@x71[1].htm
      [2012/09/01 23:18:34 | 000,003,392 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11378552986@x23[1].htm
      [2012/08/22 22:20:11 | 000,000,519 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11410573318@x90[1].htm
      [2012/08/28 19:28:26 | 000,000,321 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1146647457@Right[1].js
      [2012/08/28 19:53:49 | 000,000,305 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11488689199@x96[1].htm
      [2012/08/25 14:34:40 | 000,000,304 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11613301826@x96[1].htm
      [2012/08/22 22:20:11 | 000,003,385 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11679880215@x23[1].htm
      [2012/08/22 22:20:21 | 000,003,382 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11982066054@x23[1].htm
      [2012/08/22 22:20:21 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12012934823@x90[1].htm
      [2012/08/22 22:20:11 | 000,003,386 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\125512536@x23[1].htm
      [2012/08/25 14:34:40 | 000,000,411 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12q2_Hair_Ibehavior@Bottom3[1].htm
      [2012/08/28 19:33:27 | 000,002,346 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1327978641@x15[1].js
      [2012/08/30 22:06:45 | 000,000,520 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1429568409@x90[1].htm
      [2012/09/08 16:41:31 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1543486935@x96[1].htm
      [2012/08/28 19:07:25 | 000,000,316 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1548637918@Right[1].js
      [2012/08/15 23:00:47 | 000,001,261 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1595190967@x23[1].htm
      [2012/08/28 21:40:33 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1598893812@x96[1].htm
      [2012/08/15 23:00:47 | 000,000,523 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1f496121f4e75455e998487e2695d09f3b09da603@x90[1].htm
      [2012/09/02 22:58:40 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\599186997@x96[1].htm
      [2012/08/28 21:40:34 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\653480210@x96[1].htm
      [2012/09/08 16:41:31 | 000,006,467 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\902900901@x96[1].htm
      [2012/08/23 08:48:25 | 000,000,642 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\@Top[1].htm
      [2012/08/25 14:34:40 | 000,001,533 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\iBehavior_DataDictionary_SX@Bottom3[1].htm
      [2012/08/28 19:53:49 | 000,001,532 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\iBehavior_DataDictionary_SX@Bottom3[2].htm
      [2012/08/25 14:34:40 | 000,000,242 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\IBFace_SX_NonSecure@Bottom3[1].htm
      [2012/08/25 14:34:40 | 000,000,240 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\IBNail_SX_NonSecure@Bottom3[1].htm
      [2012/09/04 22:18:25 | 000,000,330 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Seg001@Bottom3[1].htm
      [2012/09/04 22:18:25 | 000,000,667 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Seg001_Secure@Bottom3[1].htm
      [2012/08/25 14:34:40 | 000,001,687 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\SX@Bottom3[1].htm
      [2012/08/28 19:53:49 | 000,001,684 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\SX@Bottom3[2].htm
      [2009/07/13 18:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  24. MDGuelker

    MDGuelker Newcomer, in training Topic Starter Posts: 22

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a6d4abe-b635-11e0-bb1b-705ab6aceec3}\ not found.
    File G:\LaunchU3.exe -a not found.
    C:\FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\U folder moved successfully.
    C:\FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\L folder moved successfully.
    C:\FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\{432e5aed-ab81-6bb4-104f-9bcb347b95e8} folder moved successfully.
    C:\FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\U folder moved successfully.
    C:\FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\L folder moved successfully.
    C:\FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11818911983@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\11ae3bce32c8b3e1937271be5b9ff295326948615@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\120120908204744@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\120120908204744@x90[2].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1272616779@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1296242263@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1351420889@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1401594033@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1431241412@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1499964038@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1599470633@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1797715634@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\1943305433@Right[1].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\2011Generic@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\414671736@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\938370384@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Right[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Right[2].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\@Top[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\Beetle_Vw03@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x72[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x92[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\DLX@x92[2].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\IBFace_SX_NonSecure@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1048172A8-6B0B-417B-A7CD-8BF74DEE96B9@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11008854137@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1135113377@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11359441462@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11387071771@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11495244534@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11862389050@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\11962034705@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1387071771@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1525501573@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1549991612648@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1622147344@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1728382595@x15[1].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1883809782@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1943305433@Right[1].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1943305433@Right[2].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\1b8f9b180-0c44-4e22-9947-9d827d838893@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\674885955@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\Beetle_Vw03@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\DLX@x72[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\IBNail_SX_NonSecure@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ZAPSegments@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\11488590701@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1218454452@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1232036730@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\12q2_Hair_Ibehavior@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\1782d3b5bfd5049f29226da2cd8afb840@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\2132801573@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@Right[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@Top[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@x94[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\IBFace_SX_NonSecure@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\IBFace_SX_NonSecure@Bottom3[2].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\10f5ad798be7d23e2ecf745cac8eb3bbe5a464436@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11008854137@x71[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11378552986@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11410573318@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1146647457@Right[1].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11488689199@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11613301826@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11679880215@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\11982066054@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12012934823@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\125512536@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\12q2_Hair_Ibehavior@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1327978641@x15[1].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1429568409@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1543486935@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1548637918@Right[1].js moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1595190967@x23[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1598893812@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\1f496121f4e75455e998487e2695d09f3b09da603@x90[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\599186997@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\653480210@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\902900901@x96[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\@Top[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\iBehavior_DataDictionary_SX@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\iBehavior_DataDictionary_SX@Bottom3[2].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\IBFace_SX_NonSecure@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\IBNail_SX_NonSecure@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Seg001@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\Seg001_Secure@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\SX@Bottom3[1].htm moved successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\SX@Bottom3[2].htm moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 41620 bytes

    User: Default User

    User: Matt
    ->Temp folder emptied: 903789511 bytes
    ->Temporary Internet Files folder emptied: 380884762 bytes
    ->Java cache emptied: 255361 bytes
    ->FireFox cache emptied: 60670715 bytes
    ->Flash cache emptied: 120810 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 482908005 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50400 bytes
    RecycleBin emptied: 472300 bytes

    Total Files Cleaned = 1,744.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Matt
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Matt
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.64.0 log created on 09192012_163546

    Files\Folders moved on Reboot...
    C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.65.0.1400
    Java(TM) 6 Update 32
    Java version out of Date!
    Adobe Flash Player 11.3.300.271 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Mozilla Firefox 14.0.1 Firefox out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````



    Farbar Service Scanner Version: 19-09-2012
    Ran by Matt (administrator) on 19-09-2012 at 16:59:50
    Running from "C:\Users\Matt\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****


    # AdwCleaner v2.002 - Logfile created 09/19/2012 at 17:01:31
    # Updated 16/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Matt - MATT-LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Matt\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

    ***** [Registry] *****

    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v14.0.1 (en-US)

    Profile name : default
    File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\qcvej2a1.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2039 octets] - [19/09/2012 17:01:31]

    ########## EOF - C:\AdwCleaner[S1].txt - [2099 octets] ##########



    C:\Users\Matt\Desktop\Utilities\Crackers\KMS.Activator.Office.2010\mini-KMS_Activator_v1.2_Office2010_VL_ENG_FIXED.exe a variant of Win32/HackKMS.A application deleted - quarantined
    C:\_OTL\MovedFiles\09192012_163546\C_FRST\Quarantine\{432e5aed-ab81-6bb4-104f-9bcb347b95e8}\n Win64/Sirefef.W trojan cleaned by deleting - quarantined
  25. Broni

    Broni Malware Annihilator Posts: 46,319   +252

    We have some registry keys missing.

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Post new FSS log.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.