Solved Friend's W7 Home Premium laptop

learninmypc

learninmypc

Posts: 9,802   +740
First time for this laptop. Got it last night(06/15/12) from a friend so I could update it & clean it. & had to download the http://www.superantispyware.com/onlinescan.html
because I couldn't get online in safe mode with networking.
Once I got it started, I got to messing with the wi fi & got it connected so I started to update SAS which stopped the one I had going.
I eventually ran full scans with Mbam,SAS,Avast,Spybot & eset online scanner. Will post those results.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mercury mia :: MERCURYMIA-HP [administrator]

6/15/2012 9:35:46 PM
mbam-log-2012-06-15 (21-35-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 309712
Time elapsed: 32 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 35
HKCR\CrossriderApp0002258.BHO (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.BHO.1 (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.FBApi (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.FBApi.1 (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox (PUP.CrossFire.Gen) -> No action taken.
HKCR\CrossriderApp0002258.Sandbox.1 (PUP.CrossFire.Gen) -> No action taken.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (PUP.GamePlayLab) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (PUP.GamePlayLab) -> No action taken.
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\2258 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Data: 215 Apps -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Program Files (x86)\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\mercury mia\Local Settings\Application Data\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\mercury mia\Local Settings\Application Data\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\mercury mia\AppData\Local\I Want This (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\mercury mia\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Files Detected: 10
C:\Program Files (x86)\I Want This\I Want This.dll (PUP.GamePlayLab) -> No action taken.
C:\Program Files (x86)\I Want This\I Want This.dll (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisGui.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\Uninstall.exe (Adware.GamePlayLabs) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ini (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want This.ico (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Program Files (x86)\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\mercury mia\Local Settings\Application Data\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.
C:\Users\mercury mia\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Quarantined and deleted successfully.

(end)


Avast found nothing so no log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/15/2012 at 09:16 PM

Application Version : 5.0.1146

Core Rules Database Version : 8747
Trace Rules Database Version: 6559

Scan type : Complete Scan
Total Scan Time : 00:29:19

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 64952
Registry threats detected : 0
File items scanned : 41269
File threats detected : 9

Adware.Tracking Cookie
C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\4HIF7DU3.txt [ Cookie:mercury mia@media6degrees.com/ ]
C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\YKR2YX1N.txt [ Cookie:mercury mia@fidelity.rotator.hadj7.adjuggler.net/ ]
C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\04DL0EC1.txt [ Cookie:mercury mia@lucidmedia.com/ ]
C:\USERS\MERCURY MIA\AppData\Roaming\Microsoft\Windows\Cookies\Low\V1IU6078.txt [ Cookie:mercury mia@invitemedia.com/ ]
.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
ssl.clickbank.net [ C:\USERS\MERCURY MIA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QAB650BG.DEFAULT\COOKIES.SQLITE ]
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================

You've been to this forum before so you should know well what we require.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Your MBAM log says "No action taken".
Re-run MBAM, fix all issues and post new log.
 
Yes,I had already started those scans. Gmer showed no log & I don't know why Mbam said that because I did click to remove threats or words to that effect. Am re scanning with Mbam as I type (I'm on my pc as I clean the W7
I tried posting the Eset log,but it was gibberish.
 
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.16.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mercury mia :: MERCURYMIA-HP [administrator]

6/16/2012 10:09:44 AM
mbam-log-2012-06-16 (10-09-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306862
Time elapsed: 29 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|2258 (PUP.CrossFire.SA) -> Data: I Want This -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by mercury mia at 10:48:03 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3002.1586 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.kirotv.com/
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Facebook Update] "C:\Users\mercury mia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{18754E4E-0E10-409F-832B-F8D285E8A827} : DhcpNameServer = 192.168.72.2
TCP: Interfaces\{1ADD897E-8256-4D3C-8273-132D04D4B10A} : DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{A4022C6B-A71F-4FB9-B642-9A8013D8F59B} : DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{BE5F69C7-2670-40F5-B95C-FEA4CBEE171D} : NameServer = 10.177.0.34 10.168.185.116
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO-X64: WeCareReminder - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mercury mia\AppData\Roaming\Mozilla\Firefox\Profiles\uk8nq2s4.default\
FF - prefs.js: browser.startup.homepage - www.kirotv.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\mercury mia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\mercury mia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-11-6 98208]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-21 44768]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-6 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-6 1817088]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-21 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-5-30 3048136]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-3-5 2416000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-23 2886528]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 netr28ux;RT2870 USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 tmobile_mf691_dc_enum;tmobile_mf691_dc_enum;C:\Windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys --> C:\Windows\system32\DRIVERS\tmobile_mf691_dc_enum.sys [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 257696]
S3 CATmobile;T-Mobile Con App Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2011-4-6 118784]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-15 113120]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TMobileRcAppSvc;T-Mobile RcApp Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2011-4-6 114688]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 ZTEusbgps;ZTE GPS Port;C:\Windows\system32\DRIVERS\ZTEusbgps.sys --> C:\Windows\system32\DRIVERS\ZTEusbgps.sys [?]
S3 ZTEusbMB;ZTE NMEAExt2 Port;C:\Windows\system32\DRIVERS\ZTEusbnmeaext2.sys --> C:\Windows\system32\DRIVERS\ZTEusbnmeaext2.sys [?]
S3 ZTEusbwwan;ZTE MBN Miniport;C:\Windows\system32\DRIVERS\ZTEusbwwan.sys --> C:\Windows\system32\DRIVERS\ZTEusbwwan.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-16 04:28:29 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-13 01:16:09 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 01:16:09 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 01:16:09 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 01:16:01 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 01:16:00 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 01:15:59 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 01:15:57 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 01:15:56 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-02 05:17:42 -------- d-----w- C:\Users\mercury mia\AppData\Local\{309A54CD-CE10-43F7-B813-29E02C57A370}
2012-05-29 03:47:07 -------- d-----w- C:\ProgramData\PC Optimizer Pro
2012-05-23 07:09:42 -------- d-----w- C:\Program Files (x86)\MplayerforWindows
2012-05-23 07:09:35 -------- d-----w- C:\Program Files (x86)\The Weather Channel FW
2012-05-23 07:09:11 -------- d-----w- C:\ProgramData\WeCareReminder
2012-05-23 07:09:01 -------- d-----w- C:\Users\mercury mia\AppData\Local\The Weather Channel
.
==================== Find3M ====================
.
2012-06-16 04:28:22 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-06 02:46:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 02:46:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-06 02:46:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:48:36.83 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/28/2011 7:41:06 PM
System Uptime: 6/16/2012 10:03:31 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3676
Processor: Celeron(R) Dual-Core CPU T3500 @ 2.10GHz | CPU | 2094/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 247.974 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.692 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP28: 5/3/2012 4:47:44 AM - Scheduled Checkpoint
RP29: 5/9/2012 11:52:52 PM - Windows Update
RP30: 5/19/2012 8:36:32 AM - Scheduled Checkpoint
RP32: 5/28/2012 9:10:14 PM - PC Optimizer Pro Checkpoint
RP33: 6/8/2012 8:19:05 PM - Windows Update
RP34: 6/12/2012 8:22:46 PM - Windows Update
RP35: 6/15/2012 9:27:31 PM - Installed Java(TM) 6 Update 33
RP36: 6/15/2012 11:12:49 PM - Revo Uninstaller's restore point - Mozilla Firefox 13.0.1 (x86 en-US)
.
==== Installed Programs ======================
.
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
avast! Free Antivirus
Bejeweled 2 Deluxe
Belarc Advisor 8.2
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CWA Reminder by We-Care.com v4.0.19.3
CyberLink YouCam
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
Energy Star Digital Logo
Escape Rosecliff Island
ESET Online Scanner v3
ESU for Microsoft Windows 7
Facebook Video Calling 1.2.0.159
Farm Frenzy
FATE
FileHippo.com Update Checker
Final Drive Nitro
Google Earth
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP CloudDrive
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MovieStore
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 33
Jewel Quest Solitaire 2
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MplayerforWindows v2011-03-27
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Penguins!
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
Revo Uninstaller 1.94
RoxioNow Player
Skype Click to Call
Skype™ 5.9
Spybot - Search & Destroy
SpywareBlaster 4.6
TeamViewer 6
TeamViewer 7
The Weather Channel Desktop 6
VBRunDLL 3.4
VCGuard 2.1
Virtual Families
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (32-bit)
Y!Supra version 1.0.0.71
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yazak Chat 8.95.0
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/15/2012 9:17:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/15/2012 8:37:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/15/2012 8:37:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/15/2012 8:35:09 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/15/2012 8:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/15/2012 8:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/15/2012 8:01:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/15/2012 8:01:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/15/2012 8:01:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache SASDIFSV SASKUTIL spldr Wanarpv6
6/11/2012 7:33:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Skype C2C Service service.
.
==== End Of File ===========================
 
Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

========================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Will re do it next

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-16 11:23:10
-----------------------------
11:23:10.228 OS Version: Windows x64 6.1.7601 Service Pack 1
11:23:10.228 Number of processors: 2 586 0x170A
11:23:10.228 ComputerName: MERCURYMIA-HP UserName: mercury mia
11:23:11.258 Initialize success
11:23:11.351 AVAST engine defs: 12061601
11:23:48.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:23:48.947 Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
11:23:48.978 Disk 0 MBR read successfully
11:23:48.978 Disk 0 MBR scan
11:23:48.978 Disk 0 Windows 7 default MBR code
11:23:48.994 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:23:49.010 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291033 MB offset 409600
11:23:49.041 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13908 MB offset 596445184
11:23:49.056 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
11:23:49.088 Disk 0 scanning C:\Windows\system32\drivers
11:23:57.465 Service scanning
11:24:24.390 Modules scanning
11:24:24.390 Disk 0 trace - called modules:
11:24:24.422 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:24:24.422 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bb3060]
11:24:24.437 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031a6050]
11:24:25.139 AVAST engine scan C:\Windows
11:24:26.886 AVAST engine scan C:\Windows\system32
11:26:02.577 AVAST engine scan C:\Windows\system32\drivers
11:26:13.388 AVAST engine scan C:\Users\mercury mia
11:27:48.267 AVAST engine scan C:\ProgramData
11:29:50.135 Scan finished successfully
11:44:03.690 Disk 0 MBR has been saved successfully to "C:\Users\mercury mia\Desktop\MBR.dat"
11:44:03.690 The log file has been saved successfully to "C:\Users\mercury mia\Desktop\aswMBR.txt"
 
Aaahhh miracles never cease.
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`0c800000

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Ok, everything went fine till I tried to exit notepad & it wouldn't close. I backed out & retried but still no go.
 
Here
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.NOTEPAD would not close so I knew of no way to continue.
  • I followed the directions exactly,but got stuck there
 
Scan result of Farbar Recovery Scan Tool Version: 16-06-2012
Ran by SYSTEM at 16-06-2012 15:16:09
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-20] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-09-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-09-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-09-07] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a [12800 2011-04-15] (T-Mobile)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4241512 2012-03-06] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\mercury mia\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6497592 2011-11-23] (Yahoo! Inc.)
HKU\mercury mia\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17356424 2012-04-05] (Skype Technologies S.A.)
HKU\mercury mia\...\Run: [Facebook Update] "C:\Users\mercury mia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [137536 2012-05-06] (Facebook Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54
Tcpip\..\Interfaces\{BE5F69C7-2670-40F5-B95C-FEA4CBEE171D}: [NameServer]10.177.0.34 10.168.185.116

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2012-03-06] (AVAST Software)
3 CATmobile; "C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe" /n "CATmobile" [118784 2011-04-06] (SmithMicro Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [26680 2010-11-09] (Hewlett-Packard Development Company, L.P.)
3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [113120 2012-06-01] (Mozilla Foundation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
3 TMobileRcAppSvc; "C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe" /n "TMobileRcAppSvc" [114688 2011-04-06] (SmithMicro Inc.)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2012-03-06] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [69976 2012-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [53080 2012-03-06] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [819032 2012-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [337240 2012-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59224 2012-03-06] (AVAST Software)
3 clwvd; C:\Windows\System32\Drivers\clwvd.sys [31088 2011-02-09] (CyberLink Corporation)
3 massfilter; C:\Windows\System32\Drivers\massfilter.sys [11776 2010-10-20] (MBB Incorporated)
3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [867328 2009-06-10] (Ralink Technology Corp.)
3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2011-04-06] (Smith Micro Inc.)
3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1142376 2011-03-01] (Realtek Semiconductor Corporation )
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 tmobile_mf691_dc_enum; C:\Windows\System32\Drivers\tmobile_mf691_dc_enum.sys [75776 2010-04-09] (T-Mobile)
3 ZTEusbgps; C:\Windows\System32\Drivers\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated)
3 ZTEusbMB; C:\Windows\System32\DRIVERS\ZTEusbnmeaext2.sys [123520 2010-12-08] (ZTE Incorporated)
3 ZTEusbmdm6k; C:\Windows\System32\Drivers\ZTEusbmdm6k.sys [123520 2010-12-08] (ZTE Incorporated)
3 ZTEusbnmea; C:\Windows\System32\Drivers\ZTEusbnmea.sys [123520 2010-12-08] (ZTE Incorporated)
3 ZTEusbser6k; C:\Windows\System32\Drivers\ZTEusbser6k.sys [123520 2010-12-08] (ZTE Incorporated)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-16 15:15 - 2012-06-16 15:16 - 00000000 ____D C:\FRST
2012-06-16 10:44 - 2012-06-16 10:44 - 00002029 ____A C:\Users\mercury mia\Desktop\aswMBR.txt
2012-06-16 10:44 - 2012-06-16 10:44 - 00000512 ____A C:\Users\mercury mia\Desktop\MBR.dat
2012-06-16 10:22 - 2012-06-16 10:22 - 04731392 ____A (AVAST Software) C:\Users\mercury mia\Desktop\aswMBR.exe
2012-06-16 10:03 - 2012-06-16 10:16 - 00052506 ____A C:\Users\mercury mia\Desktop\bootkit_remover.zip
2012-06-16 09:44 - 2012-06-16 09:44 - 00607260 ____R (Swearware) C:\Users\mercury mia\Desktop\dds.scr
2012-06-16 08:38 - 2012-06-16 08:38 - 00302592 ____A C:\Users\mercury mia\Downloads\v23p7dmm.exe
2012-06-16 04:58 - 2012-06-16 04:58 - 00000206 ____A C:\Windows\wininit.ini
2012-06-15 22:27 - 2012-06-15 22:27 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-15 22:26 - 2012-06-15 22:26 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\U3
2012-06-15 22:06 - 2012-06-15 22:06 - 00001264 ____A C:\Users\mercury mia\Desktop\Revo Uninstaller.lnk
2012-06-15 21:20 - 2012-06-15 21:20 - 00000000 ____D C:\Users\mercury mia\Downloads\New folder
2012-06-15 20:28 - 2012-06-15 20:28 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-15 20:28 - 2012-06-15 20:28 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-15 20:28 - 2012-06-15 20:28 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-15 20:18 - 2012-06-16 04:59 - 00009154 ____A C:\Windows\PFRO.log
2012-06-15 19:41 - 2012-06-15 19:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-15 19:00 - 2012-06-15 19:45 - 00084902 ____A C:\Windows\ntbtlog.txt
2012-06-12 19:23 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-12 19:23 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-12 19:23 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-12 19:23 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-12 19:23 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-12 19:23 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-12 19:23 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-12 19:23 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-12 19:23 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-12 19:23 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-12 19:23 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-12 19:23 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-12 19:23 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-12 19:23 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-12 19:23 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-12 19:23 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-12 19:23 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-12 19:23 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-12 19:23 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-12 19:23 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-12 19:23 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-12 19:23 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-12 19:23 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-12 19:23 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-12 19:23 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-12 19:23 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-12 19:23 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-12 19:23 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-12 19:17 - 2012-06-12 19:17 - 00000011 ____A C:\Users\mercury mia\Desktop\rey.txt
2012-06-12 17:16 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 17:16 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 17:16 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 17:16 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 17:16 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 17:15 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-12 17:15 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 17:15 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-02 08:08 - 2012-06-16 13:31 - 00002474 ____A C:\Windows\setupact.log
2012-06-02 08:08 - 2012-06-02 08:08 - 00000000 ____A C:\Windows\setuperr.log
2012-06-01 21:17 - 2012-06-01 21:17 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{309A54CD-CE10-43F7-B813-29E02C57A370}
2012-05-31 18:45 - 2012-06-01 09:30 - 00000450 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2012-05-28 20:11 - 2012-06-16 10:00 - 00000422 ____A C:\Windows\Tasks\PC Optimizer Pro64 Scan.job
2012-05-28 19:47 - 2012-06-16 13:33 - 00000426 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-05-28 19:47 - 2012-05-28 20:11 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-05-22 23:09 - 2012-05-22 23:10 - 00000000 ____D C:\Program Files (x86)\MplayerforWindows
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\mercury mia\AppData\Local\The Weather Channel
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\All Users\WeCareReminder
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Program Files (x86)\The Weather Channel FW

============ 3 Months Modified Files and Folders =============

2012-06-16 15:16 - 2012-06-16 15:15 - 00000000 ____D C:\FRST
2012-06-16 14:06 - 2011-11-06 01:49 - 01989728 ____A C:\Windows\WindowsUpdate.log
2012-06-16 14:05 - 2012-04-13 19:06 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\Skype
2012-06-16 13:46 - 2012-03-31 10:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-16 13:38 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-16 13:38 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-16 13:35 - 2009-07-13 21:13 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-16 13:33 - 2012-05-28 19:47 - 00000426 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2012-06-16 13:31 - 2012-06-02 08:08 - 00002474 ____A C:\Windows\setupact.log
2012-06-16 13:31 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-16 10:44 - 2012-06-16 10:44 - 00002029 ____A C:\Users\mercury mia\Desktop\aswMBR.txt
2012-06-16 10:44 - 2012-06-16 10:44 - 00000512 ____A C:\Users\mercury mia\Desktop\MBR.dat
2012-06-16 10:22 - 2012-06-16 10:22 - 04731392 ____A (AVAST Software) C:\Users\mercury mia\Desktop\aswMBR.exe
2012-06-16 10:16 - 2012-06-16 10:03 - 00052506 ____A C:\Users\mercury mia\Desktop\bootkit_remover.zip
2012-06-16 10:00 - 2012-05-28 20:11 - 00000422 ____A C:\Windows\Tasks\PC Optimizer Pro64 Scan.job
2012-06-16 09:44 - 2012-06-16 09:44 - 00607260 ____R (Swearware) C:\Users\mercury mia\Desktop\dds.scr
2012-06-16 09:35 - 2012-05-06 21:30 - 00000952 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278694750-386021917-3242230559-1000UA.job
2012-06-16 08:38 - 2012-06-16 08:38 - 00302592 ____A C:\Users\mercury mia\Downloads\v23p7dmm.exe
2012-06-16 08:21 - 2012-04-21 07:24 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-06-16 04:59 - 2012-06-15 20:18 - 00009154 ____A C:\Windows\PFRO.log
2012-06-16 04:58 - 2012-06-16 04:58 - 00000206 ____A C:\Windows\wininit.ini
2012-06-15 22:28 - 2012-03-31 09:53 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\Mozilla
2012-06-15 22:27 - 2012-06-15 22:27 - 00001130 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-15 22:27 - 2012-06-15 22:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-15 22:26 - 2012-06-15 22:26 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\U3
2012-06-15 22:06 - 2012-06-15 22:06 - 00001264 ____A C:\Users\mercury mia\Desktop\Revo Uninstaller.lnk
2012-06-15 21:35 - 2012-05-06 21:30 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278694750-386021917-3242230559-1000Core.job
2012-06-15 21:20 - 2012-06-15 21:20 - 00000000 ____D C:\Users\mercury mia\Downloads\New folder
2012-06-15 21:14 - 2011-12-28 19:41 - 00000000 ____D C:\users\mercury mia
2012-06-15 20:28 - 2012-06-15 20:28 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-15 20:28 - 2012-06-15 20:28 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-15 20:28 - 2012-06-15 20:28 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-15 20:28 - 2012-06-15 20:28 - 00000000 ____D C:\Program Files (x86)\Java
2012-06-15 20:28 - 2011-04-09 13:21 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-15 19:45 - 2012-06-15 19:00 - 00084902 ____A C:\Windows\ntbtlog.txt
2012-06-15 19:43 - 2012-04-21 07:31 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-15 19:42 - 2012-04-21 07:21 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-06-15 19:41 - 2012-06-15 19:41 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-15 18:57 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-06-15 18:43 - 2012-01-18 19:39 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleFormercury mia.job
2012-06-13 17:51 - 2012-01-10 18:05 - 00000000 ____D C:\Users\mercury mia\Documents\Youcam
2012-06-13 17:46 - 2009-07-13 20:45 - 00276104 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-12 19:25 - 2012-04-02 14:52 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-12 19:17 - 2012-06-12 19:17 - 00000011 ____A C:\Users\mercury mia\Desktop\rey.txt
2012-06-11 18:34 - 2012-04-13 19:05 - 00000000 ____D C:\Users\All Users\Skype
2012-06-11 18:31 - 2012-01-10 17:57 - 00000352 ____A C:\Windows\Tasks\HPCeeScheduleForMERCURYMIA-HP$.job
2012-06-02 17:06 - 2012-01-29 18:30 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-02 17:06 - 2012-01-11 20:53 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-02 08:08 - 2012-06-02 08:08 - 00000000 ____A C:\Windows\setuperr.log
2012-06-01 21:53 - 2012-01-17 20:47 - 00000000 ____D C:\Windows\Minidump
2012-06-01 21:53 - 2012-01-12 09:00 - 00000000 ____D C:\Users\mercury mia\AppData\Local\CrashDumps
2012-06-01 21:17 - 2012-06-01 21:17 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{309A54CD-CE10-43F7-B813-29E02C57A370}
2012-06-01 09:30 - 2012-05-31 18:45 - 00000450 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job
2012-05-28 20:11 - 2012-05-28 19:47 - 00000000 ____D C:\Users\All Users\PC Optimizer Pro
2012-05-26 11:46 - 2012-01-13 22:51 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Windows Live
2012-05-22 23:10 - 2012-05-22 23:09 - 00000000 ____D C:\Program Files (x86)\MplayerforWindows
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\mercury mia\AppData\Local\The Weather Channel
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Users\All Users\WeCareReminder
2012-05-22 23:09 - 2012-05-22 23:09 - 00000000 ____D C:\Program Files (x86)\The Weather Channel FW
2012-05-22 23:09 - 2012-03-24 20:45 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Google
2012-05-22 23:07 - 2011-12-28 19:41 - 00000000 ____D C:\Users\mercury mia\AppData\LocalLow
2012-05-22 21:03 - 2012-04-21 13:19 - 00000000 ____D C:\Users\mercury mia\AppData\Local\ElevatedDiagnostics
2012-05-17 18:47 - 2012-06-12 19:23 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-12 19:23 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-12 19:23 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-12 19:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-12 19:23 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-12 19:23 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-12 19:23 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-12 19:23 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-12 19:23 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-12 19:23 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-12 19:23 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-12 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-12 19:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-12 19:23 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-12 19:23 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-12 19:23 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-12 19:23 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-12 19:23 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-12 19:23 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-12 19:23 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-12 19:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-12 19:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-12 19:23 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-12 19:23 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-12 19:23 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-12 19:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-12 19:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-12 19:23 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 06:32 - 2009-07-13 21:08 - 00032604 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-14 17:32 - 2012-06-12 17:15 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 20:23 - 2011-12-28 19:59 - 00000000 ___RD C:\Users\mercury mia\Desktop\ALL FILE MIA
2012-05-12 20:21 - 2012-03-25 09:50 - 00000000 ___RD C:\Users\mercury mia\Desktop\mercury all picture files
2012-05-06 21:30 - 2012-05-06 21:30 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Facebook
2012-05-06 21:11 - 2012-04-13 19:06 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-05-05 18:46 - 2012-03-31 11:46 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 18:46 - 2012-03-31 10:13 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 18:46 - 2011-12-28 19:56 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-04 03:06 - 2012-06-12 17:16 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 17:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 17:15 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-03 03:04 - 2011-12-28 22:05 - 00000991 ____A C:\Users\Public\Desktop\Y!Supra.lnk
2012-05-03 03:04 - 2011-12-28 22:05 - 00000000 ____D C:\Program Files (x86)\Y!Supra
2012-04-27 19:55 - 2012-06-12 17:15 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-12 17:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 17:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 17:16 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-21 12:53 - 2012-04-13 19:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-04-21 12:46 - 2012-04-21 12:46 - 00000000 ____D C:\Program Files (x86)\FileHippo.com
2012-04-21 11:53 - 2012-04-21 07:50 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-21 10:32 - 2012-04-21 10:32 - 00000000 ____D C:\Program Files (x86)\ESET
2012-04-21 10:32 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-04-21 09:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2012-04-21 09:21 - 2007-01-01 17:25 - 00000000 ____D C:\Windows\Panther
2012-04-21 08:32 - 2012-04-21 08:32 - 00000000 ____D C:\Users\mercury mia\AppData\Local\visi_coupon
2012-04-21 08:32 - 2011-12-28 19:56 - 00000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-21 08:30 - 2012-04-21 08:30 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2012-04-21 07:50 - 2012-04-21 07:50 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-04-21 07:49 - 2012-04-21 07:49 - 00000000 ____D C:\Program Files\AVAST Software
2012-04-21 07:45 - 2012-04-21 07:45 - 00000000 ____D C:\Program Files (x86)\Belarc
2012-04-21 07:39 - 2012-04-21 07:38 - 03231632 ____A C:\Users\mercury mia\Downloads\advisorinstaller.exe
2012-04-21 07:36 - 2012-04-21 07:36 - 00000000 ____D C:\Program Files\CCleaner
2012-04-21 07:34 - 2012-04-21 07:34 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\Malwarebytes
2012-04-21 07:34 - 2012-04-21 07:34 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-04-21 07:34 - 2012-04-21 07:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-21 07:32 - 2012-04-21 07:31 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-21 07:25 - 2012-04-21 07:25 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\SUPERAntiSpyware.com
2012-04-21 07:24 - 2012-04-21 07:24 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-21 07:19 - 2011-11-06 02:04 - 00000000 ____D C:\Users\All Users\Norton
2012-04-21 07:18 - 2011-11-06 02:04 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-04-21 07:17 - 2011-11-06 02:03 - 00000000 ____D C:\Users\All Users\NortonInstaller
2012-04-18 12:34 - 2011-12-28 19:48 - 00057952 ____A C:\Users\mercury mia\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-18 12:31 - 2012-04-18 12:31 - 00002055 ____A C:\Users\Public\Desktop\T-Mobile webConnect Manager.lnk
2012-04-18 12:31 - 2012-04-18 12:31 - 00000000 ____D C:\HWDrivers
2012-04-18 12:31 - 2012-01-13 22:40 - 00236386 ____A C:\drivers.log
2012-04-18 12:30 - 2012-04-18 12:30 - 00000000 ____D C:\Program Files (x86)\T-Mobile
2012-04-18 12:26 - 2012-04-18 12:26 - 00000000 ____D C:\Users\All Users\T-Mobile
2012-04-18 11:54 - 2012-01-15 14:19 - 00196608 ____A C:\Windows\System32\Ikeext.etl
2012-04-18 11:54 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-04-13 19:05 - 2012-04-13 19:05 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-04-13 19:04 - 2012-04-13 19:04 - 00944264 ____A (Skype Technologies S.A.) C:\Users\mercury mia\Downloads\SkypeSetup.exe
2012-04-13 15:59 - 2012-04-13 15:59 - 00000000 ___AH C:\Users\mercury mia\Documents\Default.rdp
2012-04-13 14:58 - 2012-04-13 14:58 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(4).exe
2012-04-13 14:58 - 2012-04-13 14:58 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(3).exe
2012-04-13 14:57 - 2012-04-13 14:57 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(2).exe
2012-04-13 13:28 - 2012-04-13 13:28 - 00000000 ____D C:\Users\Public\CyberLink
2012-04-12 18:36 - 2011-04-09 13:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-04-12 18:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Help
2012-04-12 18:33 - 2012-04-12 18:33 - 00002179 ____A C:\Users\Public\Desktop\HP Support Assistant.lnk
2012-04-12 18:33 - 2011-04-09 13:02 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2012-04-12 18:31 - 2012-04-12 18:31 - 00000000 ____D C:\Users\All Users\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
2012-04-12 18:29 - 2011-02-10 11:23 - 00000000 ____D C:\SWSetup
2012-04-11 14:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\LiveKernelReports
2012-04-04 14:56 - 2012-04-21 07:34 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 06:34 - 2011-11-06 02:04 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-03 20:11 - 2012-04-03 00:54 - 00864034 ____A C:\Users\mercury mia\Desktop\Vc Sync 2.0.0.2 Ced By Junaid_Mad1.rar
2012-04-03 08:09 - 2012-04-03 08:08 - 00000000 ____D C:\Program Files (x86)\VCGuard
2012-04-03 08:08 - 2012-04-03 08:08 - 00000905 ____A C:\Users\mercury mia\Desktop\VCGuard.lnk
2012-04-03 08:07 - 2012-04-03 08:06 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\WinRAR
2012-04-03 08:06 - 2012-04-03 08:06 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-04-03 00:56 - 2012-04-03 00:56 - 00345553 ____A C:\Users\mercury mia\Desktop\VCguardWithVoiceDominancev2[1][1].1.58.zip
2012-04-01 17:29 - 2012-04-01 17:29 - 00424072 ____A (Yahoo! Inc.) C:\Users\mercury mia\Downloads\msgr11us(1).exe
2012-03-31 10:13 - 2012-03-31 10:13 - 00000000 ____D C:\Users\All Users\McAfee
2012-03-31 09:58 - 2012-03-31 09:58 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{988699E0-7950-4A4B-BE1E-8D10552E66A5}
2012-03-31 09:58 - 2012-03-31 09:58 - 00000000 ____D C:\Users\mercury mia\AppData\Local\{01C432D5-C7A8-4EE3-83C6-0A4F976F013B}
2012-03-31 09:53 - 2012-03-31 09:53 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Mozilla
2012-03-31 09:52 - 2012-03-31 09:52 - 15022488 ____A (Mozilla) C:\Users\mercury mia\Downloads\yahoo_firefox_8.0.1_setup_us.exe
2012-03-30 03:35 - 2012-05-09 22:47 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-30 01:01 - 2012-03-30 00:48 - 00000000 ____D C:\Users\mercury mia\AppData\Roaming\TeamViewer
2012-03-26 04:29 - 2011-12-28 19:43 - 00000000 ____D C:\Users\mercury mia\AppData\Local\Hewlett-Packard
2012-03-26 00:40 - 2012-03-26 00:40 - 00001090 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-03-26 00:40 - 2012-03-24 19:42 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2012-03-24 20:14 - 2012-03-24 20:09 - 00000000 ____D C:\Users\mercury mia\Documents\MY YazakChat Files
2012-03-24 20:09 - 2012-03-24 20:09 - 02137995 ____A (ZakFromAnotherPlanet) C:\Users\mercury mia\Downloads\VbRunDLLv3sp6.exe
2012-03-24 20:09 - 2012-03-24 20:09 - 00001217 ____A C:\Users\Public\Desktop\Yazak.exe.lnk
2012-03-24 20:09 - 2012-03-24 20:08 - 00000000 ____D C:\Program Files (x86)\ZakFromAnotherPlanet
2012-03-24 20:08 - 2012-03-24 20:08 - 00975478 ____A (ZakFromAnotherPlanet) C:\Users\mercury mia\Downloads\Yazak_Install.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 3001.89 MB
Available physical RAM: 2367.05 MB
Total Pagefile: 3000.04 MB
Available Pagefile: 2357.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:284.21 GB) (Free:247.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.58 GB) (Free:1.69 GB) NTFS
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive I: (CRUZER 2GB) (Removable) (Total:1.91 GB) (Free:1.59 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1953 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 284 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E RECOVERY NTFS Partition 13 GB Healthy

======================================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 103 MB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1952 MB 122 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I CRUZER 2GB FAT Removable 1952 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-12 18:45

======================= End Of Log ==========================
 
That looks good.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
15:36:50.0289 4400 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
15:36:50.0850 4400 ============================================================
15:36:50.0850 4400 Current date / time: 2012/06/16 15:36:50.0850
15:36:50.0850 4400 SystemInfo:
15:36:50.0850 4400
15:36:50.0850 4400 OS Version: 6.1.7601 ServicePack: 1.0
15:36:50.0850 4400 Product type: Workstation
15:36:50.0850 4400 ComputerName: MERCURYMIA-HP
15:36:50.0850 4400 UserName: mercury mia
15:36:50.0850 4400 Windows directory: C:\Windows
15:36:50.0850 4400 System windows directory: C:\Windows
15:36:50.0850 4400 Running under WOW64
15:36:50.0850 4400 Processor architecture: Intel x64
15:36:50.0850 4400 Number of processors: 2
15:36:50.0850 4400 Page size: 0x1000
15:36:50.0850 4400 Boot type: Normal boot
15:36:50.0850 4400 ============================================================
15:36:51.0490 4400 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:36:51.0505 4400 Drive \Device\Harddisk1\DR2 - Size: 0x7A1D1C00 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:36:51.0505 4400 ============================================================
15:36:51.0505 4400 \Device\Harddisk0\DR0:
15:36:51.0505 4400 MBR partitions:
15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2386C800
15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x238D0800, BlocksNum 0x1B2A000
15:36:51.0505 4400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
15:36:51.0505 4400 \Device\Harddisk1\DR2:
15:36:51.0505 4400 MBR partitions:
15:36:51.0505 4400 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x6, StartLBA 0xF5, BlocksNum 0x3D070B
15:36:51.0505 4400 ============================================================
15:36:51.0537 4400 C: <-> \Device\Harddisk0\DR0\Partition1
15:36:51.0599 4400 D: <-> \Device\Harddisk0\DR0\Partition2
15:36:51.0599 4400 ============================================================
15:36:51.0599 4400 Initialize success
15:36:51.0599 4400 ============================================================
15:37:09.0024 4164 ============================================================
15:37:09.0024 4164 Scan started
15:37:09.0024 4164 Mode: Manual;
15:37:09.0024 4164 ============================================================
15:37:09.0352 4164 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:37:09.0352 4164 !SASCORE - ok
15:37:09.0555 4164 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:37:09.0555 4164 1394ohci - ok
15:37:09.0633 4164 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:37:09.0648 4164 ACPI - ok
15:37:09.0664 4164 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:37:09.0679 4164 AcpiPmi - ok
15:37:09.0804 4164 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:37:09.0804 4164 AdobeFlashPlayerUpdateSvc - ok
15:37:09.0867 4164 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:37:09.0882 4164 adp94xx - ok
15:37:09.0945 4164 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:37:09.0945 4164 adpahci - ok
15:37:09.0976 4164 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:37:09.0976 4164 adpu320 - ok
15:37:10.0023 4164 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:37:10.0023 4164 AeLookupSvc - ok
15:37:10.0101 4164 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
15:37:10.0101 4164 AERTFilters - ok
15:37:10.0179 4164 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:37:10.0179 4164 AFD - ok
15:37:10.0210 4164 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:37:10.0210 4164 agp440 - ok
15:37:10.0241 4164 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:37:10.0257 4164 ALG - ok
15:37:10.0272 4164 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:37:10.0272 4164 aliide - ok
15:37:10.0303 4164 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:37:10.0303 4164 amdide - ok
15:37:10.0366 4164 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:37:10.0366 4164 AmdK8 - ok
15:37:10.0397 4164 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:37:10.0397 4164 AmdPPM - ok
15:37:10.0428 4164 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:37:10.0428 4164 amdsata - ok
15:37:10.0459 4164 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:37:10.0459 4164 amdsbs - ok
15:37:10.0491 4164 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:37:10.0491 4164 amdxata - ok
15:37:10.0584 4164 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:37:10.0584 4164 AppID - ok
15:37:10.0600 4164 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:37:10.0600 4164 AppIDSvc - ok
15:37:10.0631 4164 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:37:10.0631 4164 Appinfo - ok
15:37:10.0678 4164 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:37:10.0678 4164 arc - ok
15:37:10.0709 4164 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:37:10.0725 4164 arcsas - ok
15:37:10.0756 4164 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
15:37:10.0756 4164 aswFsBlk - ok
15:37:10.0803 4164 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
15:37:10.0803 4164 aswMonFlt - ok
15:37:10.0865 4164 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
15:37:10.0865 4164 aswRdr - ok
15:37:10.0943 4164 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
15:37:10.0943 4164 aswSnx - ok
15:37:11.0021 4164 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
15:37:11.0021 4164 aswSP - ok
15:37:11.0068 4164 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
15:37:11.0068 4164 aswTdi - ok
15:37:11.0099 4164 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:37:11.0099 4164 AsyncMac - ok
15:37:11.0130 4164 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:37:11.0130 4164 atapi - ok
15:37:11.0208 4164 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:37:11.0208 4164 AudioEndpointBuilder - ok
15:37:11.0224 4164 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:37:11.0224 4164 AudioSrv - ok
15:37:11.0317 4164 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:37:11.0317 4164 avast! Antivirus - ok
15:37:11.0395 4164 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:37:11.0395 4164 AxInstSV - ok
15:37:11.0473 4164 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:37:11.0473 4164 b06bdrv - ok
15:37:11.0520 4164 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:37:11.0536 4164 b57nd60a - ok
15:37:11.0614 4164 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
15:37:11.0629 4164 BCM43XX - ok
15:37:11.0661 4164 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:37:11.0661 4164 BDESVC - ok
15:37:11.0723 4164 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:37:11.0723 4164 Beep - ok
15:37:11.0785 4164 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:37:11.0801 4164 BFE - ok
15:37:11.0848 4164 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:37:11.0863 4164 BITS - ok
15:37:11.0910 4164 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
15:37:11.0910 4164 blbdrive - ok
15:37:11.0957 4164 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:37:11.0957 4164 bowser - ok
15:37:11.0988 4164 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:37:11.0988 4164 BrFiltLo - ok
15:37:12.0019 4164 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:37:12.0035 4164 BrFiltUp - ok
15:37:12.0066 4164 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:37:12.0066 4164 Browser - ok
15:37:12.0113 4164 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:37:12.0113 4164 Brserid - ok
15:37:12.0160 4164 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:37:12.0160 4164 BrSerWdm - ok
15:37:12.0175 4164 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:37:12.0175 4164 BrUsbMdm - ok
15:37:12.0207 4164 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:37:12.0207 4164 BrUsbSer - ok
15:37:12.0238 4164 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:37:12.0238 4164 BTHMODEM - ok
15:37:12.0285 4164 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:37:12.0285 4164 bthserv - ok
15:37:12.0378 4164 CATmobile (2e77ddd520e243a8acf964ba474266a6) C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe
15:37:12.0378 4164 CATmobile - ok
15:37:12.0409 4164 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:37:12.0409 4164 cdfs - ok
15:37:12.0456 4164 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:37:12.0456 4164 cdrom - ok
15:37:12.0487 4164 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:37:12.0487 4164 CertPropSvc - ok
15:37:12.0534 4164 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:37:12.0534 4164 circlass - ok
15:37:12.0597 4164 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:37:12.0597 4164 CLFS - ok
15:37:12.0675 4164 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:37:12.0675 4164 clr_optimization_v2.0.50727_32 - ok
15:37:12.0721 4164 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:37:12.0737 4164 clr_optimization_v2.0.50727_64 - ok
15:37:12.0753 4164 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
15:37:12.0753 4164 clwvd - ok
15:37:12.0799 4164 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:37:12.0799 4164 CmBatt - ok
15:37:12.0815 4164 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:37:12.0815 4164 cmdide - ok
15:37:12.0877 4164 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:37:12.0893 4164 CNG - ok
15:37:12.0940 4164 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:37:12.0940 4164 Compbatt - ok
15:37:12.0987 4164 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:37:12.0987 4164 CompositeBus - ok
15:37:12.0987 4164 COMSysApp - ok
15:37:13.0018 4164 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:37:13.0018 4164 crcdisk - ok
15:37:13.0065 4164 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:37:13.0065 4164 CryptSvc - ok
15:37:13.0127 4164 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:37:13.0143 4164 DcomLaunch - ok
15:37:13.0174 4164 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:37:13.0174 4164 defragsvc - ok
15:37:13.0221 4164 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:37:13.0221 4164 DfsC - ok
15:37:13.0283 4164 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:37:13.0299 4164 Dhcp - ok
15:37:13.0314 4164 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:37:13.0314 4164 discache - ok
15:37:13.0361 4164 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:37:13.0361 4164 Disk - ok
15:37:13.0392 4164 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:37:13.0408 4164 Dnscache - ok
15:37:13.0439 4164 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:37:13.0455 4164 dot3svc - ok
15:37:13.0470 4164 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:37:13.0486 4164 DPS - ok
15:37:13.0517 4164 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:37:13.0517 4164 drmkaud - ok
15:37:13.0579 4164 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:37:13.0595 4164 DXGKrnl - ok
15:37:13.0626 4164 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:37:13.0626 4164 EapHost - ok
15:37:13.0813 4164 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:37:13.0845 4164 ebdrv - ok
15:37:13.0938 4164 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:37:13.0938 4164 EFS - ok
15:37:14.0047 4164 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:37:14.0063 4164 ehRecvr - ok
15:37:14.0094 4164 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:37:14.0094 4164 ehSched - ok
15:37:14.0172 4164 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:37:14.0188 4164 elxstor - ok
15:37:14.0203 4164 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:37:14.0203 4164 ErrDev - ok
15:37:14.0266 4164 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:37:14.0281 4164 EventSystem - ok
15:37:14.0328 4164 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:37:14.0328 4164 exfat - ok
15:37:14.0359 4164 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:37:14.0359 4164 fastfat - ok
15:37:14.0422 4164 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:37:14.0422 4164 Fax - ok
15:37:14.0453 4164 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:37:14.0469 4164 fdc - ok
15:37:14.0500 4164 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:37:14.0500 4164 fdPHost - ok
15:37:14.0515 4164 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:37:14.0515 4164 FDResPub - ok
15:37:14.0547 4164 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:37:14.0547 4164 FileInfo - ok
15:37:14.0562 4164 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:37:14.0562 4164 Filetrace - ok
15:37:14.0593 4164 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:37:14.0593 4164 flpydisk - ok
15:37:14.0640 4164 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:37:14.0656 4164 FltMgr - ok
15:37:14.0734 4164 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:37:14.0749 4164 FontCache - ok
15:37:14.0827 4164 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:37:14.0827 4164 FontCache3.0.0.0 - ok
15:37:14.0874 4164 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:37:14.0874 4164 FsDepends - ok
15:37:14.0905 4164 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:37:14.0905 4164 Fs_Rec - ok
15:37:14.0952 4164 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:37:14.0952 4164 fvevol - ok
15:37:14.0999 4164 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:37:14.0999 4164 gagp30kx - ok
15:37:15.0093 4164 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:37:15.0093 4164 GameConsoleService - ok
15:37:15.0155 4164 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:37:15.0171 4164 gpsvc - ok
15:37:15.0186 4164 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:37:15.0186 4164 hcw85cir - ok
15:37:15.0264 4164 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:37:15.0280 4164 HdAudAddService - ok
15:37:15.0342 4164 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:37:15.0342 4164 HDAudBus - ok
15:37:15.0373 4164 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:37:15.0373 4164 HidBatt - ok
15:37:15.0405 4164 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:37:15.0405 4164 HidBth - ok
15:37:15.0436 4164 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:37:15.0436 4164 HidIr - ok
15:37:15.0467 4164 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:37:15.0467 4164 hidserv - ok
15:37:15.0514 4164 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:37:15.0514 4164 HidUsb - ok
15:37:15.0545 4164 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:37:15.0545 4164 hkmsvc - ok
15:37:15.0576 4164 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:37:15.0592 4164 HomeGroupListener - ok
15:37:15.0623 4164 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:37:15.0623 4164 HomeGroupProvider - ok
15:37:15.0732 4164 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:37:15.0732 4164 HP Support Assistant Service - ok
15:37:15.0841 4164 HP Wireless Assistant Service (c930128c8f8ff03d8f8c42b570920d56) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
15:37:15.0841 4164 HP Wireless Assistant Service - ok
15:37:15.0904 4164 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
15:37:15.0919 4164 HPAuto - ok
15:37:15.0966 4164 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
15:37:15.0982 4164 HPClientSvc - ok
15:37:16.0060 4164 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:37:16.0060 4164 HPDrvMntSvc.exe - ok
15:37:16.0138 4164 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
15:37:16.0138 4164 hpqwmiex - ok
15:37:16.0263 4164 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:37:16.0263 4164 HpSAMD - ok
15:37:16.0341 4164 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
15:37:16.0356 4164 HPWMISVC - ok
15:37:16.0419 4164 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:37:16.0434 4164 HTTP - ok
15:37:16.0450 4164 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:37:16.0450 4164 hwpolicy - ok
15:37:16.0497 4164 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:37:16.0497 4164 i8042prt - ok
15:37:16.0559 4164 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
15:37:16.0575 4164 iaStor - ok
15:37:16.0668 4164 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:37:16.0668 4164 IAStorDataMgrSvc - ok
15:37:16.0731 4164 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:37:16.0731 4164 iaStorV - ok
15:37:16.0871 4164 IconMan_R (e4693409d06785477a49fb34afae1b92) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
15:37:16.0887 4164 IconMan_R - ok
15:37:17.0027 4164 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:37:17.0043 4164 idsvc - ok
15:37:17.0620 4164 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
15:37:17.0823 4164 igfx - ok
15:37:17.0947 4164 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:37:17.0963 4164 iirsp - ok
15:37:18.0025 4164 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:37:18.0041 4164 IKEEXT - ok
15:37:18.0197 4164 IntcAzAudAddService (336c3a6bf14d5a9af35af07c6b6b29cd) C:\Windows\system32\drivers\RTKVHD64.sys
15:37:18.0213 4164 IntcAzAudAddService - ok
15:37:18.0337 4164 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:37:18.0337 4164 intelide - ok
15:37:18.0369 4164 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:37:18.0369 4164 intelppm - ok
15:37:18.0400 4164 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:37:18.0415 4164 IPBusEnum - ok
15:37:18.0431 4164 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:37:18.0431 4164 IpFilterDriver - ok
15:37:18.0493 4164 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:37:18.0509 4164 iphlpsvc - ok
15:37:18.0540 4164 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:37:18.0540 4164 IPMIDRV - ok
15:37:18.0556 4164 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:37:18.0571 4164 IPNAT - ok
15:37:18.0603 4164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:37:18.0603 4164 IRENUM - ok
15:37:18.0634 4164 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:37:18.0634 4164 isapnp - ok
15:37:18.0681 4164 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:37:18.0681 4164 iScsiPrt - ok
15:37:18.0712 4164 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:37:18.0712 4164 kbdclass - ok
15:37:18.0759 4164 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:37:18.0759 4164 kbdhid - ok
15:37:18.0790 4164 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:37:18.0790 4164 KeyIso - ok
15:37:18.0805 4164 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:37:18.0821 4164 KSecDD - ok
15:37:18.0837 4164 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:37:18.0837 4164 KSecPkg - ok
15:37:18.0868 4164 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:37:18.0868 4164 ksthunk - ok
15:37:18.0915 4164 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:37:18.0930 4164 KtmRm - ok
15:37:18.0993 4164 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:37:18.0993 4164 LanmanServer - ok
15:37:19.0008 4164 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:37:19.0008 4164 LanmanWorkstation - ok
15:37:19.0071 4164 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:37:19.0071 4164 lltdio - ok
15:37:19.0102 4164 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:37:19.0117 4164 lltdsvc - ok
15:37:19.0133 4164 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:37:19.0133 4164 lmhosts - ok
15:37:19.0180 4164 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:37:19.0180 4164 LSI_FC - ok
15:37:19.0227 4164 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:37:19.0227 4164 LSI_SAS - ok
15:37:19.0242 4164 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:37:19.0242 4164 LSI_SAS2 - ok
15:37:19.0273 4164 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:37:19.0273 4164 LSI_SCSI - ok
15:37:19.0305 4164 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:37:19.0305 4164 luafv - ok
15:37:19.0336 4164 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\drivers\massfilter.sys
15:37:19.0336 4164 massfilter - ok
15:37:19.0383 4164 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:37:19.0383 4164 Mcx2Svc - ok
15:37:19.0414 4164 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:37:19.0414 4164 megasas - ok
15:37:19.0461 4164 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:37:19.0461 4164 MegaSR - ok
15:37:19.0492 4164 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:37:19.0492 4164 MMCSS - ok
15:37:19.0523 4164 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:37:19.0523 4164 Modem - ok
15:37:19.0539 4164 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:37:19.0539 4164 monitor - ok
15:37:19.0601 4164 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:37:19.0601 4164 mouclass - ok
15:37:19.0632 4164 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:37:19.0632 4164 mouhid - ok
15:37:19.0663 4164 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:37:19.0679 4164 mountmgr - ok
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
P
  • Locked
Inactive Laptop shutting down before scan complete (logs inside)
Replies
2
Views
3K
Broni
Broni
D
Beware of PUP infections from these
Replies
0
Views
3K
DelJo63
D

Latest posts

Back