Inactive [A] How do I remove svchost.exe (trojan.agent)?

Status
Not open for further replies.

Ttworth

Posts: 12   +0
Hi, new here :) . I've been having issues lately with my laptop. I had it crash on me a couple days ago and used a restore point to have it run again. I ran malware bytes a few times, each time having svchost.exe be detected. Each time, I select it for removal upon reboot, but after rebooting it still remains there.

I've browsed a couple of threads already pertaining to this trojan, but decided to create my own just to make sure I'm not following the wrong steps. I'm not that great with computers, so patience is appreciated :) .Thx in advance

Here is the log of the most recent scan with malware bytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.24.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Taira :: BABIILUV [administrator]

7/28/2012 12:49:14 PM
mbam-log-2012-07-28 (12-49-14).txt

Scan type: Full scan (C:\|D:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 385763
Time elapsed: 4 hour(s), 37 minute(s), 13 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3048 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Thank you for the quick reply.
2nd Malwarebytes log:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Taira :: BABIILUV [administrator]

7/28/2012 9:55:13 PM
mbam-log-2012-07-28 (21-55-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212258
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)



No detections from GMER



DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Taira at 22:20:22 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2245 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630095920.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F31B9B1F-2C1D-419C-B5A2-A59F786AF7BE} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F31B9B1F-2C1D-419C-B5A2-A59F786AF7BE}\144545034383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F31B9B1F-2C1D-419C-B5A2-A59F786AF7BE}\D49636B65697D4F6573756 : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630095920.dll
BHO-X64: scriptproxy - No File
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Taira\AppData\Roaming\Mozilla\Firefox\Profiles\tc846fhp.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\amdhub30.sys --> C:\Windows\system32\DRIVERS\amdhub30.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\amdxhc.sys --> C:\Windows\system32\DRIVERS\amdxhc.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== Created Last 30 ================
.
2012-07-29 02:31:45 -------- d-----w- C:\Program Files\HitmanPro
2012-07-29 02:30:42 -------- d-----w- C:\ProgramData\HitmanPro
2012-07-29 00:36:40 0 ----a-w- C:\Windows\SysWow64\shoD23C.tmp
2012-07-29 00:13:38 0 ----a-w- C:\Windows\SysWow64\sho48D2.tmp
2012-07-29 00:04:53 -------- d-----w- C:\Users\Taira\AppData\Local\{A4940A8E-2711-449A-8903-4941999B4E2B}
2012-07-29 00:04:09 -------- d-----w- C:\Users\Taira\AppData\Local\{D000321E-8BD3-40D3-9CF6-495EF0F2879B}
2012-07-28 22:47:20 -------- d-----w- C:\Users\Taira\AppData\Local\{15CC67DC-FB83-44C4-8AA9-6BCAF33B0EC1}
2012-07-28 17:45:24 -------- d-----w- C:\Users\Taira\AppData\Local\{4E4E0A16-F97A-4559-8E62-76AAD05E6B57}
2012-07-26 18:58:15 -------- d-----w- C:\Users\Taira\AppData\Local\{62C94753-DC54-4852-AB43-AA985887687B}
2012-07-25 18:56:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-25 18:41:59 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-07-25 18:35:31 -------- d-----w- C:\Users\Taira\AppData\Local\{65F2DE56-3D3B-49DA-8A45-1F8DBC4E95D7}
2012-07-25 18:33:32 -------- d-----w- C:\Users\Taira\AppData\Local\{53F2F0FF-11E8-4B5B-B1AF-DB3EB09CB4C9}
2012-07-24 20:15:02 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-24 20:15:02 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-24 20:15:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-24 20:15:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-24 20:15:00 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-24 20:15:00 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-24 19:44:34 -------- d-----w- C:\Users\Taira\AppData\Local\{3179DAE1-E77D-4AA6-B925-02417D08CE22}
2012-07-24 19:44:02 -------- d-----w- C:\Users\Taira\AppData\Local\{E23616D5-C32F-40DD-9B01-7BEAF8A1E477}
2012-07-24 13:48:04 -------- d-----w- C:\Users\Taira\AppData\Local\{EF1AC17F-D0FA-49B7-84A3-F87ECF96DDEC}
2012-07-23 18:26:18 -------- d-----w- C:\Users\Taira\AppData\Local\{CB8C3BDD-E75B-4270-BE74-756FD8045950}
2012-07-23 18:25:44 -------- d-----w- C:\Users\Taira\AppData\Local\{1B929CFF-49C1-4BED-8581-2455777DBE58}
2012-07-22 18:34:13 -------- d-----w- C:\Users\Taira\AppData\Local\{C13F083B-3388-4110-BCF7-0185231DACFA}
2012-07-21 14:58:56 -------- d-----w- C:\Users\Taira\AppData\Local\{183172E4-375E-47DF-B6FC-AE863CBA4DDA}
2012-07-21 14:58:18 -------- d-----w- C:\Users\Taira\AppData\Local\{5C3CF144-28AB-4FB5-B7E1-0F8711B52F68}
2012-07-20 19:02:13 -------- d-----w- C:\Users\Taira\AppData\Local\{588B2AB4-EFF6-404B-8AE4-45F8A29C2898}
2012-07-19 18:44:18 -------- d-----w- C:\Users\Taira\AppData\Local\{041599DF-2EE4-4076-BD14-0A7F0B49D38F}
2012-07-19 18:44:05 -------- d-----w- C:\Users\Taira\AppData\Local\{51E92146-CD34-41EE-ACDB-BA5941515F0A}
2012-07-18 19:44:27 -------- d-----w- C:\Users\Taira\AppData\Local\{95236D71-D65B-4BB3-A13B-36FA0CEFB238}
2012-07-18 19:43:57 -------- d-----w- C:\Users\Taira\AppData\Local\{4C692467-FB30-4764-A2E1-2FCAAE8F8FFB}
2012-07-17 18:48:55 -------- d-----w- C:\Users\Taira\AppData\Local\{FC4D5D0C-78AD-4D14-9C26-D2FB61D76862}
2012-07-17 18:48:45 -------- d-----w- C:\Users\Taira\AppData\Local\{1B4D8F32-14B1-496E-A88C-153822C27CE1}
2012-07-15 22:32:08 -------- d-----w- C:\Users\Taira\AppData\Local\{F22FCA23-26A7-48A9-BFC1-142F05DAC788}
2012-07-15 22:31:57 -------- d-----w- C:\Users\Taira\AppData\Local\{820BEF59-16EF-490D-8B47-FE6864BB607A}
2012-07-13 19:36:54 -------- d-----w- C:\Users\Taira\AppData\Local\{84F7081A-73F8-4D0F-9B31-DE4A48E751E8}
2012-07-13 19:36:32 -------- d-----w- C:\Users\Taira\AppData\Local\{AFC38C3D-4CF4-401C-9877-AD1A1862BAA6}
2012-07-12 19:54:28 -------- d-----w- C:\Users\Taira\AppData\Local\{D91CC259-5E45-4483-A977-8D418634022C}
2012-07-12 19:54:15 -------- d-----w- C:\Users\Taira\AppData\Local\{3454F60B-5390-4B36-9543-19CC9B90AFBE}
2012-07-12 05:22:01 -------- d-----w- C:\Users\Taira\AppData\Local\{58414253-BA82-4AA6-AD1A-91001C22726E}
2012-07-12 05:21:48 -------- d-----w- C:\Users\Taira\AppData\Local\{7DC959C8-EE96-452E-8F53-081900C1F540}
2012-07-11 17:21:13 -------- d-----w- C:\Users\Taira\AppData\Local\{6427BFC6-8037-4D78-B083-A8E8EC270F54}
2012-07-11 17:21:00 -------- d-----w- C:\Users\Taira\AppData\Local\{25BCD5BC-6808-4499-872B-927F7233E705}
2012-07-11 04:55:51 -------- d-----w- C:\Users\Taira\AppData\Local\{6C8EBF9E-0BD2-417C-A0B3-D8F82C23A1D5}
2012-07-11 04:55:39 -------- d-----w- C:\Users\Taira\AppData\Local\{24CE51A7-BE7A-48E6-A13E-49B56D5A781E}
2012-07-10 03:11:33 -------- d-----w- C:\Users\Taira\AppData\Local\{D9FE6D65-70AA-4D35-9D40-FB73E56ADE93}
2012-07-09 15:11:01 -------- d-----w- C:\Users\Taira\AppData\Local\{3BA09435-60F0-49BE-B779-D5A598E6457E}
2012-07-09 15:10:49 -------- d-----w- C:\Users\Taira\AppData\Local\{DF4D4863-0C5D-4DB6-8FD2-9FF915E7D830}
2012-07-08 17:36:05 -------- d-----w- C:\Users\Taira\AppData\Local\{BA92F027-5D38-4A7A-9701-AD7C02A08FC0}
2012-07-08 17:35:33 -------- d-----w- C:\Users\Taira\AppData\Local\{C934DF11-FAC2-4037-BEEF-B3B44FB92192}
2012-07-08 08:47:58 0 ----a-w- C:\Windows\SysWow64\sho9347.tmp
2012-07-08 06:46:15 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc
2012-07-08 06:43:33 -------- d-----w- C:\Program Files\PlayReady
2012-07-08 06:42:27 -------- d-----w- C:\Users\Taira\AppData\Local\Downloaded Installations
2012-07-08 06:40:21 -------- d-----w- C:\Users\Taira\AppData\Local\Kjs.AppLife.Update
2012-07-08 04:36:44 -------- d-----w- C:\Users\Taira\AppData\Local\{398D0035-8FC7-4D3B-B71D-7D85FB59B416}
2012-07-08 04:36:31 -------- d-----w- C:\Users\Taira\AppData\Local\{00CFBFD9-4A2D-4F00-87F1-74EDD67FFD2F}
2012-07-07 16:31:07 0 ----a-w- C:\Windows\SysWow64\shoC83C.tmp
2012-07-07 16:15:42 -------- d-----w- C:\Users\Taira\AppData\Local\{FE3C6527-EBB3-4E62-883A-0BD43A76BD13}
2012-07-07 04:04:10 -------- d-----w- C:\Users\Taira\AppData\Local\{E22D88B4-6610-488D-AE81-C9CB0D62DF39}
2012-07-07 04:03:58 -------- d-----w- C:\Users\Taira\AppData\Local\{F27A37E8-890E-4438-A67C-CDFAC0E5BA32}
2012-07-06 15:28:22 -------- d-----w- C:\Users\Taira\AppData\Local\{5160A866-CA8F-459C-9898-1493ACFB63BA}
2012-07-06 15:28:03 -------- d-----w- C:\Users\Taira\AppData\Local\{A0B922D7-95B6-4700-A8E7-3D704EFAF055}
2012-07-05 16:51:02 -------- d-----w- C:\Users\Taira\AppData\Local\{428BA977-2232-4995-ACC4-D463D9FB5C2D}
2012-07-05 16:50:51 -------- d-----w- C:\Users\Taira\AppData\Local\{E826FB15-35B3-4E3B-9F62-F4F37883D639}
2012-07-05 05:28:39 0 ----a-w- C:\Windows\SysWow64\sho45BB.tmp
2012-07-05 04:50:22 -------- d-----w- C:\Users\Taira\AppData\Local\{DF1A1604-81F5-43AE-A092-2219462FB5FA}
2012-07-03 16:37:30 -------- d-----w- C:\Users\Taira\AppData\Local\{8CBB8B5F-5751-4921-B83B-00128D72EFDC}
2012-07-02 16:16:55 -------- d-----w- C:\Users\Taira\AppData\Local\{4DC8CE57-7F0B-43E4-BB6B-F4C2F7F32CE4}
2012-07-02 16:16:38 -------- d-----w- C:\Users\Taira\AppData\Local\{9BD77E3F-486C-498C-9582-84F150DB84FC}
2012-06-30 14:51:47 -------- d-----w- C:\Users\Taira\AppData\Local\{E9F1933B-4E57-49D3-B947-F46CDC26A54E}
2012-06-30 01:16:39 -------- d-----w- C:\Users\Taira\AppData\Local\{22418411-9CAB-442C-A7DB-D12350324F43}
2012-06-30 01:16:30 -------- d-----w- C:\Users\Taira\AppData\Local\{ACE271F0-E226-4C5A-8B4A-7A6ABE60CEE9}
2012-06-29 12:22:57 -------- d-----w- C:\Users\Taira\AppData\Local\{4D0DCB19-CB3A-4848-A9C8-6C526EDE261D}
.
==================== Find3M ====================
.
2012-07-28 19:19:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-28 19:19:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-26 05:25:57 0 ----a-w- C:\Windows\SysWow64\shoB0E9.tmp
2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-21 19:12:30 0 ----a-w- C:\Windows\SysWow64\sho2437.tmp
2012-06-19 21:56:54 0 ----a-w- C:\Windows\SysWow64\sho309.tmp
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-06-01 21:00:04 0 ----a-w- C:\Windows\SysWow64\sho6722.tmp
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 20:24:12 27760 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
.
============= FINISH: 22:21:31.52 ===============
 
I still need Attach.txt part of DDS.

You're running two AV programs, McAfee and Avira.
You must uninstall one of them.
If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Next....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Okay. Just uninstalled Avira. Also, I'm sorry I forgot to mention that I got alerts from mcafee that ZeroAcess (Desktop.INI) was detected and removed. When I ran quick scans on Mcafee afterwards, it would reappear. Just fyi, in case it conflicts and can't be removed with this same process.

DDS Attach Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/28/2011 8:30:12 PM
System Uptime: 7/28/2012 11:21:33 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 358B
Processor: AMD A8-3500M APU with Radeon(tm) HD Graphics | Socket FS1 | 1500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 449 GiB total, 397.516 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1.857 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&33BDA54B&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&33BDA54B&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP54: 6/14/2012 11:35:47 PM - Windows Update
RP55: 6/23/2012 7:38:38 PM - Windows Update
RP56: 7/8/2012 1:44:05 AM - Installed Blio.
RP57: 7/10/2012 10:32:05 PM - Windows Update
RP58: 7/25/2012 1:38:02 PM - Windows Update
.
==== Installed Programs ======================
.
ActiveCheck component for HP Active Support Library
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.5
Agatha Christie - Peril at End House
AMD System Monitor
AMD VISION Engine Control Center
AT&T Troubleshoot & Resolve Tool
Bejeweled 2 Deluxe
Bejeweled 3
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Photo AIO Printer 922
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
EASEUS Data Recovery Wizard Free Edition 5.5.1
Energy Star Digital Logo
ESU for Microsoft Windows 7
Farm Frenzy
FATE - The Traitor Soul
HP Connection Manager
HP Customer Experience Enhancements
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Software Framework
HPAsset component for HP Active Support Library
IDT Audio
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Magic Desktop
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
PMB
Poker Superstars III
Polar Bowler
Polar Golfer
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Slingo Supreme
The Sims™ 2 Deluxe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 9:40:05 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
7/28/2012 7:51:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
7/28/2012 7:51:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
7/28/2012 7:39:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:39:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/28/2012 7:39:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/28/2012 7:39:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/28/2012 7:39:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/28/2012 7:39:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/28/2012 7:38:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/28/2012 7:38:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/28/2012 7:38:34 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 7:38:33 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 5:43:41 PM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
7/28/2012 12:37:57 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 12:37:57 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/28/2012 12:33:33 PM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 12:33:33 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 12:33:33 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 12:33:33 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/28/2012 12:33:33 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
7/28/2012 12:33:33 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 12:33:33 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 12:33:33 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 12:33:33 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
7/28/2012 12:33:33 PM, Error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The pipe has been ended.
7/28/2012 12:33:32 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
7/28/2012 11:25:51 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
7/28/2012 11:24:26 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The system cannot find the file specified.
7/28/2012 11:22:40 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/28/2012 11:22:40 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/28/2012 11:22:31 PM, Error: Service Control Manager [7034] - The HP Auto service terminated unexpectedly. It has done this 1 time(s).
7/28/2012 11:22:17 PM, Error: Microsoft-Windows-GroupPolicy [1096] - The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
7/28/2012 11:22:14 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/28/2012 11:22:13 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/28/2012 11:22:13 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/24/2012 5:02:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpqwmiex service.
7/24/2012 5:02:15 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPClientSvc service.
7/24/2012 2:42:55 PM, Error: Service Control Manager [7024] - The Avira Realtime Protection service terminated with service-specific error The security stream for the given volume is in an inconsistent state. Please run CHKDSK on the volume..
7/22/2012 7:18:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
.
==== End Of File ===========================
 
TDSSKiller:
23:30:27.0527 2700 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:30:27.0797 2700 ============================================================
23:30:27.0797 2700 Current date / time: 2012/07/28 23:30:27.0797
23:30:27.0797 2700 SystemInfo:
23:30:27.0797 2700
23:30:27.0797 2700 OS Version: 6.1.7601 ServicePack: 1.0
23:30:27.0797 2700 Product type: Workstation
23:30:27.0797 2700 ComputerName: BABIILUV
23:30:27.0797 2700 UserName: Taira
23:30:27.0797 2700 Windows directory: C:\Windows
23:30:27.0797 2700 System windows directory: C:\Windows
23:30:27.0797 2700 Running under WOW64
23:30:27.0797 2700 Processor architecture: Intel x64
23:30:27.0797 2700 Number of processors: 4
23:30:27.0797 2700 Page size: 0x1000
23:30:27.0797 2700 Boot type: Normal boot
23:30:27.0797 2700 ============================================================
23:30:30.0197 2700 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:30:30.0207 2700 ============================================================
23:30:30.0207 2700 \Device\Harddisk0\DR0:
23:30:30.0207 2700 MBR partitions:
23:30:30.0207 2700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
23:30:30.0207 2700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38104800
23:30:30.0207 2700 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38168800, BlocksNum 0x21E9800
23:30:30.0207 2700 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
23:30:30.0207 2700 ============================================================
23:30:30.0227 2700 C: <-> \Device\Harddisk0\DR0\Partition1
23:30:30.0277 2700 D: <-> \Device\Harddisk0\DR0\Partition2
23:30:30.0277 2700 ============================================================
23:30:30.0277 2700 Initialize success
23:30:30.0277 2700 ============================================================
23:30:37.0597 2968 ============================================================
23:30:37.0597 2968 Scan started
23:30:37.0597 2968 Mode: Manual;
23:30:37.0597 2968 ============================================================
23:30:38.0047 2968 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:30:38.0067 2968 1394ohci - ok
23:30:38.0137 2968 Accelerometer (5c368f4b04ed2a923e6afca2d37baff5) C:\Windows\system32\DRIVERS\Accelerometer.sys
23:30:38.0137 2968 Accelerometer - ok
23:30:38.0217 2968 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:30:38.0227 2968 ACPI - ok
23:30:38.0277 2968 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:30:38.0277 2968 AcpiPmi - ok
23:30:38.0427 2968 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:30:38.0427 2968 AdobeARMservice - ok
23:30:38.0647 2968 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:30:38.0657 2968 AdobeFlashPlayerUpdateSvc - ok
23:30:38.0817 2968 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
23:30:38.0857 2968 adp94xx - ok
23:30:38.0957 2968 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
23:30:38.0997 2968 adpahci - ok
23:30:39.0117 2968 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
23:30:39.0147 2968 adpu320 - ok
23:30:39.0197 2968 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:30:39.0197 2968 AeLookupSvc - ok
23:30:39.0317 2968 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
23:30:39.0317 2968 AESTFilters - ok
23:30:39.0427 2968 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
23:30:39.0437 2968 AFD - ok
23:30:39.0507 2968 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:30:39.0507 2968 agp440 - ok
23:30:39.0547 2968 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:30:39.0547 2968 ALG - ok
23:30:39.0607 2968 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:30:39.0607 2968 aliide - ok
23:30:39.0697 2968 AMD External Events Utility (3de8dc285540733818588cc94e7fc96e) C:\Windows\system32\atiesrxx.exe
23:30:39.0697 2968 AMD External Events Utility - ok
23:30:39.0787 2968 AMD FUEL Service - ok
23:30:39.0857 2968 amdhub30 (30bfeee0dffd5bd79d29157cf080deed) C:\Windows\system32\DRIVERS\amdhub30.sys
23:30:39.0867 2968 amdhub30 - ok
23:30:39.0907 2968 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:30:39.0917 2968 amdide - ok
23:30:39.0937 2968 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
23:30:39.0937 2968 amdiox64 - ok
23:30:39.0987 2968 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
23:30:39.0987 2968 AmdK8 - ok
23:30:40.0647 2968 amdkmdag (42d53daf85f948c39ce1351a8f5b5808) C:\Windows\system32\DRIVERS\atikmdag.sys
23:30:40.0717 2968 amdkmdag - ok
23:30:40.0927 2968 amdkmdap (75182b5784015b271932088551616a96) C:\Windows\system32\DRIVERS\atikmpag.sys
23:30:40.0937 2968 amdkmdap - ok
23:30:41.0007 2968 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:30:41.0007 2968 AmdPPM - ok
23:30:41.0067 2968 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:30:41.0067 2968 amdsata - ok
23:30:41.0127 2968 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
23:30:41.0137 2968 amdsbs - ok
23:30:41.0177 2968 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:30:41.0177 2968 amdxata - ok
23:30:41.0257 2968 amdxhc (321533578132c811ec834a1b741c994c) C:\Windows\system32\DRIVERS\amdxhc.sys
23:30:41.0257 2968 amdxhc - ok
23:30:41.0287 2968 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
23:30:41.0297 2968 amd_sata - ok
23:30:41.0307 2968 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
23:30:41.0307 2968 amd_xata - ok
23:30:41.0377 2968 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:30:41.0377 2968 AppID - ok
23:30:41.0417 2968 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:30:41.0417 2968 AppIDSvc - ok
23:30:41.0447 2968 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
23:30:41.0447 2968 Appinfo - ok
23:30:41.0497 2968 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
23:30:41.0497 2968 arc - ok
23:30:41.0547 2968 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
23:30:41.0547 2968 arcsas - ok
23:30:41.0677 2968 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:30:41.0687 2968 aspnet_state - ok
23:30:41.0767 2968 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:30:41.0777 2968 AsyncMac - ok
23:30:41.0827 2968 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:30:41.0827 2968 atapi - ok
23:30:41.0907 2968 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
23:30:41.0917 2968 AtiHDAudioService - ok
23:30:42.0027 2968 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:30:42.0037 2968 AudioEndpointBuilder - ok
23:30:42.0057 2968 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
23:30:42.0057 2968 AudioSrv - ok
23:30:42.0127 2968 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
23:30:42.0127 2968 AxInstSV - ok
23:30:42.0207 2968 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
23:30:42.0217 2968 b06bdrv - ok
23:30:42.0297 2968 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:30:42.0297 2968 b57nd60a - ok
23:30:42.0427 2968 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
23:30:42.0467 2968 BCM43XX - ok
23:30:42.0507 2968 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:30:42.0507 2968 BDESVC - ok
23:30:42.0547 2968 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:30:42.0557 2968 Beep - ok
23:30:42.0617 2968 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
23:30:42.0617 2968 blbdrive - ok
23:30:42.0687 2968 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:30:42.0687 2968 bowser - ok
23:30:42.0737 2968 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
23:30:42.0747 2968 BrFiltLo - ok
23:30:42.0767 2968 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
23:30:42.0767 2968 BrFiltUp - ok
23:30:42.0837 2968 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
23:30:42.0847 2968 Browser - ok
23:30:42.0907 2968 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:30:42.0907 2968 Brserid - ok
23:30:42.0927 2968 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:30:42.0927 2968 BrSerWdm - ok
23:30:42.0947 2968 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:30:42.0947 2968 BrUsbMdm - ok
23:30:42.0957 2968 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:30:42.0967 2968 BrUsbSer - ok
23:30:42.0997 2968 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
23:30:42.0997 2968 BTHMODEM - ok
23:30:43.0077 2968 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:30:43.0077 2968 bthserv - ok
23:30:43.0137 2968 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:30:43.0137 2968 cdfs - ok
23:30:43.0197 2968 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
23:30:43.0207 2968 cdrom - ok
23:30:43.0267 2968 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:30:43.0267 2968 CertPropSvc - ok
23:30:43.0337 2968 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
23:30:43.0337 2968 cfwids - ok
23:30:43.0407 2968 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:30:43.0407 2968 circlass - ok
23:30:43.0457 2968 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:30:43.0457 2968 CLFS - ok
23:30:43.0577 2968 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:30:43.0587 2968 clr_optimization_v2.0.50727_32 - ok
23:30:43.0657 2968 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:30:43.0667 2968 clr_optimization_v2.0.50727_64 - ok
23:30:43.0767 2968 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:30:43.0777 2968 clr_optimization_v4.0.30319_32 - ok
23:30:43.0837 2968 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:30:43.0837 2968 clr_optimization_v4.0.30319_64 - ok
23:30:43.0917 2968 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
23:30:43.0917 2968 clwvd - ok
23:30:43.0967 2968 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
23:30:43.0967 2968 CmBatt - ok
23:30:43.0997 2968 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:30:43.0997 2968 cmdide - ok
23:30:44.0087 2968 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
23:30:44.0097 2968 CNG - ok
23:30:44.0157 2968 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
23:30:44.0167 2968 Compbatt - ok
23:30:44.0197 2968 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:30:44.0197 2968 CompositeBus - ok
23:30:44.0227 2968 COMSysApp - ok
23:30:44.0267 2968 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
23:30:44.0267 2968 crcdisk - ok
23:30:44.0327 2968 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
23:30:44.0337 2968 CryptSvc - ok
23:30:44.0497 2968 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:30:44.0517 2968 cvhsvc - ok
23:30:44.0587 2968 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
23:30:44.0587 2968 dc3d - ok
23:30:44.0697 2968 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:30:44.0707 2968 DcomLaunch - ok
23:30:44.0767 2968 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:30:44.0787 2968 defragsvc - ok
23:30:44.0847 2968 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:30:44.0847 2968 DfsC - ok
23:30:44.0927 2968 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
23:30:44.0927 2968 Dhcp - ok
23:30:44.0947 2968 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:30:44.0947 2968 discache - ok
23:30:45.0027 2968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
23:30:45.0027 2968 Disk - ok
23:30:45.0107 2968 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
23:30:45.0177 2968 Dnscache - ok
23:30:45.0217 2968 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
23:30:45.0217 2968 dot3svc - ok
23:30:45.0257 2968 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
23:30:45.0257 2968 DPS - ok
23:30:45.0307 2968 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:30:45.0307 2968 drmkaud - ok
23:30:45.0387 2968 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:30:45.0397 2968 DXGKrnl - ok
23:30:45.0457 2968 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:30:45.0457 2968 EapHost - ok
23:30:45.0707 2968 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
23:30:45.0807 2968 ebdrv - ok
23:30:45.0937 2968 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
23:30:45.0947 2968 EFS - ok
23:30:46.0097 2968 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
23:30:46.0117 2968 ehRecvr - ok
23:30:46.0147 2968 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:30:46.0167 2968 ehSched - ok
23:30:46.0297 2968 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
23:30:46.0307 2968 elxstor - ok
23:30:46.0337 2968 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:30:46.0347 2968 ErrDev - ok
23:30:46.0447 2968 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:30:46.0457 2968 EventSystem - ok
23:30:46.0517 2968 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:30:46.0527 2968 exfat - ok
23:30:46.0537 2968 ezSharedSvc - ok
23:30:46.0577 2968 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:30:46.0587 2968 fastfat - ok
23:30:46.0677 2968 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
23:30:46.0777 2968 Fax - ok
23:30:46.0817 2968 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
23:30:46.0817 2968 fdc - ok
23:30:46.0837 2968 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:30:46.0837 2968 fdPHost - ok
23:30:46.0847 2968 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:30:46.0857 2968 FDResPub - ok
23:30:46.0897 2968 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:30:46.0897 2968 FileInfo - ok
23:30:46.0907 2968 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:30:46.0917 2968 Filetrace - ok
23:30:46.0967 2968 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
23:30:46.0977 2968 flpydisk - ok
23:30:47.0057 2968 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:30:47.0077 2968 FltMgr - ok
23:30:47.0197 2968 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
23:30:47.0207 2968 FontCache - ok
23:30:47.0307 2968 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:30:47.0307 2968 FontCache3.0.0.0 - ok
23:30:47.0437 2968 FPLService (2074a85a6b8f84a5a9c60b915b465faf) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
23:30:47.0437 2968 FPLService - ok
23:30:47.0567 2968 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:30:47.0577 2968 FsDepends - ok
23:30:47.0637 2968 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys
23:30:47.0637 2968 fssfltr - ok
23:30:47.0827 2968 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:30:47.0847 2968 fsssvc - ok
23:30:48.0007 2968 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
23:30:48.0017 2968 Fs_Rec - ok
23:30:48.0087 2968 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:30:48.0087 2968 fvevol - ok
23:30:48.0157 2968 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
23:30:48.0157 2968 gagp30kx - ok
23:30:48.0287 2968 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:30:48.0287 2968 GamesAppService - ok
23:30:48.0407 2968 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
23:30:48.0417 2968 gpsvc - ok
23:30:48.0437 2968 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:30:48.0437 2968 hcw85cir - ok
23:30:48.0517 2968 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:30:48.0527 2968 HdAudAddService - ok
23:30:48.0597 2968 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:30:48.0597 2968 HDAudBus - ok
23:30:48.0617 2968 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
23:30:48.0627 2968 HidBatt - ok
23:30:48.0647 2968 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
23:30:48.0647 2968 HidBth - ok
23:30:48.0697 2968 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
23:30:48.0707 2968 HidIr - ok
23:30:48.0727 2968 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:30:48.0737 2968 hidserv - ok
23:30:48.0777 2968 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:30:48.0777 2968 HidUsb - ok
23:30:48.0887 2968 HitmanProScheduler (90c298940644bcc41cb19db0db2e9ecc) C:\Program Files\HitmanPro\hmpsched.exe
23:30:48.0887 2968 HitmanProScheduler - ok
23:30:48.0937 2968 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
23:30:48.0937 2968 hkmsvc - ok
23:30:49.0007 2968 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
23:30:49.0017 2968 HomeGroupListener - ok
23:30:49.0077 2968 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
23:30:49.0077 2968 HomeGroupProvider - ok
23:30:49.0167 2968 HP Health Check Service - ok
23:30:49.0257 2968 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
23:30:49.0267 2968 HPAuto - ok
23:30:49.0317 2968 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
23:30:49.0317 2968 HPClientSvc - ok
23:30:49.0467 2968 hpCMSrv (e040f0064d39f73bb4995d494f3dcbb8) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
23:30:49.0477 2968 hpCMSrv - ok
23:30:49.0657 2968 hpdskflt (4e0bec0f78096ffd6d3314b497fc49d3) C:\Windows\system32\DRIVERS\hpdskflt.sys
23:30:49.0657 2968 hpdskflt - ok
23:30:49.0777 2968 hpqwmiex (7b1637e5e0476ce22e8d76ac1203205e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
23:30:49.0797 2968 hpqwmiex - ok
23:30:49.0857 2968 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:30:49.0857 2968 HpSAMD - ok
23:30:49.0897 2968 hpsrv (fc7c13b5a9e9be23b7ae72bbc7fdb278) C:\Windows\system32\Hpservice.exe
23:30:49.0897 2968 hpsrv - ok
23:30:49.0967 2968 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
23:30:49.0977 2968 HPWMISVC - ok
23:30:50.0077 2968 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:30:50.0087 2968 HTTP - ok
23:30:50.0107 2968 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:30:50.0107 2968 hwpolicy - ok
23:30:50.0177 2968 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:30:50.0187 2968 i8042prt - ok
23:30:50.0277 2968 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:30:50.0297 2968 iaStorV - ok
23:30:50.0537 2968 IconMan_R (3a0ff117b4adc5abe4d968e26a337158) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
23:30:50.0577 2968 IconMan_R - ok
23:30:50.0737 2968 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:30:50.0767 2968 idsvc - ok
23:30:50.0917 2968 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
23:30:50.0917 2968 iirsp - ok
23:30:51.0027 2968 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
23:30:51.0047 2968 IKEEXT - ok
23:30:51.0077 2968 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:30:51.0087 2968 intelide - ok
23:30:51.0127 2968 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
23:30:51.0127 2968 intelppm - ok
23:30:51.0157 2968 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:30:51.0157 2968 IPBusEnum - ok
23:30:51.0177 2968 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:30:51.0177 2968 IpFilterDriver - ok
23:30:51.0197 2968 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:30:51.0207 2968 IPMIDRV - ok
23:30:51.0277 2968 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:30:51.0277 2968 IPNAT - ok
23:30:51.0327 2968 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:30:51.0327 2968 IRENUM - ok
23:30:51.0347 2968 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:30:51.0347 2968 isapnp - ok
23:30:51.0387 2968 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:30:51.0407 2968 iScsiPrt - ok
23:30:51.0457 2968 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:30:51.0457 2968 kbdclass - ok
23:30:51.0507 2968 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:30:51.0517 2968 kbdhid - ok
23:30:51.0567 2968 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:51.0577 2968 KeyIso - ok
23:30:51.0607 2968 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
23:30:51.0617 2968 KSecDD - ok
23:30:51.0637 2968 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
23:30:51.0647 2968 KSecPkg - ok
23:30:51.0667 2968 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:30:51.0667 2968 ksthunk - ok
23:30:51.0747 2968 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:30:51.0787 2968 KtmRm - ok
23:30:51.0877 2968 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
23:30:51.0887 2968 LanmanServer - ok
23:30:51.0937 2968 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
23:30:51.0947 2968 LanmanWorkstation - ok
23:30:51.0997 2968 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:30:52.0007 2968 lltdio - ok
23:30:52.0057 2968 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:30:52.0087 2968 lltdsvc - ok
23:30:52.0107 2968 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:30:52.0117 2968 lmhosts - ok
23:30:52.0177 2968 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
23:30:52.0177 2968 LSI_FC - ok
23:30:52.0207 2968 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
23:30:52.0217 2968 LSI_SAS - ok
23:30:52.0237 2968 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
23:30:52.0237 2968 LSI_SAS2 - ok
23:30:52.0277 2968 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
23:30:52.0287 2968 LSI_SCSI - ok
23:30:52.0337 2968 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:30:52.0337 2968 luafv - ok
23:30:52.0497 2968 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:30:52.0497 2968 McAfee SiteAdvisor Service - ok
23:30:52.0637 2968 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
23:30:52.0637 2968 McciCMService - ok
23:30:52.0747 2968 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe
23:30:52.0757 2968 McciCMService64 - ok
23:30:52.0837 2968 McciServiceHost (eee1ea23c4777adb268a36196a631200) C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
23:30:52.0847 2968 McciServiceHost - ok
23:30:52.0857 2968 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:30:52.0867 2968 McMPFSvc - ok
23:30:52.0897 2968 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:30:52.0907 2968 mcmscsvc - ok
23:30:52.0917 2968 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:30:52.0927 2968 McNaiAnn - ok
23:30:52.0947 2968 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:30:52.0947 2968 McNASvc - ok
23:30:53.0087 2968 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
23:30:53.0097 2968 McODS - ok
23:30:53.0107 2968 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
23:30:53.0117 2968 McProxy - ok
23:30:53.0177 2968 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
23:30:53.0177 2968 McShield - ok
23:30:53.0327 2968 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
23:30:53.0407 2968 Mcx2Svc - ok
23:30:53.0467 2968 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
23:30:53.0467 2968 megasas - ok
23:30:53.0547 2968 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
23:30:53.0567 2968 MegaSR - ok
23:30:53.0637 2968 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
23:30:53.0637 2968 mfeapfk - ok
23:30:53.0697 2968 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
23:30:53.0697 2968 mfeavfk - ok
23:30:53.0757 2968 mfeavfk01 - ok
23:30:53.0807 2968 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
23:30:53.0817 2968 mfefire - ok
23:30:53.0907 2968 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
23:30:53.0917 2968 mfefirek - ok
23:30:54.0017 2968 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
23:30:54.0037 2968 mfehidk - ok
23:30:54.0067 2968 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
23:30:54.0067 2968 mfenlfk - ok
23:30:54.0117 2968 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
23:30:54.0117 2968 mferkdet - ok
23:30:54.0167 2968 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
23:30:54.0167 2968 mfevtp - ok
23:30:54.0217 2968 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
23:30:54.0217 2968 mfewfpk - ok
23:30:54.0257 2968 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:30:54.0257 2968 MMCSS - ok
23:30:54.0307 2968 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:30:54.0307 2968 Modem - ok
23:30:54.0327 2968 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:30:54.0327 2968 monitor - ok
23:30:54.0377 2968 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:30:54.0377 2968 mouclass - ok
23:30:54.0447 2968 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:30:54.0447 2968 mouhid - ok
23:30:54.0477 2968 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:30:54.0487 2968 mountmgr - ok
23:30:54.0627 2968 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:30:54.0627 2968 MozillaMaintenance - ok
23:30:54.0667 2968 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:30:54.0677 2968 mpio - ok
23:30:54.0727 2968 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:30:54.0727 2968 mpsdrv - ok
23:30:54.0787 2968 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
23:30:54.0787 2968 MREMP50 - ok
23:30:54.0917 2968 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
23:30:54.0917 2968 MREMP50a64 - ok
23:30:54.0927 2968 MREMPR5 - ok
23:30:54.0937 2968 MRENDIS5 - ok
23:30:55.0007 2968 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
23:30:55.0007 2968 MRESP50 - ok
23:30:55.0037 2968 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
23:30:55.0037 2968 MRESP50a64 - ok
23:30:55.0067 2968 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:30:55.0067 2968 MRxDAV - ok
23:30:55.0117 2968 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:30:55.0117 2968 mrxsmb - ok
23:30:55.0167 2968 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:30:55.0197 2968 mrxsmb10 - ok
23:30:55.0237 2968 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:30:55.0247 2968 mrxsmb20 - ok
23:30:55.0277 2968 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:30:55.0277 2968 msahci - ok
23:30:55.0307 2968 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:30:55.0307 2968 msdsm - ok
23:30:55.0357 2968 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:30:55.0367 2968 MSDTC - ok
23:30:55.0427 2968 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:30:55.0427 2968 Msfs - ok
23:30:55.0447 2968 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:30:55.0447 2968 mshidkmdf - ok
23:30:55.0477 2968 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:30:55.0477 2968 msisadrv - ok
23:30:55.0547 2968 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:30:55.0567 2968 MSiSCSI - ok
23:30:55.0577 2968 msiserver - ok
23:30:55.0627 2968 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:30:55.0627 2968 MSKSSRV - ok
23:30:55.0707 2968 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:30:55.0707 2968 MSPCLOCK - ok
23:30:55.0727 2968 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:30:55.0727 2968 MSPQM - ok
23:30:55.0767 2968 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:30:55.0777 2968 MsRPC - ok
23:30:55.0807 2968 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:30:55.0807 2968 mssmbios - ok
23:30:55.0827 2968 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:30:55.0827 2968 MSTEE - ok
23:30:55.0837 2968 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
23:30:55.0837 2968 MTConfig - ok
23:30:55.0857 2968 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:30:55.0857 2968 Mup - ok
23:30:55.0927 2968 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
23:30:55.0937 2968 napagent - ok
23:30:55.0997 2968 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:30:56.0017 2968 NativeWifiP - ok
23:30:56.0137 2968 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:30:56.0147 2968 NDIS - ok
23:30:56.0187 2968 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:30:56.0187 2968 NdisCap - ok
23:30:56.0237 2968 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:30:56.0237 2968 NdisTapi - ok
23:30:56.0257 2968 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:30:56.0257 2968 Ndisuio - ok
23:30:56.0277 2968 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:30:56.0277 2968 NdisWan - ok
23:30:56.0297 2968 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:30:56.0297 2968 NDProxy - ok
23:30:56.0347 2968 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:30:56.0357 2968 NetBIOS - ok
23:30:56.0387 2968 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:30:56.0397 2968 NetBT - ok
23:30:56.0427 2968 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:30:56.0427 2968 Netlogon - ok
23:30:56.0507 2968 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:30:56.0517 2968 Netman - ok
23:30:56.0627 2968 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:56.0637 2968 NetMsmqActivator - ok
23:30:56.0637 2968 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:56.0647 2968 NetPipeActivator - ok
23:30:56.0707 2968 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:30:56.0717 2968 netprofm - ok
23:30:56.0927 2968 netr28x (813b7c722ba97e703d375aba170e16cc) C:\Windows\system32\DRIVERS\netr28x.sys
23:30:56.0947 2968 netr28x - ok
23:30:57.0087 2968 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:57.0087 2968 NetTcpActivator - ok
23:30:57.0097 2968 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:30:57.0097 2968 NetTcpPortSharing - ok
23:30:57.0267 2968 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
23:30:57.0277 2968 nfrd960 - ok
23:30:57.0347 2968 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
23:30:57.0357 2968 NlaSvc - ok
23:30:57.0377 2968 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:30:57.0377 2968 Npfs - ok
23:30:57.0397 2968 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:30:57.0397 2968 nsi - ok
23:30:57.0417 2968 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:30:57.0417 2968 nsiproxy - ok
23:30:57.0547 2968 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:30:57.0597 2968 Ntfs - ok
23:30:57.0737 2968 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:30:57.0737 2968 Null - ok
23:30:57.0787 2968 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
23:30:57.0797 2968 NVENETFD - ok
23:30:57.0857 2968 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:30:57.0867 2968 nvraid - ok
23:30:57.0927 2968 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:30:57.0937 2968 nvstor - ok
23:30:57.0997 2968 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:30:58.0007 2968 nv_agp - ok
23:30:58.0017 2968 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:30:58.0027 2968 ohci1394 - ok
23:30:58.0137 2968 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:30:58.0137 2968 ose - ok
23:30:58.0477 2968 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:30:58.0607 2968 osppsvc - ok
 
23:30:58.0787 2968 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:30:58.0797 2968 p2pimsvc - ok
23:30:58.0837 2968 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:30:58.0847 2968 p2psvc - ok
23:30:58.0907 2968 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
23:30:58.0917 2968 Parport - ok
23:30:58.0947 2968 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
23:30:58.0947 2968 partmgr - ok
23:30:58.0997 2968 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:30:58.0997 2968 PcaSvc - ok
23:30:59.0047 2968 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:30:59.0047 2968 pci - ok
23:30:59.0077 2968 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:30:59.0077 2968 pciide - ok
23:30:59.0127 2968 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
23:30:59.0147 2968 pcmcia - ok
23:30:59.0167 2968 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:30:59.0167 2968 pcw - ok
23:30:59.0227 2968 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:30:59.0247 2968 PEAUTH - ok
23:30:59.0367 2968 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:30:59.0377 2968 PerfHost - ok
23:30:59.0517 2968 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
23:30:59.0567 2968 pla - ok
23:30:59.0657 2968 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
23:30:59.0677 2968 PlugPlay - ok
23:30:59.0857 2968 PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
23:30:59.0857 2968 PMBDeviceInfoProvider - ok
23:30:59.0897 2968 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:30:59.0897 2968 PNRPAutoReg - ok
23:30:59.0937 2968 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:30:59.0947 2968 PNRPsvc - ok
23:31:00.0017 2968 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
23:31:00.0097 2968 PolicyAgent - ok
23:31:00.0167 2968 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:31:00.0167 2968 Power - ok
23:31:00.0257 2968 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:31:00.0267 2968 PptpMiniport - ok
23:31:00.0297 2968 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
23:31:00.0307 2968 Processor - ok
23:31:00.0357 2968 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
23:31:00.0357 2968 ProfSvc - ok
23:31:00.0397 2968 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:00.0397 2968 ProtectedStorage - ok
23:31:00.0457 2968 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:31:00.0467 2968 Psched - ok
23:31:00.0617 2968 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
23:31:00.0657 2968 ql2300 - ok
23:31:00.0807 2968 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
23:31:00.0817 2968 ql40xx - ok
23:31:00.0857 2968 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:31:00.0877 2968 QWAVE - ok
23:31:00.0907 2968 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:31:00.0907 2968 QWAVEdrv - ok
23:31:00.0927 2968 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:31:00.0927 2968 RasAcd - ok
23:31:00.0977 2968 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:31:00.0987 2968 RasAgileVpn - ok
23:31:01.0007 2968 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:31:01.0007 2968 RasAuto - ok
23:31:01.0037 2968 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:31:01.0067 2968 Rasl2tp - ok
23:31:01.0137 2968 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
23:31:01.0157 2968 RasMan - ok
23:31:01.0217 2968 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:31:01.0217 2968 RasPppoe - ok
23:31:01.0277 2968 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:31:01.0277 2968 RasSstp - ok
23:31:01.0327 2968 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:31:01.0337 2968 rdbss - ok
23:31:01.0377 2968 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
23:31:01.0377 2968 rdpbus - ok
23:31:01.0397 2968 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:01.0397 2968 RDPCDD - ok
23:31:01.0447 2968 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:31:01.0447 2968 RDPENCDD - ok
23:31:01.0467 2968 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:31:01.0467 2968 RDPREFMP - ok
23:31:01.0507 2968 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
23:31:01.0507 2968 RDPWD - ok
23:31:01.0547 2968 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:31:01.0557 2968 rdyboost - ok
23:31:01.0597 2968 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:31:01.0607 2968 RemoteAccess - ok
23:31:01.0657 2968 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:31:01.0657 2968 RemoteRegistry - ok
23:31:01.0707 2968 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:31:01.0707 2968 RpcEptMapper - ok
23:31:01.0747 2968 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:31:01.0747 2968 RpcLocator - ok
23:31:01.0807 2968 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
23:31:01.0817 2968 RpcSs - ok
23:31:01.0897 2968 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
23:31:01.0907 2968 RSPCIESTOR - ok
23:31:01.0967 2968 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:31:01.0967 2968 rspndr - ok
23:31:02.0037 2968 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:31:02.0057 2968 RTL8167 - ok
23:31:02.0097 2968 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:02.0097 2968 SamSs - ok
23:31:02.0127 2968 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:31:02.0127 2968 sbp2port - ok
23:31:02.0167 2968 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:31:02.0177 2968 SCardSvr - ok
23:31:02.0207 2968 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:31:02.0207 2968 scfilter - ok
23:31:02.0297 2968 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
23:31:02.0317 2968 Schedule - ok
23:31:02.0347 2968 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
23:31:02.0357 2968 SCPolicySvc - ok
23:31:02.0417 2968 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
23:31:02.0417 2968 sdbus - ok
23:31:02.0447 2968 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
23:31:02.0457 2968 SDRSVC - ok
23:31:02.0517 2968 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:31:02.0517 2968 secdrv - ok
23:31:02.0537 2968 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
23:31:02.0547 2968 seclogon - ok
23:31:02.0607 2968 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:31:02.0607 2968 SENS - ok
23:31:02.0667 2968 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:31:02.0677 2968 SensrSvc - ok
23:31:02.0717 2968 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
23:31:02.0727 2968 Serenum - ok
23:31:02.0747 2968 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
23:31:02.0757 2968 Serial - ok
23:31:02.0817 2968 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
23:31:02.0817 2968 sermouse - ok
23:31:02.0897 2968 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
23:31:02.0927 2968 SessionEnv - ok
23:31:02.0947 2968 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:31:02.0957 2968 sffdisk - ok
23:31:02.0967 2968 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:31:02.0977 2968 sffp_mmc - ok
23:31:03.0007 2968 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:31:03.0007 2968 sffp_sd - ok
23:31:03.0067 2968 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
23:31:03.0067 2968 sfloppy - ok
23:31:03.0207 2968 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
23:31:03.0217 2968 Sftfs - ok
23:31:03.0357 2968 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:31:03.0367 2968 sftlist - ok
23:31:03.0417 2968 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:31:03.0417 2968 Sftplay - ok
23:31:03.0447 2968 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:31:03.0447 2968 Sftredir - ok
23:31:03.0457 2968 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
23:31:03.0457 2968 Sftvol - ok
23:31:03.0487 2968 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:31:03.0487 2968 sftvsa - ok
23:31:03.0547 2968 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
23:31:03.0557 2968 ShellHWDetection - ok
23:31:03.0607 2968 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
23:31:03.0607 2968 SiSRaid2 - ok
23:31:03.0647 2968 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
23:31:03.0657 2968 SiSRaid4 - ok
23:31:03.0697 2968 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:31:03.0707 2968 Smb - ok
23:31:03.0747 2968 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:31:03.0747 2968 SNMPTRAP - ok
23:31:03.0767 2968 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:31:03.0767 2968 spldr - ok
23:31:03.0837 2968 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
23:31:03.0847 2968 Spooler - ok
23:31:04.0137 2968 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
23:31:04.0167 2968 sppsvc - ok
23:31:04.0297 2968 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:31:04.0307 2968 sppuinotify - ok
23:31:04.0407 2968 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:31:04.0437 2968 srv - ok
23:31:04.0487 2968 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:31:04.0497 2968 srv2 - ok
23:31:04.0577 2968 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
23:31:04.0597 2968 SrvHsfHDA - ok
23:31:04.0777 2968 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
23:31:04.0827 2968 SrvHsfV92 - ok
23:31:05.0017 2968 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
23:31:05.0037 2968 SrvHsfWinac - ok
23:31:05.0107 2968 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:31:05.0127 2968 srvnet - ok
23:31:05.0217 2968 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:31:05.0217 2968 SSDPSRV - ok
23:31:05.0247 2968 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:31:05.0257 2968 SstpSvc - ok
23:31:05.0377 2968 STacSV (86678c2f5081fea3517d78e92230b5ff) C:\Program Files\IDT\WDM\STacSV64.exe
23:31:05.0387 2968 STacSV - ok
23:31:05.0417 2968 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
23:31:05.0427 2968 stexstor - ok
23:31:05.0527 2968 STHDA (74387b34b43f94e380608888c56a5ccd) C:\Windows\system32\DRIVERS\stwrt64.sys
23:31:05.0537 2968 STHDA - ok
23:31:05.0647 2968 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
23:31:05.0657 2968 stisvc - ok
23:31:05.0727 2968 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:31:05.0737 2968 swenum - ok
23:31:05.0807 2968 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:31:05.0817 2968 swprv - ok
23:31:05.0987 2968 SynTP (33e6a285daa5134d8ea2247914c86c09) C:\Windows\system32\DRIVERS\SynTP.sys
23:31:05.0997 2968 SynTP - ok
23:31:06.0267 2968 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
23:31:06.0317 2968 SysMain - ok
23:31:06.0407 2968 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
23:31:06.0407 2968 TabletInputService - ok
23:31:06.0467 2968 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
23:31:06.0487 2968 TapiSrv - ok
23:31:06.0507 2968 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:31:06.0517 2968 TBS - ok
23:31:06.0807 2968 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
23:31:06.0827 2968 Tcpip - ok
23:31:07.0157 2968 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
23:31:07.0177 2968 TCPIP6 - ok
23:31:07.0277 2968 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:31:07.0277 2968 tcpipreg - ok
23:31:07.0307 2968 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:31:07.0307 2968 TDPIPE - ok
23:31:07.0337 2968 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
23:31:07.0337 2968 TDTCP - ok
23:31:07.0367 2968 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:31:07.0377 2968 tdx - ok
23:31:07.0437 2968 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:31:07.0437 2968 TermDD - ok
23:31:07.0547 2968 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
23:31:07.0567 2968 TermService - ok
23:31:07.0587 2968 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:31:07.0597 2968 Themes - ok
23:31:07.0637 2968 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:31:07.0637 2968 THREADORDER - ok
23:31:07.0667 2968 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:31:07.0667 2968 TrkWks - ok
23:31:07.0757 2968 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
23:31:07.0757 2968 TrustedInstaller - ok
23:31:07.0817 2968 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:07.0817 2968 tssecsrv - ok
23:31:07.0867 2968 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:31:07.0867 2968 TsUsbFlt - ok
23:31:07.0907 2968 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
23:31:07.0907 2968 TsUsbGD - ok
23:31:07.0967 2968 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:31:07.0997 2968 tunnel - ok
23:31:08.0027 2968 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
23:31:08.0027 2968 uagp35 - ok
23:31:08.0087 2968 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:31:08.0107 2968 udfs - ok
23:31:08.0157 2968 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:31:08.0157 2968 UI0Detect - ok
23:31:08.0227 2968 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:31:08.0237 2968 uliagpkx - ok
23:31:08.0287 2968 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
23:31:08.0287 2968 umbus - ok
23:31:08.0347 2968 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
23:31:08.0357 2968 UmPass - ok
23:31:08.0417 2968 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:31:08.0427 2968 upnphost - ok
23:31:08.0467 2968 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:08.0487 2968 usbccgp - ok
23:31:08.0537 2968 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:31:08.0547 2968 usbcir - ok
23:31:08.0577 2968 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
23:31:08.0577 2968 usbehci - ok
23:31:08.0657 2968 usbfilter (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
23:31:08.0657 2968 usbfilter - ok
23:31:08.0727 2968 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:31:08.0747 2968 usbhub - ok
23:31:08.0787 2968 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
23:31:08.0787 2968 usbohci - ok
23:31:08.0817 2968 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:31:08.0817 2968 usbprint - ok
23:31:08.0867 2968 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:31:08.0877 2968 usbscan - ok
23:31:08.0907 2968 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:08.0907 2968 USBSTOR - ok
23:31:08.0937 2968 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:31:08.0937 2968 usbuhci - ok
23:31:08.0977 2968 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
23:31:08.0987 2968 usbvideo - ok
23:31:09.0027 2968 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:31:09.0037 2968 UxSms - ok
23:31:09.0097 2968 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
23:31:09.0097 2968 VaultSvc - ok
23:31:09.0147 2968 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:31:09.0147 2968 vdrvroot - ok
23:31:09.0217 2968 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
23:31:09.0247 2968 vds - ok
23:31:09.0267 2968 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:09.0277 2968 vga - ok
23:31:09.0317 2968 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:31:09.0317 2968 VgaSave - ok
23:31:09.0377 2968 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:31:09.0387 2968 vhdmp - ok
23:31:09.0417 2968 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:31:09.0427 2968 viaide - ok
23:31:09.0457 2968 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:31:09.0457 2968 volmgr - ok
23:31:09.0517 2968 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:31:09.0517 2968 volmgrx - ok
23:31:09.0557 2968 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:31:09.0577 2968 volsnap - ok
23:31:09.0647 2968 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
23:31:09.0657 2968 vsmraid - ok
23:31:09.0857 2968 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
23:31:09.0867 2968 VSS - ok
23:31:10.0017 2968 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:31:10.0027 2968 vwifibus - ok
23:31:10.0047 2968 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:31:10.0047 2968 vwififlt - ok
23:31:10.0087 2968 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:31:10.0087 2968 vwifimp - ok
23:31:10.0167 2968 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:31:10.0177 2968 W32Time - ok
23:31:10.0217 2968 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
23:31:10.0217 2968 WacomPen - ok
23:31:10.0267 2968 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:31:10.0277 2968 WANARP - ok
23:31:10.0307 2968 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:31:10.0307 2968 Wanarpv6 - ok
23:31:10.0467 2968 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
23:31:10.0587 2968 WatAdminSvc - ok
23:31:10.0747 2968 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
23:31:10.0777 2968 wbengine - ok
23:31:10.0917 2968 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:31:10.0927 2968 WbioSrvc - ok
23:31:10.0977 2968 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
23:31:10.0997 2968 wcncsvc - ok
23:31:11.0017 2968 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:31:11.0027 2968 WcsPlugInService - ok
23:31:11.0077 2968 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
23:31:11.0077 2968 Wd - ok
23:31:11.0177 2968 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:31:11.0217 2968 Wdf01000 - ok
23:31:11.0247 2968 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:31:11.0257 2968 WdiServiceHost - ok
23:31:11.0267 2968 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:31:11.0267 2968 WdiSystemHost - ok
23:31:11.0317 2968 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
23:31:11.0327 2968 WebClient - ok
23:31:11.0367 2968 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:31:11.0387 2968 Wecsvc - ok
23:31:11.0407 2968 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:31:11.0407 2968 wercplsupport - ok
23:31:11.0467 2968 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:31:11.0467 2968 WerSvc - ok
23:31:11.0557 2968 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:31:11.0557 2968 WfpLwf - ok
23:31:11.0577 2968 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:31:11.0587 2968 WIMMount - ok
23:31:11.0597 2968 WinHttpAutoProxySvc - ok
23:31:11.0677 2968 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:31:11.0687 2968 Winmgmt - ok
23:31:11.0897 2968 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
23:31:11.0937 2968 WinRM - ok
23:31:12.0137 2968 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
23:31:12.0137 2968 WinUsb - ok
23:31:12.0217 2968 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:31:12.0227 2968 Wlansvc - ok
23:31:12.0297 2968 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:31:12.0307 2968 wlcrasvc - ok
23:31:12.0527 2968 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:31:12.0547 2968 wlidsvc - ok
23:31:12.0687 2968 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:31:12.0687 2968 WmiAcpi - ok
23:31:12.0757 2968 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:31:12.0767 2968 wmiApSrv - ok
23:31:12.0837 2968 WMPNetworkSvc - ok
23:31:12.0897 2968 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:31:12.0907 2968 WPCSvc - ok
23:31:12.0937 2968 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
23:31:12.0947 2968 WPDBusEnum - ok
23:31:12.0967 2968 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:31:12.0977 2968 ws2ifsl - ok
23:31:12.0977 2968 WSearch - ok
23:31:13.0007 2968 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:31:13.0007 2968 WudfPf - ok
23:31:13.0077 2968 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:13.0087 2968 WUDFRd - ok
23:31:13.0137 2968 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
23:31:13.0147 2968 wudfsvc - ok
23:31:13.0187 2968 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:31:13.0207 2968 WwanSvc - ok
23:31:13.0267 2968 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:31:13.0527 2968 \Device\Harddisk0\DR0 - ok
23:31:13.0537 2968 Boot (0x1200) (f72f96e4cf2cc4353a7b1cd88773701e) \Device\Harddisk0\DR0\Partition0
23:31:13.0537 2968 \Device\Harddisk0\DR0\Partition0 - ok
23:31:13.0567 2968 Boot (0x1200) (f0cde7aa4f560b2ba83ccce5fce5dd51) \Device\Harddisk0\DR0\Partition1
23:31:13.0567 2968 \Device\Harddisk0\DR0\Partition1 - ok
23:31:13.0607 2968 Boot (0x1200) (05a0cf1cd0b0189d43f5fbc5d40dcedf) \Device\Harddisk0\DR0\Partition2
23:31:13.0607 2968 \Device\Harddisk0\DR0\Partition2 - ok
23:31:13.0627 2968 Boot (0x1200) (3a62a04d3ffbc615a6fbf1a41126a686) \Device\Harddisk0\DR0\Partition3
23:31:13.0627 2968 \Device\Harddisk0\DR0\Partition3 - ok
23:31:13.0627 2968 ============================================================
23:31:13.0627 2968 Scan finished
23:31:13.0627 2968 ============================================================
23:31:13.0647 4344 Detected object count: 0
23:31:13.0647 4344 Actual detected object count: 0
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller:
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Taira [Admin rights]
Mode: Scan -- Date: 07/29/2012 00:00:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD50 00BPVT-60HXZT3 SATA Disk Device +++++
--- User ---
[MBR] 1a5a452ce8c826605c85a9e293650f28
[BSP] 99d9fa79edc458bda7849fa291b78f95 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459273 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 941000704 | Size: 17363 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 14925227e19e30363f7941045a46ee3e
[BSP] 99d9fa79edc458bda7849fa291b78f95 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 159793152 | Size: 400 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt





aswMBR:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 00:05:35
-----------------------------
00:05:35.727 OS Version: Windows x64 6.1.7601 Service Pack 1
00:05:35.727 Number of processors: 4 586 0x100
00:05:35.727 ComputerName: BABIILUV UserName: Taira
00:05:37.131 Initialize success
00:09:04.716 AVAST engine defs: 12072801
00:09:48.427 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000071
00:09:48.427 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
00:09:48.443 Disk 0 MBR read successfully
00:09:48.458 Disk 0 MBR scan
00:09:48.458 Disk 0 Windows 7 default MBR code
00:09:48.458 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:09:48.474 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459273 MB offset 409600
00:09:48.521 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17363 MB offset 941000704
00:09:48.536 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
00:09:48.583 Disk 0 scanning C:\Windows\system32\drivers
00:10:00.689 Service scanning
00:10:27.848 Modules scanning
00:10:27.864 Disk 0 trace - called modules:
00:10:27.895 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
00:10:27.911 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047c5060]
00:10:27.911 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004645b10]
00:10:27.911 5 hpdskflt.sys[fffff88001b9a189] -> nt!IofCallDriver -> [0xfffffa8004514040]
00:10:27.926 7 amd_xata.sys[fffff8800112ea1d] -> nt!IofCallDriver -> [0xfffffa8004513c40]
00:10:27.926 9 ACPI.sys[fffff88000f727a1] -> nt!IofCallDriver -> \Device\00000071[0xfffffa800450a570]
00:10:29.346 AVAST engine scan C:\Windows
00:10:32.404 AVAST engine scan C:\Windows\system32
00:13:01.789 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
00:15:37.150 AVAST engine scan C:\Windows\system32\drivers
00:15:52.641 AVAST engine scan C:\Users\Taira
00:19:06.908 AVAST engine scan C:\ProgramData
00:20:36.655 Scan finished successfully
00:22:08.305 Disk 0 MBR has been saved successfully to "C:\Users\Taira\Desktop\MBR.dat"
00:22:08.321 The log file has been saved successfully to "C:\Users\Taira\Desktop\aswMBR.txt"
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
FRST:
Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 11:02:13
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent)
HKLM\...\Run: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun [884584 2012-03-08] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKU\Taira\...\Policies\system: [DisableLockWorkstation] 0
HKU\Taira\...\Policies\system: [DisableChangePassword] 0
HKU\Taira\...\Policies\system: [LogonHoursAction] 2
HKU\Taira\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108392 2012-07-28] (SurfRight B.V.)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1071160 2011-02-15] (Hewlett-Packard Development Company L.P.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-04] (Alcatel-Lucent)
2 McciServiceHost; "C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe" [315392 2011-09-09] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-04-19] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]

========================== Drivers (Whitelisted) =============

3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
3 mfeavfk01; [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 07:48 - 2012-07-29 07:49 - 00000000 ____D C:\Users\Taira\AppData\Local\{76A23F35-4A30-4CE4-BAB9-0F157D10E262}
2012-07-29 07:48 - 2012-07-29 07:48 - 00000000 ____D C:\Users\Taira\AppData\Local\{48C5A5C5-A3AB-4F80-AF17-C6C6EE6ECABE}
2012-07-28 21:41 - 2012-07-28 21:42 - 00000000 ____D C:\Users\Taira\Desktop\TechSpot Virus Removal
2012-07-28 18:37 - 2012-07-28 18:37 - 00003736 ____A C:\Windows\System32\.crusader
2012-07-28 18:31 - 2012-07-28 18:47 - 00001897 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-07-28 18:31 - 2012-07-28 18:31 - 00000000 ____D C:\Program Files\HitmanPro
2012-07-28 18:30 - 2012-07-28 18:37 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-28 16:36 - 2012-07-28 16:36 - 00000000 ____A C:\Windows\SysWOW64\shoD23C.tmp
2012-07-28 16:13 - 2012-07-28 16:13 - 00000000 ____A C:\Windows\SysWOW64\sho48D2.tmp
2012-07-28 16:04 - 2012-07-28 16:05 - 00000000 ____D C:\Users\Taira\AppData\Local\{A4940A8E-2711-449A-8903-4941999B4E2B}
2012-07-28 16:04 - 2012-07-28 16:04 - 00000000 ____D C:\Users\Taira\AppData\Local\{D000321E-8BD3-40D3-9CF6-495EF0F2879B}
2012-07-28 15:58 - 2012-07-28 15:58 - 00000000 ____D C:\Windows\Sun
2012-07-28 14:47 - 2012-07-28 14:47 - 00000000 ____D C:\Users\Taira\AppData\Local\{15CC67DC-FB83-44C4-8AA9-6BCAF33B0EC1}
2012-07-28 09:45 - 2012-07-28 09:45 - 00000000 ____D C:\Users\Taira\AppData\Local\{4E4E0A16-F97A-4559-8E62-76AAD05E6B57}
2012-07-26 10:58 - 2012-07-26 10:58 - 00000000 ____D C:\Users\Taira\AppData\Local\{62C94753-DC54-4852-AB43-AA985887687B}
2012-07-25 10:56 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-25 10:55 - 2012-07-25 10:56 - 00264766 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-25 10:48 - 2012-07-25 10:48 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-25 10:42 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-25 10:42 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-25 10:42 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-25 10:42 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-25 10:42 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-25 10:42 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-25 10:42 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-25 10:42 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-25 10:42 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-25 10:42 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-25 10:42 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-25 10:42 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-25 10:42 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-25 10:42 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-25 10:42 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-25 10:42 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-25 10:42 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-25 10:41 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-25 10:41 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-25 10:41 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-25 10:41 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-25 10:41 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-25 10:41 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-25 10:41 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-25 10:41 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-25 10:41 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-25 10:41 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-25 10:41 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-25 10:35 - 2012-07-25 10:35 - 00000000 ____D C:\Users\Taira\AppData\Local\{65F2DE56-3D3B-49DA-8A45-1F8DBC4E95D7}
2012-07-25 10:33 - 2012-07-25 10:35 - 00000000 ____D C:\Users\Taira\AppData\Local\{53F2F0FF-11E8-4B5B-B1AF-DB3EB09CB4C9}
2012-07-24 14:08 - 2012-07-24 14:08 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-24 12:15 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-24 12:15 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-24 12:15 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-24 12:15 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-24 12:15 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-24 12:15 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-24 12:14 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-24 12:14 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-24 12:14 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-24 12:14 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-24 12:14 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-24 12:14 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-24 12:14 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-24 12:14 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-24 12:14 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-24 12:14 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-24 12:14 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-24 12:14 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-24 12:14 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-24 11:44 - 2012-07-24 11:44 - 00000000 ____D C:\Users\Taira\AppData\Local\{E23616D5-C32F-40DD-9B01-7BEAF8A1E477}
2012-07-24 11:44 - 2012-07-24 11:44 - 00000000 ____D C:\Users\Taira\AppData\Local\{3179DAE1-E77D-4AA6-B925-02417D08CE22}
2012-07-24 05:48 - 2012-07-24 05:48 - 00000000 ____D C:\Users\Taira\AppData\Local\{EF1AC17F-D0FA-49B7-84A3-F87ECF96DDEC}
2012-07-23 10:26 - 2012-07-23 10:26 - 00000000 ____D C:\Users\Taira\AppData\Local\{CB8C3BDD-E75B-4270-BE74-756FD8045950}
2012-07-23 10:25 - 2012-07-23 10:26 - 00000000 ____D C:\Users\Taira\AppData\Local\{1B929CFF-49C1-4BED-8581-2455777DBE58}
2012-07-22 10:34 - 2012-07-22 10:34 - 00000000 ____D C:\Users\Taira\AppData\Local\{C13F083B-3388-4110-BCF7-0185231DACFA}
2012-07-21 06:58 - 2012-07-22 10:34 - 00000000 ____D C:\Users\Taira\AppData\Local\{5C3CF144-28AB-4FB5-B7E1-0F8711B52F68}
2012-07-21 06:58 - 2012-07-21 06:59 - 00000000 ____D C:\Users\Taira\AppData\Local\{183172E4-375E-47DF-B6FC-AE863CBA4DDA}
2012-07-20 11:02 - 2012-07-20 11:02 - 00000000 ____D C:\Users\Taira\AppData\Local\{588B2AB4-EFF6-404B-8AE4-45F8A29C2898}
2012-07-19 10:44 - 2012-07-20 11:02 - 00000000 ____D C:\Users\Taira\AppData\Local\{51E92146-CD34-41EE-ACDB-BA5941515F0A}
2012-07-19 10:44 - 2012-07-19 10:44 - 00000000 ____D C:\Users\Taira\AppData\Local\{041599DF-2EE4-4076-BD14-0A7F0B49D38F}
2012-07-18 11:44 - 2012-07-18 11:44 - 00000000 ____D C:\Users\Taira\AppData\Local\{95236D71-D65B-4BB3-A13B-36FA0CEFB238}
2012-07-18 11:43 - 2012-07-18 11:44 - 00000000 ____D C:\Users\Taira\AppData\Local\{4C692467-FB30-4764-A2E1-2FCAAE8F8FFB}
2012-07-17 10:48 - 2012-07-17 10:49 - 00000000 ____D C:\Users\Taira\AppData\Local\{FC4D5D0C-78AD-4D14-9C26-D2FB61D76862}
2012-07-17 10:48 - 2012-07-17 10:48 - 00000000 ____D C:\Users\Taira\AppData\Local\{1B4D8F32-14B1-496E-A88C-153822C27CE1}
2012-07-15 14:32 - 2012-07-15 14:32 - 00000000 ____D C:\Users\Taira\AppData\Local\{F22FCA23-26A7-48A9-BFC1-142F05DAC788}
2012-07-15 14:31 - 2012-07-15 14:32 - 00000000 ____D C:\Users\Taira\AppData\Local\{820BEF59-16EF-490D-8B47-FE6864BB607A}
2012-07-13 11:36 - 2012-07-13 11:37 - 00000000 ____D C:\Users\Taira\AppData\Local\{84F7081A-73F8-4D0F-9B31-DE4A48E751E8}
2012-07-13 11:36 - 2012-07-13 11:36 - 00000000 ____D C:\Users\Taira\AppData\Local\{AFC38C3D-4CF4-401C-9877-AD1A1862BAA6}
2012-07-12 11:54 - 2012-07-12 11:54 - 00000000 ____D C:\Users\Taira\AppData\Local\{D91CC259-5E45-4483-A977-8D418634022C}
2012-07-12 11:54 - 2012-07-12 11:54 - 00000000 ____D C:\Users\Taira\AppData\Local\{3454F60B-5390-4B36-9543-19CC9B90AFBE}
2012-07-11 21:22 - 2012-07-11 21:22 - 00000000 ____D C:\Users\Taira\AppData\Local\{58414253-BA82-4AA6-AD1A-91001C22726E}
2012-07-11 21:21 - 2012-07-11 21:22 - 00000000 ____D C:\Users\Taira\AppData\Local\{7DC959C8-EE96-452E-8F53-081900C1F540}
2012-07-11 09:21 - 2012-07-11 09:21 - 00000000 ____D C:\Users\Taira\AppData\Local\{6427BFC6-8037-4D78-B083-A8E8EC270F54}
2012-07-11 09:21 - 2012-07-11 09:21 - 00000000 ____D C:\Users\Taira\AppData\Local\{25BCD5BC-6808-4499-872B-927F7233E705}
2012-07-10 20:55 - 2012-07-10 20:56 - 00000000 ____D C:\Users\Taira\AppData\Local\{6C8EBF9E-0BD2-417C-A0B3-D8F82C23A1D5}
2012-07-10 20:55 - 2012-07-10 20:55 - 00000000 ____D C:\Users\Taira\AppData\Local\{24CE51A7-BE7A-48E6-A13E-49B56D5A781E}
2012-07-09 19:11 - 2012-07-09 19:11 - 00000000 ____D C:\Users\Taira\AppData\Local\{D9FE6D65-70AA-4D35-9D40-FB73E56ADE93}
2012-07-09 07:11 - 2012-07-09 07:11 - 00000000 ____D C:\Users\Taira\AppData\Local\{3BA09435-60F0-49BE-B779-D5A598E6457E}
2012-07-09 07:10 - 2012-07-09 19:11 - 00000000 ____D C:\Users\Taira\AppData\Local\{DF4D4863-0C5D-4DB6-8FD2-9FF915E7D830}
2012-07-08 09:36 - 2012-07-08 09:36 - 00000000 ____D C:\Users\Taira\AppData\Local\{BA92F027-5D38-4A7A-9701-AD7C02A08FC0}
2012-07-08 09:35 - 2012-07-08 09:36 - 00000000 ____D C:\Users\Taira\AppData\Local\{C934DF11-FAC2-4037-BEEF-B3B44FB92192}
2012-07-08 00:47 - 2012-07-08 00:47 - 00000000 ____A C:\Windows\SysWOW64\sho9347.tmp
2012-07-07 22:47 - 2012-07-07 22:47 - 00002067 ____A C:\Users\Public\Desktop\Blio eBooks.lnk
2012-07-07 22:46 - 2012-07-07 22:46 - 00000000 ____D C:\Users\Public\Blio
2012-07-07 22:46 - 2012-07-07 22:46 - 00000000 ____D C:\Program Files (x86)\K-NFB Reading Technology Inc
2012-07-07 22:43 - 2012-07-07 22:43 - 00000000 ____D C:\Program Files\PlayReady
2012-07-07 22:42 - 2012-07-07 22:42 - 00000000 ____D C:\Users\Taira\AppData\Local\Downloaded Installations
2012-07-07 22:40 - 2012-07-07 22:48 - 00000000 ____D C:\Users\Taira\AppData\Local\Kjs.AppLife.Update
2012-07-07 20:36 - 2012-07-07 20:36 - 00000000 ____D C:\Users\Taira\AppData\Local\{398D0035-8FC7-4D3B-B71D-7D85FB59B416}
2012-07-07 20:36 - 2012-07-07 20:36 - 00000000 ____D C:\Users\Taira\AppData\Local\{00CFBFD9-4A2D-4F00-87F1-74EDD67FFD2F}
2012-07-07 08:31 - 2012-07-07 08:31 - 00000000 ____A C:\Windows\SysWOW64\shoC83C.tmp
2012-07-07 08:15 - 2012-07-07 08:15 - 00000000 ____D C:\Users\Taira\AppData\Local\{FE3C6527-EBB3-4E62-883A-0BD43A76BD13}
2012-07-06 20:04 - 2012-07-06 20:04 - 00000000 ____D C:\Users\Taira\AppData\Local\{E22D88B4-6610-488D-AE81-C9CB0D62DF39}
2012-07-06 20:03 - 2012-07-07 08:15 - 00000000 ____D C:\Users\Taira\AppData\Local\{F27A37E8-890E-4438-A67C-CDFAC0E5BA32}
2012-07-06 07:28 - 2012-07-06 07:28 - 00000000 ____D C:\Users\Taira\AppData\Local\{A0B922D7-95B6-4700-A8E7-3D704EFAF055}
2012-07-06 07:28 - 2012-07-06 07:28 - 00000000 ____D C:\Users\Taira\AppData\Local\{5160A866-CA8F-459C-9898-1493ACFB63BA}
2012-07-05 08:51 - 2012-07-05 08:51 - 00000000 ____D C:\Users\Taira\AppData\Local\{428BA977-2232-4995-ACC4-D463D9FB5C2D}
2012-07-05 08:50 - 2012-07-05 08:51 - 00000000 ____D C:\Users\Taira\AppData\Local\{E826FB15-35B3-4E3B-9F62-F4F37883D639}
2012-07-04 21:28 - 2012-07-04 21:28 - 00000000 ____A C:\Windows\SysWOW64\sho45BB.tmp
2012-07-04 20:50 - 2012-07-04 20:50 - 00000000 ____D C:\Users\Taira\AppData\Local\{DF1A1604-81F5-43AE-A092-2219462FB5FA}
2012-07-03 08:37 - 2012-07-03 08:37 - 00000000 ____D C:\Users\Taira\AppData\Local\{8CBB8B5F-5751-4921-B83B-00128D72EFDC}
2012-07-02 08:16 - 2012-07-04 20:50 - 00000000 ____D C:\Users\Taira\AppData\Local\{9BD77E3F-486C-498C-9582-84F150DB84FC}
2012-07-02 08:16 - 2012-07-02 08:17 - 00000000 ____D C:\Users\Taira\AppData\Local\{4DC8CE57-7F0B-43E4-BB6B-F4C2F7F32CE4}
2012-06-30 06:51 - 2012-06-30 06:51 - 00000000 ____D C:\Users\Taira\AppData\Local\{E9F1933B-4E57-49D3-B947-F46CDC26A54E}
2012-06-29 17:16 - 2012-06-30 06:51 - 00000000 ____D C:\Users\Taira\AppData\Local\{ACE271F0-E226-4C5A-8B4A-7A6ABE60CEE9}
2012-06-29 17:16 - 2012-06-29 17:16 - 00000000 ____D C:\Users\Taira\AppData\Local\{22418411-9CAB-442C-A7DB-D12350324F43}
2012-06-29 07:53 - 2012-07-07 22:31 - 00000000 ____D C:\Users\Taira\Desktop\To Print
2012-06-29 04:22 - 2012-06-29 04:23 - 00000000 ____D C:\Users\Taira\AppData\Local\{4D0DCB19-CB3A-4848-A9C8-6C526EDE261D}


============ 3 Months Modified Files ========================

2012-07-29 07:55 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:55 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 07:53 - 2012-02-03 16:54 - 00001828 ____A C:\Users\Public\Desktop\McAfee Security Center.lnk
2012-07-29 07:53 - 2009-07-13 21:13 - 00006212 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 07:46 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-29 07:46 - 2009-07-13 20:51 - 00067464 ____A C:\Windows\setupact.log
2012-07-28 21:17 - 2012-06-01 06:44 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-28 20:21 - 2010-11-20 19:47 - 00449666 ____A C:\Windows\PFRO.log
2012-07-28 18:47 - 2012-07-28 18:31 - 00001897 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-07-28 18:37 - 2012-07-28 18:37 - 00003736 ____A C:\Windows\System32\.crusader
2012-07-28 16:36 - 2012-07-28 16:36 - 00000000 ____A C:\Windows\SysWOW64\shoD23C.tmp
2012-07-28 16:13 - 2012-07-28 16:13 - 00000000 ____A C:\Windows\SysWOW64\sho48D2.tmp
2012-07-28 16:01 - 2011-10-22 04:29 - 01810200 ____A C:\Windows\WindowsUpdate.log
2012-07-28 14:45 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-28 11:19 - 2012-06-01 06:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-28 11:19 - 2012-02-03 17:26 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-28 10:29 - 2012-02-16 21:47 - 00002016 ____A C:\Users\Taira\Desktop\To-D0 (July 2012).txt
2012-07-25 15:02 - 2012-04-22 13:08 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForBABIILUV$.job
2012-07-25 11:00 - 2009-07-13 20:45 - 00342368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-25 10:56 - 2012-07-25 10:55 - 00264766 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-25 10:48 - 2012-07-25 10:48 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-25 10:43 - 2012-02-03 17:23 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-24 14:08 - 2012-07-24 14:08 - 00001073 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-08 00:47 - 2012-07-08 00:47 - 00000000 ____A C:\Windows\SysWOW64\sho9347.tmp
2012-07-07 22:47 - 2012-07-07 22:47 - 00002067 ____A C:\Users\Public\Desktop\Blio eBooks.lnk
2012-07-07 08:31 - 2012-07-07 08:31 - 00000000 ____A C:\Windows\SysWOW64\shoC83C.tmp
2012-07-04 21:28 - 2012-07-04 21:28 - 00000000 ____A C:\Windows\SysWOW64\sho45BB.tmp
2012-07-03 10:46 - 2012-06-11 21:03 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-30 12:18 - 2011-11-28 18:35 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForTaira.job
2012-06-28 17:36 - 2012-06-28 17:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-06-25 21:25 - 2012-06-25 21:25 - 00000000 ____A C:\Windows\SysWOW64\shoB0E9.tmp
2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-21 11:12 - 2012-06-21 11:12 - 00000000 ____A C:\Windows\SysWOW64\sho2437.tmp
2012-06-19 13:56 - 2012-06-19 13:56 - 00000000 ____A C:\Windows\SysWOW64\sho309.tmp
2012-06-11 19:08 - 2012-07-25 10:56 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 09:45 - 2011-11-28 18:35 - 00085704 ____A C:\Users\Taira\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-08 21:43 - 2012-07-24 12:14 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-24 12:14 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-24 12:15 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-24 12:15 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-24 12:14 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-24 12:15 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-24 12:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-24 12:14 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-23 16:39 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 16:39 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 16:39 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 16:39 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 16:39 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-23 16:39 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-23 16:39 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-23 16:39 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-23 16:39 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-25 10:41 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-25 10:41 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-25 10:41 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-25 10:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-25 10:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-25 10:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-25 10:41 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-25 10:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-25 10:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-25 10:41 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-25 10:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-25 10:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-25 10:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-25 10:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-25 10:41 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-25 10:41 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-25 10:41 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-25 10:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-25 10:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:25 - 2012-07-25 10:41 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:23 - 2012-07-25 10:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-25 10:41 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-25 10:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-25 10:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-25 10:41 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-25 10:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-25 10:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-25 10:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-24 12:14 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-24 12:14 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-24 12:14 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-24 12:14 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-24 12:14 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-24 12:14 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-24 12:14 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-24 12:14 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-24 12:14 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 13:00 - 2012-06-01 13:00 - 00000000 ____A C:\Windows\SysWOW64\sho6722.tmp
2012-05-29 20:41 - 2012-05-29 20:40 - 00253952 ____A (Flo) C:\Users\Taira\Downloads\Vista-ShutdownTimer.exe
2012-05-13 21:27 - 2012-05-13 21:27 - 00057560 ____A C:\Users\Amonte\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-13 21:25 - 2012-05-13 21:25 - 00000258 _RASH C:\Users\Amonte\ntuser.pol
2012-05-13 21:25 - 2012-05-13 21:25 - 00000020 __ASH C:\Users\Amonte\ntuser.ini
2012-05-04 03:06 - 2012-06-13 17:39 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 17:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 17:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe


ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3562.9 MB
Available physical RAM: 2865.63 MB
Total Pagefile: 3561.05 MB
Available Pagefile: 2856.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:448.51 GB) (Free:397.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:16.96 GB) (Free:1.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: (CLC) (Removable) (Total:0.47 GB) (Free:0.3 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 478 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 448 GB 200 MB
Partition 3 Primary 16 GB 448 GB
Partition 4 Primary 103 MB 465 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 448 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 16 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 478 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-21 09:33

======================= End Of Log ==========================




Search:
Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 11:06:13
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
 
Please do NOT format your posts by using bold font.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    306 bytes · Views: 1
Okay. I was able to run FRST64 and pasted the log below. However, I've run into a little problem when trying to disable antivirus. With the AT&T version of Mcafee I have running, I turned the real-time scanning, automatic updates, and firewall "off". I assumed that would be well enough to run Combofix. But when I started Combofix, a warning appeared telling me I have 2 antivirus & antispyware running: Mcafee & Avira (which I had thought I completely uninstalled yesterday). It says to disable these scanners before clicking 'ok', which I haven't done yet. How can I disable Mcafee and completely remove remnants of Avira?




Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 15:26:15 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\SysWOW64\shoD23C.tmp moved successfully.
C:\Windows\SysWOW64\sho48D2.tmp moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====
 
ComboFix 12-07-29.02 - Taira 07/29/2012 16:15:16.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2586 [GMT -5:00]
Running from: c:\users\Taira\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Taira\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E9AF907B-7F5E-4DF0-86F9-1C594C3F4563}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 21:29 . 2012-07-29 21:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 21:29 . 2012-07-29 21:29 -------- d-----w- c:\users\Amonte\AppData\Local\temp
2012-07-29 19:02 . 2012-07-29 19:02 -------- d-----w- C:\FRST
2012-07-29 02:31 . 2012-07-29 02:31 -------- d-----w- c:\program files\HitmanPro
2012-07-29 02:30 . 2012-07-29 02:37 -------- d-----w- c:\programdata\HitmanPro
2012-07-28 23:58 . 2012-07-28 23:58 -------- d-----w- c:\windows\Sun
2012-07-25 18:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-25 18:41 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-07-24 20:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-24 20:15 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-24 20:15 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-24 20:15 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-24 20:15 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-24 20:15 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-08 08:47 . 2012-07-08 08:47 0 ----a-w- c:\windows\SysWow64\sho9347.tmp
2012-07-08 06:46 . 2012-07-08 06:46 -------- d-----w- c:\users\Public\Blio
2012-07-08 06:46 . 2012-07-08 06:46 -------- d-----w- c:\program files (x86)\K-NFB Reading Technology Inc
2012-07-08 06:43 . 2012-07-08 06:43 -------- d-----w- c:\program files\PlayReady
2012-07-08 06:42 . 2012-07-08 06:42 -------- d-----w- c:\users\Taira\AppData\Local\Downloaded Installations
2012-07-08 06:40 . 2012-07-08 06:48 -------- d-----w- c:\users\Taira\AppData\Local\Kjs.AppLife.Update
2012-07-07 16:31 . 2012-07-07 16:31 0 ----a-w- c:\windows\SysWow64\shoC83C.tmp
2012-07-05 05:28 . 2012-07-05 05:28 0 ----a-w- c:\windows\SysWow64\sho45BB.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 19:19 . 2012-06-01 14:44 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 19:19 . 2012-02-04 01:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 18:43 . 2012-02-04 01:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 18:46 . 2012-06-12 05:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 05:25 . 2012-06-26 05:25 0 ----a-w- c:\windows\SysWow64\shoB0E9.tmp
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-06-21 19:12 . 2012-06-21 19:12 0 ----a-w- c:\windows\SysWow64\sho2437.tmp
2012-06-19 21:56 . 2012-06-19 21:56 0 ----a-w- c:\windows\SysWow64\sho309.tmp
2012-06-02 22:19 . 2012-06-24 00:39 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 00:39 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 00:39 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 00:39 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 00:39 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 00:39 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 00:39 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-24 00:39 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-24 00:39 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 21:00 . 2012-06-01 21:00 0 ----a-w- c:\windows\SysWow64\sho6722.tmp
2012-05-08 17:02 . 2012-06-08 15:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D518DBA4-043A-401F-8398-F9E68EDFF3E8}\mpengine.dll
2012-05-04 11:06 . 2012-06-14 01:39 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 01:39 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-02 336384]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-15 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-15 40064]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-16 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-02 365568]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-18 265544]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-14 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 McciServiceHost;McciServiceHost;c:\program files (x86)\Common Files\Motive\McciServiceHost.exe [2011-09-09 315392]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys [2011-03-18 87168]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-16 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys [2011-03-18 188544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-03-07 1353280]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 19:20]
.
2012-07-25 c:\windows\Tasks\HPCeeScheduleForBABIILUV$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-06-30 c:\windows\Tasks\HPCeeScheduleForTaira.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Taira\AppData\Roaming\Mozilla\Firefox\Profiles\tc846fhp.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Dell Photo AIO Printer 922 - c:\program files (x86) (x86)\Dell Photo AIO Printer 922\Install\x64\Uninst.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-07-29 17:02:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 22:02
.
Pre-Run: 426,375,700,480 bytes free
Post-Run: 426,271,211,520 bytes free
.
- - End Of File - - 05C6E1F27CC3CC5C019C31D774E78061
 
Looks good :)

Any current issues?

===============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Yes, seems to be running normal again :) Thank you so much!! What good antivirus would you recommend to make sure this doesn't happen again?


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Taira :: BABIILUV [administrator]

7/29/2012 5:58:58 PM
mbam-log-2012-07-29 (17-58-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214364
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



OTL logfile created on: 7/29/2012 6:37:17 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Taira\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 62.02% Memory free
6.96 Gb Paging File | 4.83 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.51 Gb Total Space | 396.77 Gb Free Space | 88.46% Space Free | Partition Type: NTFS
Drive D: | 16.96 Gb Total Space | 1.86 Gb Free Space | 10.95% Space Free | Partition Type: NTFS

Computer Name: BABIILUV | User Name: Taira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/29 18:36:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Taira\Desktop\OTL.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
PRC - [2011/08/24 18:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/01/27 14:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/11/09 17:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 17:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/29 17:10:10 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/09/15 19:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 19:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/02 01:06:22 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/03/11 05:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/28 14:20:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/25 00:00:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2011/08/24 18:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011/03/07 19:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 17:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2010/11/09 17:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/15 19:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 18:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/09 09:00:34 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2011/09/09 09:00:34 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2011/08/29 19:58:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/29 19:58:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 19:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 19:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/15 16:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 16:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/24 19:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/18 00:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/18 00:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/03/11 05:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/07 11:55:00 | 001,353,280 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/12/16 21:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 03:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/09 09:00:28 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/09/09 09:00:28 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2F3A1C9A-B38B-4B23-9E3D-A047B6C52C2E}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2F3A1C9A-B38B-4B23-9E3D-A047B6C52C2E}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{2F3A1C9A-B38B-4B23-9E3D-A047B6C52C2E}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-atty
IE - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/05 16:29:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/30 11:25:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/24 16:59:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/11 11:51:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/24 16:59:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/11 11:51:37 | 000,000,000 | ---D | M]

[2012/01/08 11:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taira\AppData\Roaming\Mozilla\Extensions
[2012/06/12 09:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taira\AppData\Roaming\Mozilla\Firefox\Profiles\tc846fhp.default\extensions
[2012/06/08 20:57:30 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Users\Taira\AppData\Roaming\Mozilla\Firefox\Profiles\tc846fhp.default\extensions\4fd2aa9f34015@4fd2aa9f3404e.info
[2012/02/22 20:31:56 | 000,001,976 | ---- | M] () -- C:\Users\Taira\AppData\Roaming\Mozilla\Firefox\Profiles\tc846fhp.default\searchplugins\duckduckgo.xml
[2012/03/10 12:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/22 19:16:04 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2012/06/30 11:25:24 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/02/05 16:29:29 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2012/05/16 01:49:03 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\TAIRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TC846FHP.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012/03/04 02:08:38 | 000,003,326 | ---- | M] () (No name found) -- C:\USERS\TAIRA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TC846FHP.DEFAULT\EXTENSIONS\LOJIRZUUKD@LOJIRZUUKD.ORG.XPI
[2012/06/25 00:00:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/25 00:00:39 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/25 00:00:39 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/29 16:31:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120630095920.dll (McAfee, Inc.)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630095920.dll (McAfee, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O15 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31B9B1F-2C1D-419C-B5A2-A59F786AF7BE}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/29 18:36:18 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Taira\Desktop\OTL.exe
[2012/07/29 17:07:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/29 17:03:24 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/29 16:13:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 16:13:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 16:13:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 15:46:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 15:45:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/29 15:30:37 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\Taira\Desktop\ComboFix.exe
[2012/07/29 14:02:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/29 10:48:49 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{76A23F35-4A30-4CE4-BAB9-0F157D10E262}
[2012/07/29 10:48:38 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{48C5A5C5-A3AB-4F80-AF17-C6C6EE6ECABE}
[2012/07/29 00:41:33 | 000,000,000 | ---D | C] -- C:\Users\Taira\Desktop\TechSpot Virus Removal
[2012/07/28 21:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/07/28 21:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/28 21:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/28 19:04:53 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{A4940A8E-2711-449A-8903-4941999B4E2B}
[2012/07/28 19:04:09 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{D000321E-8BD3-40D3-9CF6-495EF0F2879B}
[2012/07/28 18:58:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/28 17:47:20 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{15CC67DC-FB83-44C4-8AA9-6BCAF33B0EC1}
[2012/07/28 12:45:24 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{4E4E0A16-F97A-4559-8E62-76AAD05E6B57}
[2012/07/26 13:58:15 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{62C94753-DC54-4852-AB43-AA985887687B}
[2012/07/25 13:35:31 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{65F2DE56-3D3B-49DA-8A45-1F8DBC4E95D7}
[2012/07/25 13:33:32 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{53F2F0FF-11E8-4B5B-B1AF-DB3EB09CB4C9}
[2012/07/24 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{3179DAE1-E77D-4AA6-B925-02417D08CE22}
[2012/07/24 14:44:02 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{E23616D5-C32F-40DD-9B01-7BEAF8A1E477}
[2012/07/24 08:48:04 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{EF1AC17F-D0FA-49B7-84A3-F87ECF96DDEC}
[2012/07/23 13:26:18 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{CB8C3BDD-E75B-4270-BE74-756FD8045950}
[2012/07/23 13:25:44 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{1B929CFF-49C1-4BED-8581-2455777DBE58}
[2012/07/22 13:34:13 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{C13F083B-3388-4110-BCF7-0185231DACFA}
[2012/07/21 09:58:56 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{183172E4-375E-47DF-B6FC-AE863CBA4DDA}
[2012/07/21 09:58:18 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{5C3CF144-28AB-4FB5-B7E1-0F8711B52F68}
[2012/07/20 14:02:13 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{588B2AB4-EFF6-404B-8AE4-45F8A29C2898}
[2012/07/19 13:44:18 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{041599DF-2EE4-4076-BD14-0A7F0B49D38F}
[2012/07/19 13:44:05 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{51E92146-CD34-41EE-ACDB-BA5941515F0A}
[2012/07/18 14:44:27 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{95236D71-D65B-4BB3-A13B-36FA0CEFB238}
[2012/07/18 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{4C692467-FB30-4764-A2E1-2FCAAE8F8FFB}
[2012/07/17 13:48:55 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{FC4D5D0C-78AD-4D14-9C26-D2FB61D76862}
[2012/07/17 13:48:45 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{1B4D8F32-14B1-496E-A88C-153822C27CE1}
[2012/07/15 17:32:08 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{F22FCA23-26A7-48A9-BFC1-142F05DAC788}
[2012/07/15 17:31:57 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{820BEF59-16EF-490D-8B47-FE6864BB607A}
[2012/07/13 14:36:54 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{84F7081A-73F8-4D0F-9B31-DE4A48E751E8}
[2012/07/13 14:36:32 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{AFC38C3D-4CF4-401C-9877-AD1A1862BAA6}
[2012/07/12 14:54:28 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{D91CC259-5E45-4483-A977-8D418634022C}
[2012/07/12 14:54:15 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{3454F60B-5390-4B36-9543-19CC9B90AFBE}
[2012/07/12 00:22:01 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{58414253-BA82-4AA6-AD1A-91001C22726E}
[2012/07/12 00:21:48 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{7DC959C8-EE96-452E-8F53-081900C1F540}
[2012/07/11 12:21:13 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{6427BFC6-8037-4D78-B083-A8E8EC270F54}
[2012/07/11 12:21:00 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{25BCD5BC-6808-4499-872B-927F7233E705}
[2012/07/10 23:55:51 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{6C8EBF9E-0BD2-417C-A0B3-D8F82C23A1D5}
[2012/07/10 23:55:39 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{24CE51A7-BE7A-48E6-A13E-49B56D5A781E}
[2012/07/09 22:11:33 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{D9FE6D65-70AA-4D35-9D40-FB73E56ADE93}
[2012/07/09 10:11:01 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{3BA09435-60F0-49BE-B779-D5A598E6457E}
[2012/07/09 10:10:49 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{DF4D4863-0C5D-4DB6-8FD2-9FF915E7D830}
[2012/07/08 12:36:05 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{BA92F027-5D38-4A7A-9701-AD7C02A08FC0}
[2012/07/08 12:35:33 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{C934DF11-FAC2-4037-BEEF-B3B44FB92192}
[2012/07/08 01:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
[2012/07/08 01:47:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders and Document Viewers
[2012/07/08 01:46:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-NFB Reading Technology Inc
[2012/07/08 01:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2012/07/08 01:42:27 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\Downloaded Installations
[2012/07/08 01:40:21 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\Kjs.AppLife.Update
[2012/07/07 23:36:44 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{398D0035-8FC7-4D3B-B71D-7D85FB59B416}
[2012/07/07 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{00CFBFD9-4A2D-4F00-87F1-74EDD67FFD2F}
[2012/07/07 11:15:42 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{FE3C6527-EBB3-4E62-883A-0BD43A76BD13}
[2012/07/06 23:04:10 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{E22D88B4-6610-488D-AE81-C9CB0D62DF39}
[2012/07/06 23:03:58 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{F27A37E8-890E-4438-A67C-CDFAC0E5BA32}
[2012/07/06 10:28:22 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{5160A866-CA8F-459C-9898-1493ACFB63BA}
[2012/07/06 10:28:03 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{A0B922D7-95B6-4700-A8E7-3D704EFAF055}
[2012/07/05 11:51:02 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{428BA977-2232-4995-ACC4-D463D9FB5C2D}
[2012/07/05 11:50:51 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{E826FB15-35B3-4E3B-9F62-F4F37883D639}
[2012/07/04 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{DF1A1604-81F5-43AE-A092-2219462FB5FA}
[2012/07/03 11:37:30 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{8CBB8B5F-5751-4921-B83B-00128D72EFDC}
[2012/07/02 11:16:55 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{4DC8CE57-7F0B-43E4-BB6B-F4C2F7F32CE4}
[2012/07/02 11:16:38 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{9BD77E3F-486C-498C-9582-84F150DB84FC}
[2012/06/30 09:51:47 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{E9F1933B-4E57-49D3-B947-F46CDC26A54E}
[2012/06/29 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{22418411-9CAB-442C-A7DB-D12350324F43}
[2012/06/29 20:16:30 | 000,000,000 | ---D | C] -- C:\Users\Taira\AppData\Local\{ACE271F0-E226-4C5A-8B4A-7A6ABE60CEE9}
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/29 18:36:20 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Taira\Desktop\OTL.exe
[2012/07/29 18:35:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 18:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 17:14:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 17:14:40 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 17:13:50 | 002,973,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/29 17:13:50 | 000,992,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/29 17:13:50 | 000,006,212 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/29 17:10:12 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/07/29 17:06:37 | 2801,979,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 16:31:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/29 15:30:38 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\Taira\Desktop\ComboFix.exe
[2012/07/28 21:47:03 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/28 21:37:49 | 000,003,736 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/07/25 18:02:57 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBABIILUV$.job
[2012/07/25 14:00:37 | 000,342,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/25 13:48:14 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/07/24 17:08:28 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/08 01:47:28 | 000,002,067 | ---- | M] () -- C:\Users\Public\Desktop\Blio eBooks.lnk
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/30 15:18:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTaira.job
[13 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 16:13:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 16:13:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 16:13:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 16:13:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 16:13:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/28 21:37:49 | 000,003,736 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/07/28 21:31:45 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/25 13:48:14 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/07/24 17:08:28 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/08 01:47:28 | 000,002,067 | ---- | C] () -- C:\Users\Public\Desktop\Blio eBooks.lnk
[2012/02/19 21:36:58 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtinpa.dll
[2012/02/19 21:36:58 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtiesc.dll
[2012/02/19 21:36:58 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBThcp.dll
[2012/02/19 21:36:58 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBTinst.dll
[2012/02/19 21:36:58 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\dlbtjswr.dll
[2012/02/19 21:36:58 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dlbtinsr.dll
[2012/02/19 21:36:58 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dlbtcur.dll
[2012/02/19 21:36:57 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtpmui.dll
[2012/02/19 21:36:57 | 000,434,176 | ---- | C] () -- C:\Windows\SysWow64\dlbtutil.dll
[2012/02/19 21:36:57 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dlbtinsb.dll
[2012/02/19 21:36:57 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\dlbtins.dll
[2012/02/19 21:36:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtserv.dll
[2012/02/19 21:36:56 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtusb1.dll
[2012/02/19 21:36:56 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtprox.dll
[2012/02/19 21:36:56 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dlbtcub.dll
[2012/02/19 21:36:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\dlbtcu.dll
[2012/02/19 21:36:55 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbthbn3.dll
[2012/02/19 21:36:55 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtlmpm.dll
[2012/02/19 21:36:55 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtih.exe
[2012/02/19 21:36:55 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtppls.exe
[2012/02/19 21:36:55 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtpplc.dll
[2012/02/19 21:36:54 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtcomc.dll
[2012/02/19 21:36:54 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtcoms.exe
[2012/02/19 21:36:54 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtcomm.dll
[2012/02/19 21:36:54 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbtcfg.exe
[2012/02/19 21:36:53 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\DLBTcfg.dll
[2012/02/03 19:28:02 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a6a1f5d1-9b89-34a1-1fa5-e81abdda6d59}\@
[2012/02/03 19:28:02 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a6a1f5d1-9b89-34a1-1fa5-e81abdda6d59}\@
[2011/12/03 17:54:41 | 000,000,632 | RHS- | C] () -- C:\Users\Taira\ntuser.pol
[2011/10/22 07:46:51 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/22 07:43:39 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/10/22 07:39:51 | 000,006,344 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/22 07:27:51 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/08/29 20:40:04 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/03/21 21:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 18:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2010/12/16 21:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== LOP Check ==========

[2012/05/14 00:26:34 | 000,000,000 | ---D | M] -- C:\Users\Amonte\AppData\Roaming\Synaptics
[2011/11/29 23:09:16 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\Blio
[2012/03/04 02:08:38 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\Flood Light Games
[2011/12/13 21:26:16 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\funkitron
[2012/07/28 17:42:30 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\SoftGrid Client
[2011/11/28 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\Synaptics
[2011/12/06 13:13:33 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\Tific
[2012/01/08 11:28:14 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\TP
[2011/12/25 20:40:24 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\WildTangentv1002
[2012/05/06 22:27:56 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\Windows Live Writer
[2011/12/11 19:23:37 | 000,000,000 | ---D | M] -- C:\Users\Taira\AppData\Roaming\_MDLogs
[2012/07/28 17:45:10 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 7/29/2012 6:37:17 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Taira\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 62.02% Memory free
6.96 Gb Paging File | 4.83 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.51 Gb Total Space | 396.77 Gb Free Space | 88.46% Space Free | Partition Type: NTFS
Drive D: | 16.96 Gb Total Space | 1.86 Gb Free Space | 10.95% Space Free | Partition Type: NTFS

Computer Name: BABIILUV | User Name: Taira | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2656346458-3139568991-3301255850-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{239417BC-A6C4-4DD4-A403-CC7352995609}" = protocol=58 | dir=in | app=system |
"{38C887FF-58C3-4E96-BD01-C92D976CBE40}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{59B94A0A-A061-47F7-A7EF-5290027ADBF5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\motive\mcciservicehost.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FDFA2FB8-ADAB-4319-A9F8-BADB4F56F6D3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\motive\mcciservicehost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{26AF7BC7-DB35-B7C5-3169-29BC62835C48}" = AMD Fuel
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{71F13BA8-96D0-F281-6473-196A5842C6CF}" = ccc-utility64
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{942836D4-5395-652B-F1E8-A7C5B039910C}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CB1A2FE6-2BDF-DECC-C91B-4E5FFD59C5D6}" = WMV9/VC-1 Video Playback
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D1B9D71-7EB6-70DA-DB23-E14F59A14E1D}" = AMD VISION Engine Control Center
"{0DC33570-D9E6-9189-7143-612F34DC317B}" = CCC Help Danish
"{0F69006A-CD2F-4C12-A786-C659C8F98423}" = Catalyst Control Center - Branding
"{15822027-43D3-C69F-40EF-2AF83AA781AA}" = CCC Help English
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D04A14D-6C97-19C1-CA9D-FDDE5EAE1026}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B37E43D-10AB-9D24-7234-31929A3A7D11}" = CCC Help German
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33530062-0419-71CE-3BD3-13D7D5E4C7DE}" = CCC Help French
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{388A15E4-7507-CD40-4DBA-F78B4BBEB56E}" = CCC Help Japanese
"{448B78CF-4A52-191D-1436-54D039B382DB}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{521FA973-C4C9-249D-5CF6-0A6F7B18F7DC}" = CCC Help Greek
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5ED3BAF3-DA06-038D-F21E-AB35404626D4}" = CCC Help Dutch
"{60C44315-A107-D3F6-B868-52AC0481ED6B}" = CCC Help Finnish
"{6522241B-09FE-B16D-0E23-9485424507EB}" = CCC Help Korean
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A061262-C2B2-78E2-9BF8-32D3BDD68C43}" = Catalyst Control Center InstallProxy
"{6B075E9F-4D23-0883-F66C-C698E949CD90}" = Catalyst Control Center Graphics Previews Common
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{794A3AB9-DB12-1115-33B2-29C5DDD1DCD4}" = CCC Help Chinese Traditional
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{803E2C5C-E39B-BEBA-4046-6C0CF7695DA4}" = CCC Help Hungarian
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9325A80A-C2B4-141E-952E-30589770A79B}" = CCC Help Turkish
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EAAB95B-17B6-43CF-B4E9-4A90937C83FD}" = Blio
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7393DB5-6CAB-70A7-4A5E-C96AF518858A}" = Catalyst Control Center Localization All
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}" = AMD System Monitor
"{C3579810-5AC8-545D-089D-6735792490B5}" = CCC Help Thai
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C915103C-F9E5-8989-233C-367DCFB07652}" = CCC Help Italian
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE8EF688-BD0E-29E2-3472-E23CC6AB0C98}" = CCC Help Polish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D811186E-06BC-F7D3-E10B-4C7450F88611}" = CCC Help Swedish
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E45832B8-C3E6-C26B-A038-4599DCAC1F17}" = CCC Help Norwegian
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F023440E-6D03-1AB2-1414-27A62074556C}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F7A9EFFB-F905-FA4D-A431-06B1E0A5EE5A}" = CCC Help Czech
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{FD8966E8-8227-9180-51D2-F1C75D3222B8}" = CCC Help Russian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"EASEUS Data Recovery Wizard Free Edition 5.5.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.5.1
"EasyBits Magic Desktop" = Magic Desktop
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee SecurityCenter
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/19/2012 2:49:10 PM | Computer Name = BabiiLuv | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/19/2012 2:49:10 PM | Computer Name = BabiiLuv | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 7/21/2012 10:58:01 AM | Computer Name = BabiiLuv | Source = WinMgmt | ID = 10
Description =

Error - 7/21/2012 10:58:11 AM | Computer Name = BabiiLuv | Source = Application Error | ID = 1000
Description = Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting
process id: 0xb2c Faulting application start time: 0x01cd675132ca6aa0 Faulting application
path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Faulting module path:
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Report Id: 7d09f573-d344-11e1-a71b-101f741d8897

Error - 7/21/2012 11:04:42 AM | Computer Name = BabiiLuv | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/21/2012 11:04:42 AM | Computer Name = BabiiLuv | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 7/23/2012 2:25:24 PM | Computer Name = BabiiLuv | Source = Application Error | ID = 1000
Description = Faulting application name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Faulting module name: HPAuto.exe, version: 1.0.12935.3667, time
stamp: 0x4d5cc461 Exception code: 0xc0000005 Fault offset: 0x0000000000007be2 Faulting
process id: 0xb38 Faulting application start time: 0x01cd690077452ac1 Faulting application
path: C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Faulting module path:
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe Report Id: c4579c64-d4f3-11e1-b0aa-101f741d8897

Error - 7/23/2012 2:25:26 PM | Computer Name = BabiiLuv | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2012 2:31:41 PM | Computer Name = BabiiLuv | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 7/23/2012 2:31:41 PM | Computer Name = BabiiLuv | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ HP Connection Manager Events ]
Error - 5/1/2012 3:08:27 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/01 02:08:27.248|00000438|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/2/2012 1:17:45 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/02 00:17:45.100|00000EC4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/4/2012 3:13:11 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/04 02:13:11.175|00000FAC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/4/2012 3:13:15 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/04 02:13:15.581|00000FAC|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/6/2012 4:24:32 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/06 03:24:32.282|00000C68|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/6/2012 4:24:33 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/06 03:24:33.499|00000C68|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/6/2012 4:25:06 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/06 03:25:06.274|00000C68|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/6/2012 4:25:08 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/06 03:25:08.271|00000C68|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/6/2012 9:05:42 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/06 08:05:42.823|000000E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 5/6/2012 9:05:47 AM | Computer Name = BabiiLuv | Source = hpCMSrv | ID = 5
Description = 2012/05/06 08:05:47.466|000000E4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ Media Center Events ]
Error - 12/4/2011 12:21:59 AM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 10:21:59 PM - Error connecting to the internet. 10:21:59 PM - Unable
to contact server..

Error - 12/6/2011 8:55:46 PM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 6:55:46 PM - Error connecting to the internet. 6:55:46 PM - Unable
to contact server..

Error - 12/13/2011 10:26:15 PM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 8:26:15 PM - Error connecting to the internet. 8:26:15 PM - Unable
to contact server..

Error - 12/25/2011 5:15:09 AM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 3:15:08 AM - Error connecting to the internet. 3:15:08 AM - Unable
to contact server..

Error - 12/26/2011 5:30:29 PM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 3:30:29 PM - Error connecting to the internet. 3:30:29 PM - Unable
to contact server..

Error - 1/1/2012 8:06:17 PM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 3:52:30 PM - Error connecting to the internet. 6:06:16 PM - Unable
to contact server..

Error - 1/7/2012 7:47:14 PM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 5:47:14 PM - Error connecting to the internet. 5:47:14 PM - Unable
to contact server..

Error - 1/8/2012 11:38:40 AM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 9:38:39 AM - Error connecting to the internet. 9:38:39 AM - Unable
to contact server..

Error - 1/23/2012 4:18:12 PM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 2:18:12 PM - Error connecting to the internet. 2:18:12 PM - Unable
to contact server..

Error - 1/28/2012 11:28:59 AM | Computer Name = BabiiLuv | Source = MCUpdate | ID = 0
Description = 9:28:59 AM - Error connecting to the internet. 9:28:59 AM - Unable
to contact server..

[ System Events ]
Error - 5/2/2012 7:17:22 PM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NlaSvc service.

Error - 5/3/2012 1:25:17 PM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the IconMan_R service.

Error - 5/4/2012 9:01:52 PM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 5/5/2012 1:48:31 AM | Computer Name = BabiiLuv | Source = DCOM | ID = 10010
Description =

Error - 5/6/2012 4:25:21 AM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7043
Description = The McAfee McShield service did not shut down properly after receiving
a preshutdown control.

Error - 5/6/2012 4:28:40 AM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2

Error - 5/6/2012 9:05:47 AM | Computer Name = BabiiLuv | Source = DCOM | ID = 10005
Description =

Error - 5/6/2012 9:05:47 AM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7038
Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 5/6/2012 9:05:47 AM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error: %%1069

Error - 5/6/2012 4:26:17 PM | Computer Name = BabiiLuv | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2


< End of report >
 
There is no perfect security program.
It's always mostly about your computing habits.
I'll post some hints at the end of this topic.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O15 - HKU\S-1-5-21-2656346458-3139568991-3301255850-1001\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
    [2012/07/29 14:02:07 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/02/03 19:28:02 | 000,002,048 | -HS- | C] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a6a1f5d1-9b89-34a1-1fa5-e81abdda6d59}\@
    [2012/02/03 19:28:02 | 000,002,048 | -HS- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\{a6a1f5d1-9b89-34a1-1fa5-e81abdda6d59}\@
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{a6a1f5d1-9b89-34a1-1fa5-e81abdda6d59}
    C:\Windows\System32\config\systemprofile\AppData\Local\{a6a1f5d1-9b89-34a1-1fa5-e81abdda6d59}
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.
Back